IETF Logo Mail Archive

Re: [DNSOP] [secdir] Secdir review of draft-ietf-dnsop-rfc2845bis-06

Warren Kumari <warren@kumari.net> Tue, 21 January 2020 17:10 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53E76120178 for <dnsop@ietfa.amsl.com>; Tue, 21 Jan 2020 09:10:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lVWcxwCATrxZ for <dnsop@ietfa.amsl.com>; Tue, 21 Jan 2020 09:10:40 -0800 (PST)
Received: from mail-qv1-xf42.google.com (mail-qv1-xf42.google.com [IPv6:2607:f8b0:4864:20::f42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E87C120044 for <dnsop@ietf.org>; Tue, 21 Jan 2020 09:10:40 -0800 (PST)
Received: by mail-qv1-xf42.google.com with SMTP id y8so1793617qvk.6 for <dnsop@ietf.org>; Tue, 21 Jan 2020 09:10:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=09MkkzWDLu6JyRdH3/oDyGg+S4TRz+Zi63yn8enKUNI=; b=qqzCZITgRPuxKQaFal1V7AhyPHnET7fHEL3g3Ej1EcGooJPfqIQylIlPBgImpIqc6W vEnDCzC8U9VYy5U4hkS+dxgynKHsaQ1twUKr1O+gCVhCcVQ44vX8GhiAauej9Q5Iqj2+ fPdeFK/x3k/hBaGkNdCBJygVEKWAxukZpXUIH/Tge94l0k2WspRjp+rKa/N/M4Zq/5pu y9+iNOQvRw9GlrOxKJSh2S/tPfCMkBhbNSAtWBT+hyRC7l7NWMW8ECbEsqeRjKCKU8Gu IvnaTrY0xgslcM6Vb3K3kfd/mApAz2tgouD/ZStcaDcg61VdjpKGMq58G2EDoZ+a1yln B/xA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=09MkkzWDLu6JyRdH3/oDyGg+S4TRz+Zi63yn8enKUNI=; b=OG8/WPZyDRu4BGtlPthtsfcRuVwhsiTr255HFfIgYBvZL5O7eMcfzsA8v8pVROzuM/ uu7ZDz8oU6Czr8oZAI5GrwxyS92adWLUjucUF4eWWXghkvLtGfafzoZZbrpALm0g4RLF MXN+6cEzD2MzNTqIWp/RhOoqllDE+8qkY5ty3WVnvwZTeZESvRwg6krHMwZ3zAXozDxU vDjxXRgngM2c9+SSdvS0AwXKrG0n1taojC36NIT6p4FWmosXk7hSnrHBhK1ulw3Y3bg6 wLDawx7UUTnijV1w/Yh2n+vz61SqOZLvJpQ2RgNcaLv9ZoZ2qViUAfy+dd0VtaBL4D4B 2mxQ==
X-Gm-Message-State: APjAAAUzSncn6WlBxjiYPhJW3n/PHte29iEbcpdZHaQNyMFpA0Gvwzr6 1KSnDwiFAjgZ3DaQVKqg34gr167ZGoO4H50uMKPbWg==
X-Google-Smtp-Source: APXvYqx6QYhmSOzETFNWa3rXodo/r+wCe+GH4aWeMpX73a6jgGDj4C/+EILsikJ3KgT/UDNgPj2VGuYmIhKXuGFkaRc=
X-Received: by 2002:a05:6214:1633:: with SMTP id e19mr5916387qvw.104.1579626639315; Tue, 21 Jan 2020 09:10:39 -0800 (PST)
MIME-Version: 1.0
References: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com> <CADajj4bCTF5EeF6DZkCHpP0_GTnUYQtqa0OE3qf3Z5_AmKWfyA@mail.gmail.com> <CADajj4YxgdNXkWX7dLP0nBDWXLSKFa8M_KWWCPCgfCibYtWkAw@mail.gmail.com>
In-Reply-To: <CADajj4YxgdNXkWX7dLP0nBDWXLSKFa8M_KWWCPCgfCibYtWkAw@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 21 Jan 2020 12:10:03 -0500
Message-ID: <CAHw9_i+_T8ihVobQyPqeoOV-EJxS4eOza865ag_uLx_FM8Jgig@mail.gmail.com>
To: Magnus Nyström <magnusn@gmail.com>
Cc: draft-ietf-dnsop-rfc2845bis@ietf.org, dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/knj5XDd8ktyjh0G5Ru130VKfNYw>
Subject: Re: [DNSOP] [secdir] Secdir review of draft-ietf-dnsop-rfc2845bis-06
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 17:10:45 -0000

[ - secdir for clutter, +DNSOP  ]

Hello DNSOPers,

I'm looking for some advice / discussion...

Below is the security directorate review of
https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc2845bis/ (posted
to the secdir list) -- normally I'd just start IESG Eval and let the
security ADs review and comment there, but this seems (to me) like it
may deserve more discussion, so I'm posting this here, and will point
the security ADs at it (and ask if there is anyone else who should be
reviewing too).

This -bis was intended to be a relatively simple patch (see Section
10.1, 10.2), and providing stronger advice against using SHA-1 is a
(somewhat) larger change.

I don't think that it is realistic to deprecate SHA-1 in TSIG for the
foreseeable future, but stronger recommendations about moving to
SHA-256 might be in order.

There is already some text:
"The use of SHA-1 [FIPS180-4], [RFC3174], (which is a 160-bit hash as
   compared to the 128 bits for MD5), and additional hash algorithms in
   the SHA family [FIPS180-4], [RFC3874], [RFC6234] with 224, 256, 384,
   and 512 bits may be preferred in some cases.  This is because
   increasingly successful cryptanalytic attacks are being made on the
   shorter hashes."  -- perhaps all that would need to be done would
be to make that much stronger?
I'm sure this isn't a "the sky is falling", but Magnus does raise a
good point, and I think that this is a good hygine opportunity...

Thoughts?
W

On Mon, Jan 20, 2020 at 12:37 AM Magnus Nyström <magnusn@gmail.com> wrote:
>
> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.
>
> This document defines a mechanism to provide authenticity and integrity of DNS transactions such as update requests.
>
> My main comment about this document is that it recommends use, and mandates support, of HMAC-SHA1, even truncated HMAC-SHA1. In light of recent cryptanalysis results, e.g.,
> - https://eprint.iacr.org/2020/014.pdf
> -  https://www.mitls.org/downloads/transcript-collisions.pdf
> it seems to me that an update to RFC 2845 would be better off not to recommend (or even mandate) use of SHA-1 but rather stronger hash functions such as SHA-256.
> Likewise, the statement "longer [authentication values] are believed to be stronger" is potentially misleading as it is the strength of the algorithm, and not the length of its output, that ultimately determines its security.
>
> Thanks,
> -- Magnus
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email