IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt

Mukund Sivaraman <muks@isc.org> Tue, 29 September 2015 04:43 UTC

Return-Path: <muks@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CA201A004A for <dnsop@ietfa.amsl.com>; Mon, 28 Sep 2015 21:43:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.465
X-Spam-Level:
X-Spam-Status: No, score=-0.465 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SORBS_WEB=0.77, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X8Zxp5bKCEqQ for <dnsop@ietfa.amsl.com>; Mon, 28 Sep 2015 21:43:06 -0700 (PDT)
Received: from mail.banu.com (mail.banu.com [IPv6:2a01:4f8:140:644b::225]) by ietfa.amsl.com (Postfix) with ESMTP id E08481A0046 for <dnsop@ietf.org>; Mon, 28 Sep 2015 21:43:05 -0700 (PDT)
Received: from jurassic.l0.malgudi.org (unknown [115.118.74.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id 136552BA0A7E; Tue, 29 Sep 2015 04:43:02 +0000 (GMT)
Date: Tue, 29 Sep 2015 10:12:59 +0530
From: Mukund Sivaraman <muks@isc.org>
To: Robert Edmonds <edmonds@mycre.ws>
Message-ID: <20150929044259.GB4513@jurassic.l0.malgudi.org>
References: <20150926191009.28433.58915.idtracker@ietfa.amsl.com> <20150926191551.GA32562@jurassic.l0.malgudi.org> <20150928173028.GA2328@mycre.ws> <20150928173255.GA23429@jurassic.l0.malgudi.org> <20150928182004.GA3197@mycre.ws>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="24zk1gE8NUlDmwG9"
Content-Disposition: inline
In-Reply-To: <20150928182004.GA3197@mycre.ws>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/f-dtJnWml9SE1fJ92QPWsglq1sw>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 04:43:07 -0000

Hi Robert

On Mon, Sep 28, 2015 at 02:20:04PM -0400, Robert Edmonds wrote:
> Mukund Sivaraman wrote:
> > Hi Robert
> > 
> > On Mon, Sep 28, 2015 at 01:30:28PM -0400, Robert Edmonds wrote:
> > > 16 bits is an awful lot of space for the ALGORITHM field.  Compare to
> > > the DNSSEC algorithm number field, which is only 8 bits.
> > 
> > Do you suggest changing it to 8 bits too?
> 
> If you keep an algorithm field, yes, I suggest changing it to 8 bits.

OK. I'll make this change. :)

> It seems unlikely more than one or two algorithms would ever be
> implemented.  Is algorithm agility really needed, though, given that
> there are ~65000 unused EDNS0 option codes?

If I follow correctly, what you're suggesting is that if an algorithm
becomes weak, we jump to a new EDNS option which has a different EDNS
option code assigned. This seems like a bad idea to me, because as such
option codes get assigned, they will be spread out and the code in DNS
implementations which handle it will look dirty. It's better to keep it
all under one option code, even if it occupies 1 more byte.

> I am also curious why a cryptographic hash function (SHA-1) is needed
> for this.  Is a fast non-cryptographic checksum not suitable (e.g.,
> CRC-32C, which can be computed in hardware on x86 CPUs)?

SHA-1 was chosen without too much consideration for anything. Appendix A
was empty initially and SHA-1 was added as a placeholder to fill that
section. The list of algorithms is best decided by discussion here, and
SHA-1 can be removed if it is unsuitable.

On the topic, I'll add a penny: checksum algorithms (as we want them
here) have two extremes, one of which is to protect against accidental
modifications of data, and another which is to protect against
malicious/intentional modification of data. There are also others such
as hashing functions (uniform distribution in the mapped output range,
or something more specific). All these have different performance
characteristics.

CRCs serve towards the "accidental modifications" category, and SHA-1
towards the "intentional modification" one. We want something suitable
in the latter category, a cryptographic hash function, though the level
of security it provides need not be as high as that expected for a
long-lived signature.

		Mukund

v2.23.0 | Report a Bug | By Email