Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history - discussion
"W.C.A. Wijngaards" <wouter@NLnetLabs.nl> Fri, 17 September 2010 10:27 UTC
Return-Path: <wouter@nlnetlabs.nl>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 446623A6830 for <dnsop@core3.amsl.com>; Fri, 17 Sep 2010 03:27:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.439
X-Spam-Level:
X-Spam-Status: No, score=-2.439 tagged_above=-999 required=5 tests=[AWL=0.161, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K2Z68PMs6Ixf for <dnsop@core3.amsl.com>; Fri, 17 Sep 2010 03:27:55 -0700 (PDT)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by core3.amsl.com (Postfix) with ESMTP id 5500A3A6842 for <dnsop@ietf.org>; Fri, 17 Sep 2010 03:27:54 -0700 (PDT)
Received: from gary.nlnetlabs.nl (gary.nlnetlabs.nl [IPv6:2001:7b8:206:1:216:76ff:feb8:1853]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.4/8.14.3) with ESMTP id o8HASHkd031457 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for <dnsop@ietf.org>; Fri, 17 Sep 2010 12:28:17 +0200 (CEST) (envelope-from wouter@nlnetlabs.nl)
Message-ID: <4C9342C1.309@nlnetlabs.nl>
Date: Fri, 17 Sep 2010 12:28:17 +0200
From: "W.C.A. Wijngaards" <wouter@NLnetLabs.nl>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9) Gecko/20100907 Fedora/3.1.3-1.fc13 Lightning/1.0b3pre Thunderbird/3.1.3
MIME-Version: 1.0
To: dnsop@ietf.org
References: <569C36E4-4F05-41B2-B0B8-A4B8228F13C9@googlemail.com> <p06240843c8b86ff53ffe@[10.20.30.158]>
In-Reply-To: <p06240843c8b86ff53ffe@[10.20.30.158]>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]); Fri, 17 Sep 2010 12:28:17 +0200 (CEST)
Subject: Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history - discussion
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2010 10:27:57 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi dnsop, The sentiment over the last week is that retired keys should not be abused, and trust-history is then gone, with such opposition by WG. I do have to renew the root anchor when it changes. Let's look at the 'fetch from iana again' method in detail. Obviously I assume the machine is also performing 5011, but this has not been sufficient and thus a refetch has become necessary. But I do not like to make too many assumptions, so I am going to try to call out all of the (hidden) assumptions that 'fetch from a URL' means. So that you can choose explicitly the ones that are ok. * The URL that iana published in their description is: https://data.iana.org/root-anchors/root-anchors.xml * 'widely available trust certificates' to verify the https Are you sure that we want to create a cross-dependency on the https security for the DNS security? This means the DNS and cert paths are no longer different trust paths. And we should look at the attack vectors here. If the root-key-prime fails, it is likely the machine will initiate this update machinery right away. Assume a full MitM; say on a middlebox; it can make the root-key-prime fail and intercept traffic to that URL. If you know 5011 is on, you can have a 30-day delay. (described in more detail in that trust-history draft). But then someone faking NTP might subvert this mechanism if that makes the client reset its date. Also, there is no trustworthy DNS resolver while this https fetch is executed. Should I hardcode the IP address? (192.0.32.25?) An alternative is to resolve the (bogus) name and use that, but it means having a special-purpose https implementation that has the ability to call the resolver to lookup (bogus) names without DNSSEC validation while the root anchor is updated. (and that might also need to lookup certificate revocation lists and so on). The certificates, well we could use the current public key that IANA uses, and hardcode that in the resolver. It is currently signed until 8/29/2011. Or insert root certificates, or use the system-certificate-list (if such a thing exists). I notice the one used by IANA is valid until 2038. Is 28 years sufficient? What do I do when the root certificate(s) have expired? (or, when the local clock seems to indicate they have; that clock may be off). I could perform a blind leap of faith, and simply accept the new root key, or fetch the root key using a http session to a bogus IP-address. This would likely work and give users an experience. The file is in XML. It is described in http://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.txt I would like to fix its format, as XML string operations are (in my opinion) dangerous - especially for a file someone can force me to parse by triggering a validation failure for the root. It is also in UTF-8, that needs unicode conversion? I really have to have a full XML parser? I would assume the file uses the ascii set and no change in linebreaks from today. Also, if I make a special-purpose https. what version of http is assumed? I would assume plain GET, no http stuff, no sslv2. Does the user have to be informed? You can decide that automatic update is forbidden and users must be active. I would like automatic. The PGP key route is nice if you get it; it precludes automation. Is all this worth it, if compared with the trust-history proposal? Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyTQsEACgkQkDLqNwOhpPg+OACeM8Mq6nALqXUPqYbZiKIDwUmd LJgAnR3prLV6L48pRu1jEXtKdCz+vgSW =9JLX -----END PGP SIGNATURE-----
- [DNSOP] draft-ietf-dnsop-dnssec-trust-history - d… Stephen Morris
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… W.C.A. Wijngaards
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… Joe Abley
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… Tony Finch
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… Edward Lewis
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… Joe Abley
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… Paul Hoffman
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… W.C.A. Wijngaards
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… Jim Reid
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… Joe Abley
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… Paul Hoffman
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… W.C.A. Wijngaards
- Re: [DNSOP] draft-ietf-dnsop-dnssec-trust-history… Jakob Schlyter