IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt

Mukund Sivaraman <muks@isc.org> Mon, 28 September 2015 15:49 UTC

Return-Path: <muks@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D73B31ACD3F for <dnsop@ietfa.amsl.com>; Mon, 28 Sep 2015 08:49:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47es7kA6UkKN for <dnsop@ietfa.amsl.com>; Mon, 28 Sep 2015 08:49:00 -0700 (PDT)
Received: from mail.banu.com (mail.banu.com [46.4.129.225]) by ietfa.amsl.com (Postfix) with ESMTP id 567F31ACD3D for <dnsop@ietf.org>; Mon, 28 Sep 2015 08:49:00 -0700 (PDT)
Received: from jurassic.l0.malgudi.org (unknown [117.215.83.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id 220E32BA0B09; Mon, 28 Sep 2015 15:48:56 +0000 (GMT)
Date: Mon, 28 Sep 2015 21:18:52 +0530
From: Mukund Sivaraman <muks@isc.org>
To: Paul Wouters <paul@nohats.ca>
Message-ID: <20150928154852.GA19077@jurassic.l0.malgudi.org>
References: <20150926191009.28433.58915.idtracker@ietfa.amsl.com> <20150926191551.GA32562@jurassic.l0.malgudi.org> <6944DF48-2A47-4E75-801F-37BEA19A1CCD@vpnc.org> <20150927000309.GA17973@jurassic.l0.malgudi.org> <F53FA522-E92B-420B-9C12-6D64AC9DD5D4@vpnc.org> <20150927025914.GA31910@jurassic.l0.malgudi.org> <alpine.LFD.2.20.1509281034040.25357@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb"
Content-Disposition: inline
In-Reply-To: <alpine.LFD.2.20.1509281034040.25357@bofh.nohats.ca>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/Zv1QOOAGneYU7hyuqqKlZb4dh0o>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2015 15:49:02 -0000

Hi Paul

On Mon, Sep 28, 2015 at 10:39:04AM -0400, Paul Wouters wrote:
> On Sun, 27 Sep 2015, Mukund Sivaraman wrote:
> 
> >UDP has a header checksum that can notice message modification when in
> >use. Sometimes this may be 0 if the sender host did not generate a
> >checksum. This draft adds one in the application layer alongside a nonce
> >known to the client. Together they are meant to thwart any possibility
> >of different kinds of off-path cache-poisoning attacks.
> 
> There is other work happening that accomplishes the same. The DPRIVE
> work to add TLS and longlived TCP, the dns cookies, and of course
> DNSSEC itself. I don't really see the need to add another mechanism to
> help against non-DNSSEC spoofing attacks.

DNS cookies do not protect against IP fragmentation - they do not check
the message contents. These same things above can be said for DNS
cookies too. This draft intends to provide a method without the use of
additional roundtrips.

> >There are practical issues with TCP which are still currently prevelant:
> >
> >1. The 3 way handshake doubles the number of roundtrips necessary before
> >an answer is received.
> 
> But with clarifications like edns-tcp-keepalive, we are hoping that
> clients can keep TCP connections to resolvers open for much longer,
> so that TCP does not really have more overhead than UDP.

It is not the connection between a client to resolver, but the
connections between a resolver and authoritative servers that is a
bottleneck during iteration.

Keepalive doesn't help the initial connection establishment time. One
can make a similar argument that once the data is cached, it's a lot
faster.

I mention the case of initial iteration during lookup of any new
website, which is often the case with smaller local resolvers.

> This draft also does nothing for on-path attackers.

I have been considering this case ever since you mentioned it (in direct
email). It is difficult to achieve this without using some kind of
shared secret or public key method.

1. If any method used involves additional roundtrips for things like key
retrival, TCP is a better bet. It will likely become a better option
anyway one day.

2. If the zone is DNSSEC signed, then that is a better way to protect
against forgery rather than using DNS message signatures.

For unsigned zones, if it's possible to protect against forgery without
additional roundtrips with a light-weight signature, it would definitely
help and prevent on-path attackers. I have a scheme in mind for this,
and I'll come back with an update once it settles down, but this would
involve a chain-of-trust (where DNSSEC can be re-used where available).

For unsigned zones and vanilla serving, I think the checksum draft is
relevant as long as they exist.

		Mukund

v2.23.0 | Report a Bug | By Email