Re: [DNSOP] AD review of draft-ietf-dnsop-multi-provider-dnssec
Matthijs Mekking <matthijs@pletterpet.nl> Tue, 21 January 2020 16:41 UTC
Return-Path: <matthijs@pletterpet.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D33DE1201A3; Tue, 21 Jan 2020 08:41:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.595
X-Spam-Level:
X-Spam-Status: No, score=-2.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bcwe5J_OdHsP; Tue, 21 Jan 2020 08:41:52 -0800 (PST)
Received: from lb1-smtp-cloud9.xs4all.net (lb1-smtp-cloud9.xs4all.net [194.109.24.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4959F120044; Tue, 21 Jan 2020 08:41:52 -0800 (PST)
Received: from [IPv6:2001:980:4eb1:1:9c53:e3d5:f2c0:b51a] ([IPv6:2001:980:4eb1:1:9c53:e3d5:f2c0:b51a]) by smtp-cloud9.xs4all.net with ESMTPSA id twb4inNC6T6sRtwb5irYsO; Tue, 21 Jan 2020 17:41:48 +0100
To: Shumon Huque <shuque@gmail.com>
Cc: draft-ietf-dnsop-multi-provider-dnssec@ietf.org, "dnsop@ietf.org WG" <dnsop@ietf.org>
References: <CAHw9_iLFuSbdA2TFS4Qd2dAzDFJyJgfQGY1+T2c2JQZ3WTat_A@mail.gmail.com> <CAHPuVdUUeLx59B0SrzmFazd_rqUm1kU-ARG-LBEYa4jFQyaH3Q@mail.gmail.com> <3fb01cba-9558-531c-5764-9c34b111545b@pletterpet.nl> <CAHPuVdWNAJbGm=j96149Sb9gig1QuAyCXyVbsZY0BzhpP_DV3g@mail.gmail.com>
From: Matthijs Mekking <matthijs@pletterpet.nl>
Message-ID: <8af57aeb-66c5-fbb8-b62f-890a82c9d94e@pletterpet.nl>
Date: Tue, 21 Jan 2020 17:41:46 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2
MIME-Version: 1.0
In-Reply-To: <CAHPuVdWNAJbGm=j96149Sb9gig1QuAyCXyVbsZY0BzhpP_DV3g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfGP4JL9hoTWCsr1l/TT0o/o4eNIthkXwYFAgkEiiRLJzgWroBued0tloCLQrv/CJue4TRX4FTViVi0jwtWOaXnxDn1y6SXTQKtDCIrSA9z9vAs0Y/fzP lrJhfU7mz70oEgxsDBbUoBC9iDMTgvccYSJ1c5WWVkr81mYac63YPLaRmNnlNtaR2QO+1xznMXq+jfTJHRtKdAiq5pzZJ0eUvW/HRjwQXzdFDtAIX+UeA+FO gMtsIEGSoCLEPHm/JqBGmPsZ+dxu21nWtfSzmZrKdNaz4KSj3K+ctFJgJfgrbrVnqsniMPoCTtoaxdosJhSURd4ATNIYeMrsE0f+os5Tw84+jmgm0edi9JhW wWZDIoZO
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/lSthc3DvPvi2O1JSykGlB5pmwhE>
Subject: Re: [DNSOP] AD review of draft-ietf-dnsop-multi-provider-dnssec
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 16:41:58 -0000
Shumon, On 1/21/20 4:05 PM, Shumon Huque wrote: > Hi Matthijs, > > Sorry, I did miss your original note on this point. Now that I've seen > it, I'm copying back dnsop@ietf.org <mailto:dnsop@ietf.org> to see if > there are other comments on your proposal. > > When the Algorithm Considerations section was originally written, I > intentionally did not prohibit the use of multiple algorithms across > providers (even though we recommended against it) for a very > pragmatic reason: I was actually working with 2 DNS providers that > supported disjoint algorithms (one RSASHA256 and the other ECDSAP256), > and was seriously contemplating deploying such a multi-signer > configuration in production. It would be a bit strange to deploy a > configuration on the one hand, and at the same time write a document > that explicitly forbid that configuration. > > You mention that authoritative servers cannot simply ignore the rule > that they must sign all RRsets in the zone with every algorithm in the > DNSKEY RRset. However, in practice it is clearly being ignored. Neither > .SE or .BR double signed their zone data during their algorithm > rollovers and there are other cases. If so, then technically they were not conform the RFC, but but I am not sure how they executed the algorithm rollover precisely. Particularly, were there ever two DS records in the root zone with different algorithms for these zones? >From what I could find, both rollovers did actually sign with double algorithms though: See https://static.ptbl.co/static/attachments/179548/1529933472.pdf: Aug 20 .br Algorithm Rollover Begin (all times UTC)at 06:00 Zones double signed with old and new algorithm And on this blog https://www.sidnlabs.nl/en/news-and-blogs/keep-m-rolling-monitoring-ses-dnssec-algorithm-rollover it looks like .SE was following the RFC 6781 approach. Please correct me if I am reading this wrong. > As it turns out, the provider that only supported RSASHA256 exited the > managed DNS provider business, and the only vendors we are working with > currently all support our preferred algorithm (ECDSAP256) in common. > Hence, I