Re: [DNSOP] nsec3-parameters opinions gathered
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 08 November 2021 18:09 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD5E83A0D2D for <dnsop@ietfa.amsl.com>; Mon, 8 Nov 2021 10:09:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T8DFIRc072d1 for <dnsop@ietfa.amsl.com>; Mon, 8 Nov 2021 10:09:53 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71C293A0D64 for <dnsop@ietf.org>; Mon, 8 Nov 2021 10:09:53 -0800 (PST)
Received: from smtpclient.apple (unknown [63.88.3.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id 8DCC4BD9C7 for <dnsop@ietf.org>; Mon, 8 Nov 2021 13:09:51 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <f3622705-423c-84b7-be54-d0491e7f5062@andreasschulze.de>
Date: Mon, 08 Nov 2021 13:09:49 -0500
Content-Transfer-Encoding: quoted-printable
Reply-To: dnsop@ietf.org
Message-Id: <50917406-6FAF-4851-995A-B686F53E27B4@dukhovni.org>
References: <ybl7ddnr16f.fsf@w7.hardakers.net> <206e17b4-a920-8e3e-586d-ecc29855fae3@nic.cz> <45a10ca4-93e1-3c9c-7434-83c387d5246e@NLnetLabs.nl> <E354E8D8-5584-4607-A98D-76869F5CC68B@ogud.com> <f3622705-423c-84b7-be54-d0491e7f5062@andreasschulze.de>
To: dnsop@ietf.org
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eP3pPi_Gv1c4AKZqWzpwkFJvOOM>
Subject: Re: [DNSOP] nsec3-parameters opinions gathered
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 18:10:00 -0000
> On 8 Nov 2021, at 12:55 pm, A. Schulze <sca@andreasschulze.de> wrote: > > sorry for maybe asking an already answered question, > but why is NSEC3 considered to have no benefit at all? My take is that NSEC3 provides little benefit beyond the initial (0th) iteration. > I'm still on "NSEC allow zone-walks while NSEC3 don't" > At least not without additional effort. But, of course that initial iteration provides only limited protection against zone walking, it deters *casual* attacks, by those who are not sufficiently motivated to expend CPU on dictionary attacks (that would likely recover a decent fraction of the names for most zones). There are a few possible paths forward: * Accept that sufficiently determined adversaries will mount a dictionary attack, but there won't be many of them. Make do with NSEC3 and zero iterations. * Accept that your zone data is not secret, publish vanilla NSEC records and let the zone walkers go at it. For some TLDs, spin up a public AXFR service, or make zone data available via HTTPS, call it "Open Data". * Use NSEC in combination with online signing (with ECDSA P256(13)), using minimal covering NSEC RRS. These *actually* preclude offline dictionary attacks at the cost of online signing of negative answers. If not leaking zone data is important enough, this is the actually secure way to get there. NSEC3 is neither fish nor fowl. Regardless of any practically realistic iteration count, it is still vulnerable to dictionary attacks. Its main tangible benefit (at some non-trivial security cost) is opt-out, which is increasingly a bad idea for most zones. Thus we find .COM and others using "NSEC3 1 1 0 -" (just opt-out). But most zones, if they use NSEC3 at all, should have "NSEC3 1 0 0 -", or just NSEC, possibly with minimal covering replies via online signing. -- Viktor.
- [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] nsec3-parameters opinions gathered Miek Gieben
- Re: [DNSOP] nsec3-parameters opinions gathered Vladimír Čunát
- Re: [DNSOP] nsec3-parameters opinions gathered Benno Overeinder
- Re: [DNSOP] nsec3-parameters opinions gathered Olafur Gudmundsson
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni
- Re: [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] nsec3-parameters opinions gathered Miek Gieben
- Re: [DNSOP] nsec3-parameters opinions gathered Matthijs Mekking
- Re: [DNSOP] nsec3-parameters opinions gathered Petr Špaček
- Re: [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] nsec3-parameters opinions gathered Wes Hardaker
- Re: [DNSOP] [Ext] nsec3-parameters opinions gathe… Paul Hoffman
- Re: [DNSOP] nsec3-parameters opinions gathered A. Schulze
- Re: [DNSOP] [Ext] nsec3-parameters opinions gathe… Paul Vixie
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni
- Re: [DNSOP] nsec3-parameters opinions gathered Paul Wouters
- Re: [DNSOP] nsec3-parameters opinions gathered Mark Andrews
- Re: [DNSOP] nsec3-parameters opinions gathered Petr Špaček
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni
- Re: [DNSOP] nsec3-parameters opinions gathered Petr Špaček
- Re: [DNSOP] nsec3-parameters opinions gathered Michael Bauland
- Re: [DNSOP] nsec3-parameters opinions gathered Viktor Dukhovni