Re: [DNSOP] Tsvart last call review of draft-ietf-dnsop-svcb-https-07
Ben Schwartz <bemasc@google.com> Wed, 18 August 2021 17:10 UTC
Return-Path: <bemasc@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94D693A09B5 for <dnsop@ietfa.amsl.com>; Wed, 18 Aug 2021 10:10:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.097
X-Spam-Level:
X-Spam-Status: No, score=-18.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YsbGQBuIVk8d for <dnsop@ietfa.amsl.com>; Wed, 18 Aug 2021 10:10:50 -0700 (PDT)
Received: from mail-yb1-xb2c.google.com (mail-yb1-xb2c.google.com [IPv6:2607:f8b0:4864:20::b2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DAB53A09AF for <dnsop@ietf.org>; Wed, 18 Aug 2021 10:10:49 -0700 (PDT)
Received: by mail-yb1-xb2c.google.com with SMTP id a126so6606212ybg.6 for <dnsop@ietf.org>; Wed, 18 Aug 2021 10:10:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3cSwY5VIEXzro2j1N6pGMT71DxhZhA6R1/PjQ/Gj/54=; b=FqX2wnYG7HuSzZxHis8AaO5H3nmor4RdS1ClAcStj+hVjxSD1zrjV+AbXjhE4dmAfO ICqB2k91Sf2zueSQfRWtsAJqpHbS/2CNUH88DMdnoMmvnWRxHCRvBwDHxcdtrPtIXW7B yHaOJVow6uevYlqzOc56oCSeO/RPKp/b9M6EEu2C3SuK5kRCF284Xur3jBo7pWQTl3Ud 379aBPStQ61xjbExsvxRrm5s6Jv3u/I4Z/G3xUJdIm26XpPb8QzpIV3rYntnBTcH/CsZ 5sNx9U5Q1eD912C37pXQAPq+GPsftu/CqUZbvyAiRCtuv9mNjC9d8o0elvq0WLx5gUO7 iXGQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3cSwY5VIEXzro2j1N6pGMT71DxhZhA6R1/PjQ/Gj/54=; b=NsC2DH3HKpCGobkL2zLNbti8FW2DleaY64t8K8us4GnYUORgsy/gwHLD9zRWHFicSj tFNgK5wR8MvcRjaTI70FHwW9K950n8F2FGP+ElZs5uMwKAKGMM409t8auftIrSDgBlza NQrzk3/XH1B5CGEhkaxcIeFQJOHZwHLip/+RT+j/LCWel7eZuALHdfDLbQ8JMcfNPYss V4QmI64cOhUrr65U1s/M+1+ALbCmInWb0rosXRgS8UipBYoV7t1+1B5rvj4Yn8tZisXn ARLJylRuIPEtoyHRVEeHpKwR48JM3bHpGB6fgqRmjq15t6uuoGcuCbeE5Zsnzscqx6ue QsiQ==
X-Gm-Message-State: AOAM5324LdtLjugn2Sd/lDYukBL/VKFewy9o/yIgK73twYuCNk0rf8qq wDcz82UplSHS9fN/upeXS+GvRen1jYFRiU4JCSxN5A==
X-Google-Smtp-Source: ABdhPJy6sCKSKcLsetE/WC9xi5rhMApt5uFWftKOebmBDjeZxLiBExO6vDeghIYFRxVYXzYrbIvhI1OTj5hjNymjGnM=
X-Received: by 2002:a25:e04a:: with SMTP id x71mr11403198ybg.424.1629306648045; Wed, 18 Aug 2021 10:10:48 -0700 (PDT)
MIME-Version: 1.0
References: <162921779702.18445.660490418458073666@ietfa.amsl.com>
In-Reply-To: <162921779702.18445.660490418458073666@ietfa.amsl.com>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 18 Aug 2021 13:10:36 -0400
Message-ID: <CAHbrMsBG49hg4FDkZLGwZk+SKhMpBa9zgJs2L_Scc6wSd2v=1Q@mail.gmail.com>
To: Kyle Rose <krose@krose.org>
Cc: tsv-art@ietf.org, dnsop <dnsop@ietf.org>, draft-ietf-dnsop-svcb-https.all@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000004a4bd05c9d884ad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/aiWKjhHFYaOZytvutq8F2eCumlw>
Subject: Re: [DNSOP] Tsvart last call review of draft-ietf-dnsop-svcb-https-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Aug 2021 17:10:57 -0000
-last-call Thanks for the review, Kyle. I've opened a PR to track proposed changes based on your comments: https://github.com/MikeBishop/dns-alt-svc/pull/336 On Tue, Aug 17, 2021 at 12:29 PM Kyle Rose via Datatracker <noreply@ietf.org> wrote: > Reviewer: Kyle Rose > Review result: Ready with Issues > > This document has been reviewed as part of the transport area review team's > ongoing effort to review key IETF documents. These comments were written > primarily for the transport area directors, but are copied to the > document's > authors and WG to allow them to address any issues raised and also to the > IETF > discussion list for information. > > When done at the time of IETF Last Call, the authors should consider this > review as part of the last-call comments they receive. Please always CC > tsv-art@ietf.org if you reply to or forward this review. > > This document is Ready with some minor issues and nits. > > Issues: > > * 3: Is there a downgrade attack vector resulting from the implicit > fallback > to the alternative endpoint? I wonder if a better approach is to have > SVCB-aware clients fail when the SVCB chain is incomplete, with > SVCB-unaware > clients ignoring