am now open to updating the document to prohibit it. But will > such text cause aggravation for other potential deployers that may run > into a similar situation with other providers, and do we care? > > This also begs the question: should we (in another document) update RFC > 4035, Section 2 (last paragraph) to relax or eliminate the rule, if in > fact it is being ignored? > > Frankly, I've always been a bit perplexed by this text, since it has no > accompanying rationale. The only compelling rationale I see is downgrade > protection - to detect that someone hasn't stripped away the signatures > of a stronger algorithm and forced a validator to authenticate only the > weaker signatures. But that implies that validators have a documented > procedure to rank algorithms, which I haven't yet seen. Is a 3072-bit > RSASHA256 key stronger or weaker than an ECDSAP256SHA256 key for > example, or Ed25519 vs ECDSAP256SHA256? Yes, this is exactly the rationale, and it is a valid one. And this is how unbound works, see https://nlnetlabs.nl/documentation/unbound/info-algo/ for more information. Best regards, Matthijs > Shumon. > > On Tue, Jan 21, 2020 at 3:59 AM Matthijs Mekking <matthijs@pletterpet.nl > <mailto:matthijs@pletterpet.nl>> wrote: > > Hi Shumon, > > On 1/20/20 9:21 PM, Shumon Huque wrote: > > 4: The document uses one inceanse of RFC2119 language > (RECOMMENDED) - > > please either drop this, or add the 2119 / 8174 boilerplate. > > > > > > Ok, I'm inclined to lowercase it, since we don't use 2119/8174 > keywords > > anywhere else in this document. > > Did you see my mail related to this? If you are going with the lowercase > approach, please use the word "must" instead of "should". > > Best regards, > > Matthijs > > > -------- Forwarded Message -------- > Subject: Re: [DNSOP] Working Group Last Call for > draft-ietf-dnsop-multi-provider-dnssec > Date: Mon, 13 Jan 2020 09:57:50 +0100 > From: Matthijs Mekking <matthijs@pletterpet.nl > <mailto:matthijs@pletterpet.nl>> > To: dnsop@ietf.org <mailto:dnsop@ietf.org> > > Late to the party, I am sorry. > > I am positive about this document, and support publication. I do have > one comment on the document, requesting an update. > > In section 4 it is said it is RECOMMENDED that providers use a common > signing algorithm. I think this is too weak and it must be a MUST. > > The reason given for RECOMMENDED is that the "liberal approach" works. > The liberal approach says that authoritative zones MUST sign RRsets with > every algorithm in the DNSKEY RRset, but validating resolvers don't have > to enforce this requirement. However, that does not mean the > authoritative server can simply ignore this rule. > > Also, if two different providers are using different algorithms, that > means two DS records with different algorithms are distributed to the > parent. And now the algorithm is signaled in the parent and a validator > may execute the multiple algorithms protection check, expecting both > chain of trusts to work. > > In other words, please adapt section 4 to be more strict when it comes > to multiple algorithms. If you agree, I am happy to provide the > suggested text. > > Again my apologies for bringing this up so late. > > Best regards, > > Matthijs > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] AD review of draft-ietf-dnsop-multi-provi… Warren Kumari
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Warren Kumari
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Shumon Huque
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Warren Kumari
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Shumon Huque
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Shumon Huque
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Steve Crocker
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Frederico A C Neves
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Matthijs Mekking
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Tony Finch
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Matthijs Mekking
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Shumon Huque
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Shumon Huque
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Shumon Huque
- Re: [DNSOP] AD review of draft-ietf-dnsop-multi-p… Warren Kumari