[DNSOP] EDNS checksumming (was EDNS reply option to list unsupported options from query)
Shane Kerr <shane@time-travellers.org> Tue, 29 September 2015 12:03 UTC
Return-Path: <shane@time-travellers.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B54B71A87E1 for <dnsop@ietfa.amsl.com>; Tue, 29 Sep 2015 05:03:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NRrkNOOpdRlx for <dnsop@ietfa.amsl.com>; Tue, 29 Sep 2015 05:03:14 -0700 (PDT)
Received: from time-travellers.nl.eu.org (c.time-travellers.nl.eu.org [IPv6:2a02:2770::21a:4aff:fea3:eeaa]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DB001A87CB for <dnsop@ietf.org>; Tue, 29 Sep 2015 05:02:23 -0700 (PDT)
Received: from 143-245-128-083.dynamic.caiway.nl ([83.128.245.143] helo=casual) by time-travellers.nl.eu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <shane@time-travellers.org>) id 1Zgtbv-0007Lb-96; Tue, 29 Sep 2015 12:02:19 +0000
Date: Tue, 29 Sep 2015 12:02:19 +0000
From: Shane Kerr <shane@time-travellers.org>
To: Paul Vixie <paul@redbarn.org>
Message-ID: <20150929120219.297f8a66@casual>
In-Reply-To: <56097732.5050101@redbarn.org>
References: <20150928170341.GA23119@jurassic.l0.malgudi.org> <560974DC.8050605@redbarn.org> <20150928171452.GB23119@jurassic.l0.malgudi.org> <439F89B9-1CF0-4F12-A47C-6D11EB252766@vpnc.org> <56097732.5050101@redbarn.org>
X-Mailer: Claws Mail 3.12.0 (GTK+ 2.24.28; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/ihd1y0yPB3cBAEcj5RloE9F2aqw>
Cc: dnsop@ietf.org
Subject: [DNSOP] EDNS checksumming (was EDNS reply option to list unsupported options from query)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 12:03:26 -0000
Paul(s) & all,
tl;dr a checksum adds some small benefit for a moderate cost... worth
it?
On Mon, 28 Sep 2015 10:21:54 -0700
Paul Vixie <paul@redbarn.org> wrote:
> Paul Hoffman wrote:
> > Paul's "no" (which I agree with) shows what might be a fatal flaw in
> > draft-muks-dnsop-dns-message-checksums: an attacker just needs to send
> > fragments that look like they say "I don't understand the new EDNS0
> > option". Does that make sense?
>
> well, that was my reasoning for not including end to end checksumming in
> EDNS0 itself (as a fixed field.)
A resolver can remember which authority servers support the checksum,
providing a small measure of protection against downgrade attacks.
(This would have also been the case with a nonce in ENDS0, which
Michael Graff said that he pushed for but failed.) Certainly not
perfect, but also not completely worthless.
In the case of fragmentation for normal DNS queries, an attacker can
bypass having to guess the 16 bits of entropy in the query ID, because
the fragments do not carry this information. (There were presentations
on this a couple years ago, IIRC.)
If a checksum is added it will probably show up in the final fragment.
An attacker now needs to insure that the final fragment shows up before
the final fragment from the real authority server. This is not too
difficult, since the attacker is already preparing an attack that
depends on fragments arriving before the non-spoofed fragments....
unless the resolver has an indication that an authority server supports
checksumming.
All of this implies some moderate complexity for resolvers to handle
the logic properly. I'm guessing BIND 9 would implement it if
standardized, so maybe it is worth it?
Of course, the real answer is "use TCP". :)
Cheers,
--
Shane
- [DNSOP] EDNS reply option to list unsupported opt… Mukund Sivaraman
- Re: [DNSOP] EDNS reply option to list unsupported… Paul Vixie
- Re: [DNSOP] EDNS reply option to list unsupported… Mukund Sivaraman
- Re: [DNSOP] EDNS reply option to list unsupported… Paul Hoffman
- Re: [DNSOP] EDNS reply option to list unsupported… Paul Vixie
- Re: [DNSOP] EDNS reply option to list unsupported… Mukund Sivaraman
- [DNSOP] EDNS checksumming (was EDNS reply option … Shane Kerr
- Re: [DNSOP] EDNS checksumming (was EDNS reply opt… Mukund Sivaraman