Re: [DNSOP] SVCB/HTTPS weasel words are dangerous.
Vladimír Čunát <vladimir.cunat+ietf@nic.cz> Wed, 03 November 2021 13:55 UTC
Return-Path: <vladimir.cunat+ietf@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D8893A14AA for <dnsop@ietfa.amsl.com>; Wed, 3 Nov 2021 06:55:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.43
X-Spam-Level:
X-Spam-Status: No, score=-5.43 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-3.33, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrvW1oNxSqbK for <dnsop@ietfa.amsl.com>; Wed, 3 Nov 2021 06:54:55 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7C7D3A1593 for <dnsop@ietf.org>; Wed, 3 Nov 2021 06:54:38 -0700 (PDT)
Received: from [IPV6:2001:1488:fffe:6:ac96:4cfd:7b09:dd95] (unknown [IPv6:2001:1488:fffe:6:ac96:4cfd:7b09:dd95]) by mail.nic.cz (Postfix) with ESMTPSA id 9688F140879; Wed, 3 Nov 2021 14:54:35 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1635947675; bh=sSr4pgxuE3kxwAARRALy6fdPLzu49vysUw6UIdpJs0Y=; h=Date:To:From; b=wZmBccYEIXBdsVrQikl9k1IAa+QQq7+jrSJvbkO6apSYl24YHL7kEirY9D9EABs4X rWjTtX+8BOKD4bM+js+5rmSY6Pl6dyiiGTImajiVL2mZD/QKoDRzM+g1SF1w/S8Fmg wHU2r1LqRc4/Pniq0lkP1KSx8izrdhUi9the92Mo=
Message-ID: <3f7fba08-ba82-2ce2-d3ad-7c1afbedcc46@nic.cz>
Date: Wed, 03 Nov 2021 14:54:35 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0
Content-Language: en-US
To: dnsop@ietf.org
References: <01A04E40-DAA8-4C62-B7EE-AC4D80F3B3AC@isc.org> <CAHbrMsD49Ps6wm2oC0cbB-4-A3socaYrDGgP5VTWmY+vZyUuDQ@mail.gmail.com> <CAMOjQcFmASXs+faR-0AFF5Z69DCVgS_PrCoFcOWBFFR8bqsU4Q@mail.gmail.com> <ef2446f0-cb24-c175-0043-2aa2d4071402@nthpermutation.com>
From: Vladimír Čunát <vladimir.cunat+ietf@nic.cz>
Cc: Michael StJohns <msj@nthpermutation.com>
In-Reply-To: <ef2446f0-cb24-c175-0043-2aa2d4071402@nthpermutation.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.102.4 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/fDxLAUE_dCc741Otr66D4fuuL0A>
Subject: Re: [DNSOP] SVCB/HTTPS weasel words are dangerous.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Nov 2021 13:55:01 -0000
On 01/11/2021 18.29, Michael StJohns wrote: > > Section 2 - "their definition should specify..." - this is obviously a > must and is guidance to the IANA for interpreting registrations. E.g. > lack of this data has to result in a rejected registration request. > > Section 2.1 - "Key names should contain..." - drop the should as it > introduces ambiguity. The BNF is clear this is a MUST and is normative. > > Section 2.1 - "...formats for such keys SHOULD use a comma-separated > list". This is a semi-reasonable SHOULD, but begs the question of > what you do if you don't use a comma separated list and adds to the > later parser complexity if someone chooses something else in a later > definition. Guidance such as "Requests for registration of lists or > set SvcParamKeys that propose a different format must justify any > deviation and are subject to rejection." may be appropriate here. > > 2.4.1 - "all RRs SHOULD have the same mode" - this is satisfactory as > the next sentence describes what to do if this is not the case. > I agree with what you write about these occurrences. Generally I hope that it's not too late to make similar changes. > 2.4.1 - " ... SHOULD be given preference..." and "SHOULD apply a > random shuffle" are not satisfactory as they lead to ambiguity between > the publisher and the client. There appears to be no good reason not > to make both of theses MUST. > > 2.4.2 - "SHOULD only have a single...." and "SHOULD pick one at > random". The first is satisfactory as it's covered by guidance on the > following sentence. The second is not as it leads to ambiguity and > there appears to be no good reason not to make it a MUST. Among other > things, you really don't want someone to come along later and decide > that because 75% of the clients pick the first one, they can game the > system by manipulating the RRSet. > In these two points it should (heh) remain clear that there are situations where the clients won't exactly do this - e.g. if some protocol is not supported by the client or if it can assume that some of the RRs probably would not lead to success (based on recent connections attempts). In some later parts there is text for these fallbacks, so it probably will remain clear, though I think would be better to reflect it in the above formulations *if* they get strengthened to MUST. > 2.4.2 "TargetName SHOULD NOT..." - this is unsatisfactory as it > doesn't explain what a client should do if it receives such a beast. > This needs client guidance and the client MUST ignore such a record. > Also are there other pathological cases where you might end up with > loops indirectly? If so, guidance for the client on how to detect > such cases needs to be given. > > 2.4.2. "...records SHOULD NOT..." is satisfactory as it describes how > a client resolves receiving such records. > I think I agree with these two points, too. I don't have a strong opinion on the following comments about section 3. I don't feel qualified for such details around HTTPS and similar clients. On the other hand, I carefully re-read all resolver-related bits (mainly sections 4.x, 5.2, 13, 14), and there the requirements language seems good to me. Perhaps I'd like to note just this paragraph from 13. security considerations: > Clients MUST ensure that their DNS cache is partitioned for each local > network, or flushed on network changes, to prevent a local adversary > in one network from implanting a forged DNS record that allows them to > track users or hinder their connections after they leave that network. Does this imply that if a DNS *resolver* is running on a device capable of "switching networks" (e.g. laptop), it MUST ensure this DNS cache handling? I'm not aware of such standards-track RFC requirements so far, and it's reaching a bit further than just these new RR types. Note that the actual client (like web browser) most likely won't be able to control this (optional) layer of local DNS cache, though there are always options like attempting some DNS bypass (e.g. via DoH, most popularly). --Vladimir | knot-resolver.cz
- [DNSOP] SVCB/HTTPS weasel words are dangerous. Mark Andrews
- Re: [DNSOP] SVCB/HTTPS weasel words are dangerous. libor.peltan
- Re: [DNSOP] SVCB/HTTPS weasel words are dangerous. Mark Andrews
- Re: [DNSOP] SVCB/HTTPS weasel words are dangerous. Ben Schwartz
- Re: [DNSOP] SVCB/HTTPS weasel words are dangerous. Eric Orth
- Re: [DNSOP] SVCB/HTTPS weasel words are dangerous. Michael StJohns
- Re: [DNSOP] SVCB/HTTPS weasel words are dangerous. Michael StJohns
- Re: [DNSOP] SVCB/HTTPS weasel words are dangerous. Vladimír Čunát