all such records and implementing legacy rendezvous. The > question I'd use to justify this change is: is there any particular reason > (supporting partial implementation, incremental/partial activation, etc.) > to > support such fallback? If not, then it seems like it introduces > complexity and > attack surface for no good reason. > I assume you're referring to the case of an AliasMode record whose TargetName does not have a SVCB record. draft-07 explains this scenario as follows: SVCB-optional clients SHALL append an alternative endpoint consisting of the final value of $QNAME, the authority endpoint's port number, and no SvcParams, to the list of alternative endpoints, which is attempted before falling back to non-SVCB connection modes. This ensures that SVCB-optional clients will make use of an AliasMode record whose TargetName has A and/or AAAA records but no SVCB records. This is valuable in the HTTPS context, where it allows a CDN customer to alias their apex domain to an unmodified CDN. I do not believe this behavior introduces any additional security issues, as a SVCB-optional client can always be induced to fall back to a standard origin connection by denying it access to the SVCB records or interfering with connections to the alternative endpoints. * 3.1: The downgrade issue (obviously) isn't limited to clients with > cryptographically-protected connections to resolvers. The issue is more > that > such connections are reliable and integrity-protected, so if they fail > it's > the result of either misconfiguration or an attack. Traditional UDP-based > DNS > will frequently and naturally encounter transport failures, notably > dropped > packets, and of course active attackers can manipulate cleartext TCP at > will. > That said, DNSSEC validation failures should result in connection > abandonment > irrespective of the type of client<->resolver communication. It may be > that > this section should have two subsections, one for transport related > failures > that apply only to secure connections, and one for other classes of > failures > that are protocol-independent. > I've attempted to reformulate this section a bit to emphasize that we are talking about additional restrictions that apply only when "cryptographic protection" is in place. * 5.1: The prescribed behavior does not prevent all classes of downgrade > attacks, particularly those that might result from delaying SVCB > responses to > force fallback to a less secure application-layer protocol, and seems to > directly contradict the recommendation in section 3.1. This may be a > practical > necessity to keep the internet working, albeit in a degraded state, in the > presence of anomalous (but to-be-expected) network behavior, and if so > this > should be explicitly noted under Security Considerations. > I'm not sure what you're referring to here, but it seems like the problem might be that we have an unstated assumption that SVCB does not attempt to protect clients from cross-transport downgrade attacks (e.g. QUIC to TLS/TCP). I've proposed some text to make that assumption explicit. Nits: > > * 2.1: What's here might be idiomatic for DNS RFCs, but it seems like > "Unrecognized keys" is insufficiently precise. The problem is an > implementation that does not have a registered key number -> presentation > name > mapping for a particular number. Maybe something like "Key numbers in the > wire > format that are unrecognized by a particular implementation..." But this > might > be way too pedantic. > I've adjusted the phrasing here to talk about "arbitrary keys", since there is in fact no requirement that they key be unrecognized. > * C.1: "SVCB records use 16 bit for SvcPriority for consistency with SRV > and > other RR types that also use 16 bit priorities" does not describe a > "Difference from the SRV RR type". > True. Removed.
- [DNSOP] Tsvart last call review of draft-ietf-dns… Kyle Rose via Datatracker
- Re: [DNSOP] Tsvart last call review of draft-ietf… Ben Schwartz