IETF Logo Mail Archive

Re: [DNSOP] Second Working Group Last Call for: Message Digest for DNS Zones

Tim Wicinski <tjw.ietf@gmail.com> Fri, 22 May 2020 22:10 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CE9F3A0C46 for <dnsop@ietfa.amsl.com>; Fri, 22 May 2020 15:10:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8KLB1rjTCAyW for <dnsop@ietfa.amsl.com>; Fri, 22 May 2020 15:10:30 -0700 (PDT)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2E3D3A0DBB for <dnsop@ietf.org>; Fri, 22 May 2020 15:10:29 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id h7so9423555otr.3 for <dnsop@ietf.org>; Fri, 22 May 2020 15:10:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vy0xbkdBLaSZX1JQOgdKxj5vE2IAM2/IPf8Azcx0eww=; b=HRCFjKHgCzn2o4FIa4AWVuD0jLPr3bRNSrqX0kkK+6TyAunBDiic/xon7XyG/icgm4 q5gkfd2VvXrTrujw/b8XYrGtXPxP+6wRmJmGy4TzesUeMiVCLrqFJh9XEv8T5Sv0N9f+ ilAnT+HOveRft9d8J6W+VOkrzvph5y6jytUIVL1GDYVXZqPoCuA6Oiy6LxoHWG+q5a2c op8sBrF/ZDdZhZ/8CI92jcSeNyfaRgmA0rH/uBCsRiA1SShlheKhySY40+URbBZyO4CA a/gvH9lamJAS9tVE7uhdP2iGNpozY/YndVcid8nTCWRPjH4A7rnhrbwDn29mlxKVc8CX e/tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vy0xbkdBLaSZX1JQOgdKxj5vE2IAM2/IPf8Azcx0eww=; b=MX4jIyKiclO2jD1BmCQ8RB7q8gLYFPirWcCpqihZh/eK4L4ywDbVde69nrFu5eMkUs 7HM2XrG9bLtqyBWO5PTLDeKkgXXdY8Df4Ct7hrMbLrqoU2U+aAKpTtLHCMP0h4tsGxZQ lzcewb5N4gmPoFQwoYc2u17c0l87/6FIvqqLr0HCkYKA94lpJ0NoTcHH0s9yFHYTIrIA dQE8snqBPjcmzFwksltzzMsVy0v6rehPEyIwmq2h0l0W28Jn1qUl+pb1FI7P8nkpIY6P dNmzrl7rirRHno7KXMY6T5FTuTZzToDmpctV99ze0Ny47sMdZNiZYLBjute87L+i9N1f pJWA==
X-Gm-Message-State: AOAM532lwhz6U/Eo3f0ywr3hrLbi5ugADFgcGe9fNSLWpF+UeJWXgJS0 groIKTEH8ziRal2nmZ2tlX7/KpSrx4sHtcXPyWE=
X-Google-Smtp-Source: ABdhPJyWY078jb0KvOh8Ayw20ukyt4tVD1dYoTh0UGY7ryJfegkQml5vxFi0R5WruQ8/vOCzIusvqNpK1DDhsgAvvng=
X-Received: by 2002:a05:6830:3109:: with SMTP id b9mr9270146ots.41.1590185429330; Fri, 22 May 2020 15:10:29 -0700 (PDT)
MIME-Version: 1.0
References: <CADyWQ+GDfbaAKz9iAWVH=TP=2A3hr9iGhTarayAEjgF5TrnvXQ@mail.gmail.com> <CAKW6Ri6YbMKquv7sMqK5D4OH7Z=h-zuvmUXqfUG2NpJdu91ooA@mail.gmail.com> <EA3EFDEF-ED88-4918-A49E-4832CBFA9C5E@isc.org> <CAKW6Ri4nVn78LfL_tL8G956gM23JWBJ7HJ3A5L4nqntmyAQRjw@mail.gmail.com> <93E835F5-5421-4343-9D2B-A88937675E0A@verisign.com> <6aeded6f-e0eb-063b-a3f1-f33402b21c3a@nthpermutation.com> <8387bcfe-6386-77ba-9db7-1326645ec8d4@nthpermutation.com>
In-Reply-To: <8387bcfe-6386-77ba-9db7-1326645ec8d4@nthpermutation.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Fri, 22 May 2020 18:10:18 -0400
Message-ID: <CADyWQ+EopePdAWqkg-fFzd-5QR9vXhTmfnzR+nfSYjNm8eKiZw@mail.gmail.com>
To: Michael StJohns <msj@nthpermutation.com>
Cc: "Wessels, Duane" <dwessels@verisign.com>, Dick Franks <rwfranks@gmail.com>, Mark Andrews <marka@isc.org>, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a46cfd05a643e5e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ofLxxzF-1OQP2qTVfsabcYEMweo>
Subject: Re: [DNSOP] Second Working Group Last Call for: Message Digest for DNS Zones
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2020 22:10:34 -0000

Michael

Thanks for reviewing the -06 changes and thanks for dropping your
objections.
I will work with the authors on cleaning up the text.

As for your comments on Standards Track, as a chair and not a chair, I have
moved back toward not making this Standards Track, but Informational.
I will need to talk with the other chairs on this more.

tim




On Fri, May 22, 2020 at 3:30 PM Michael StJohns <msj@nthpermutation.com>
wrote:

> Hi -
>
> With the change to remove ZONEMD from the calculation (apparently in -06),
> I no longer have any objections related to future proofing.
>
> But, with the change, the text needs some additional clean up.
>
> Instead of the current section 3 - use something like this:
>
> >>
> 3. Updating the Zone for ZONEMD RRs
>
> 3.1 "Step 1 - remove any existing apex ZONEMD RR from the zone"
>
> 3.2 "Step 2 - for each scheme, form a canonical representation of the zone
> according to the scheme.  The canonical representation for the SIMPLE
> scheme is listed in <> below."
>
> 3.3S "Step 3 (SIMPLE):  For each digest type in the SIMPLE scheme,
> calculate the digest over the canonical representation and form the
> appropriate ZONEMD RR for later inclusion" [Note: Other Schemes may have
> other processing at this point]
> 3.3O "Step 3(Other): For any other scheme/digest pair form the appropriate
> ZONEMD RRs and it them to the set for later inclusion.
>
> 3.4. "Step 4: Add each of the ZONEMD RRs formed in step 3 to the zone"
>
> 3.5. "Step 5 (Optional):  Sign the zone adjusting NSEC/NSEC3 records as
> appropriate to account for the existence of the ZONEMD RRSet".
>
>
> 4. Canonical representation and Digest Calculation for the SIMPLE scheme.
> (move the  old 3.3, 3.4 and 3.5 sections under this heading).
> >>
>
>
> Note:   The presence or absence of *provable* DNSSEC for the ZONEMD RRs
> is irrelevant to whether or not the zonemd rr set can be verified.  It
> would seem to me that if you have a chain of DNSKEY RRs back to a trust
> point, you can verify the zonemd RR whether or not the zone claims the
> records should exist.     NSEC records say that the record SHOULD exist,
> but AFAICT NSEC records aren't actually checked if the records do exist.
> That may have changed from the original model, but I mention it with
> respect to  section 4, first bullet which reads as if the expectation is
> the important thing rather than actual signature data.
>
> I'm still not a big fan of this as a standards track document as I don't
> feel it provides enough general benefit nor does it provide a standard and
> programmatic answer to "what do I do if it doesn't verify", but I'm no
> longer adamant it needs to be experimental as it no longer forces a
> contract for future digesting models.
>
> Later, Mike
>
>
>
> On 3/9/2020 5:24 PM, Michael StJohns wrote:
>
> On 3/9/2020 4:46 PM, Wessels, Duane wrote:
>
> Michael StJohns pointed out (Feb 25) that a verifier that does not
> recognise a particular
> ZONEMD Scheme and/or Hash Algorithm may be unable to create the
> required placeholders,
> and therefore unable to perform a verification using any
> (Scheme,Algorithm) at all.
>
> I don't believe that to be the case.  For the unknown schemes/algorithms
> the recipient simply replaces how ever many octets the received ZONEMD digest
> had with all zeros.
>
>
>
>
>
> As of right now, I don't believe the current format is future proofed.
>
> Current encoding:
>
> 0x01 - simple
> 0x01 - SHA384
> 48 bytes of digest.
>
> 0x01 - simple
> 0x02 - SHA512
> 64 bytes of digest.
>
> 0x02 - Complex
> 0x00 - Ignored - mainly because I'm forced to have it here because of the
> SIMPLE scheme - it doesn't specify a digest type.
> [Opaque values that describe the complex scheme - e.g. btree description,
> partial hashes, selection matrix of RRs I actually care about etc]
> [More opaque values that are the various digest(s)]
>
> These are OPAQUE from a receiver that only understands SIMPLE.
>
> For the latter scheme, I want to include the first part of the opaque
> values in the various hash calculations.   But the SIMPLE scheme will set
> them to zero for its own calculations?   And I have to do special things
> for scheme 1 to do my calculations.  AND I have to know that digest 0x02
> requires 64 bytes of zero for the calculation even if I'm only able to
> verify SHA384 digests.  Any error in the formation of the digest 0x02
> digest field or scheme 0x02 data field means that the 0x01 digest won't
> verify.  Ditto for any formation for the scheme 2 complex digest relative
> to the Scheme 1 digests.  This makes all digests interdependent which I
> believe was not desired.
>
> I see no benefit to including the ZONEMD RR in any digest calculation with
> our without placeholdering it.
>
> Just omit any ZONEMD RR from the calculation and be done with it.  Make
> ALL ZONEMD RRs independent from each other.
>
>
>
>
>
>

v2.23.0 | Report a Bug | By Email