IETF Logo Mail Archive

Re: [DNSOP] Roman Danyliw's Discuss on draft-ietf-dnsop-dns-zone-digest-12: (with DISCUSS and COMMENT)

Roman Danyliw <rdd@cert.org> Wed, 07 October 2020 20:52 UTC

Return-Path: <rdd@cert.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B87DD3A13B2; Wed, 7 Oct 2020 13:52:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p9tlg13-qM2h; Wed, 7 Oct 2020 13:52:14 -0700 (PDT)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F9703A0E7F; Wed, 7 Oct 2020 13:52:13 -0700 (PDT)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 097KqBIF007036; Wed, 7 Oct 2020 16:52:11 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 097KqBIF007036
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1602103931; bh=iGu5vGmguBc5BY7ete2RjbhlTl8r74XYzGviuBdJah4=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=fdMfnVeo4mdkRiGP+Y5JcZukfcs6bIPGTVp1K9PSbhW5fnzBOYQolQKvFP+I0eSyg F3RPyE6zci0YxwnmE7vdub+w2YekP0aKtBnSLhy75X4lRpEye6V6ufSWW3+342R32o 9nFHAKio/EMcpVoHQhQTngi4moI6HT9vx+LPFwLY=
Received: from MURIEL.ad.sei.cmu.edu (muriel.ad.sei.cmu.edu [147.72.252.47]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 097Kq7pX006618; Wed, 7 Oct 2020 16:52:07 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Wed, 7 Oct 2020 16:52:06 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.1979.003; Wed, 7 Oct 2020 16:52:06 -0400
From: Roman Danyliw <rdd@cert.org>
To: "Wessels, Duane" <dwessels=40verisign.com@dmarc.ietf.org>
CC: "draft-ietf-dnsop-dns-zone-digest@ietf.org" <draft-ietf-dnsop-dns-zone-digest@ietf.org>, Tim Wicinski <tjw.ietf@gmail.com>, "dnsop@ietf.org" <dnsop@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, The IESG <iesg@ietf.org>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-dnsop-dns-zone-digest-12: (with DISCUSS and COMMENT)
Thread-Index: AQHWm4scjI2g8fCOZk60H2rcJ0wpo6mM04UA///AHKA=
Date: Wed, 07 Oct 2020 20:52:06 +0000
Message-ID: <5fbeea49742e4866878af08d9681c8fe@cert.org>
References: <160195246471.4620.11112787341926255318@ietfa.amsl.com> <514C2BA5-37C3-48E5-B1FE-DCA96C7F37B3@verisign.com>
In-Reply-To: <514C2BA5-37C3-48E5-B1FE-DCA96C7F37B3@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.159]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ogidpg1D2CImtMWp0HlRW4Tw8vs>
Subject: Re: [DNSOP] Roman Danyliw's Discuss on draft-ietf-dnsop-dns-zone-digest-12: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 20:52:16 -0000

Hi Duane,

> -----Original Message-----
> From: iesg <iesg-bounces@ietf.org> On Behalf Of Wessels, Duane
> Sent: Wednesday, October 7, 2020 3:55 PM
> To: Roman Danyliw <rdd@cert.org>
> Cc: draft-ietf-dnsop-dns-zone-digest@ietf.org; Tim Wicinski
> <tjw.ietf@gmail.com>; dnsop@ietf.org; dnsop-chairs@ietf.org; The IESG
> <iesg@ietf.org>
> Subject: Re: Roman Danyliw's Discuss on draft-ietf-dnsop-dns-zone-digest-12:
> (with DISCUSS and COMMENT)
> 
> Hi Roman, thanks for the detailed review and comments.  My responses are
> inline.
> 
> 
> > On Oct 5, 2020, at 7:47 PM, Roman Danyliw via Datatracker
> <noreply@ietf.org> wrote:
> >
> > Roman Danyliw has entered the following ballot position for
> > draft-ietf-dnsop-dns-zone-digest-12: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to https://secure-
> web.cisco.com/1PmgI5C3eeSLOyMacI0tFtTZ2Xp1ZVDLlBYygPBOj1Q0bVtLkzLw
> mmN5ldjjcypZn5nnasJsm9E5GpsNMDvWdtGaM2kaFHhp7jZlEgufkzdln1LmRT84
> DKcbrePOUdtgU2M4UwQqhJ69IT0KBrKkQNN1OLFRMyYwhXs48zGHMkPxAOQ
> 9L2Je4TLpCoWGXIqZExBn5ErrQBYfVsEcz2xB1L-
> eKHO_l_zDzfiAHtMP8zHJQ_7GCF6YPn4OTvYHtKq1TL85oSNMxkc-
> a9TwIaBuzcEx2aRPzSqAPypDs7bIbFPs/https%3A%2F%2Fwww.ietf.org%2Fiesg%
> 2Fstatement%2Fdiscuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://secure-
> web.cisco.com/1In2W1aOUrhepme0YYTCWi_KVrjzwPz6gRHK3wqiBh8JhXsVPR-
> caNTg-
> liKbKCksx5Y35akHQwb5BB41XUadJT3by_ZmHTxwdiSU3QpC4eNTBAE42Pw2m
> ywlUcsCxUsDMgrwL3ph93cdoIxfnYKlbiF9GQp0v74iO_IcfqqkdmjHCiFqNSIrWIJsj
> sae_FUkueb3LzXcJ3Ine0GDo664s3xd60kYguQsCr17CZmEHlHTLEzHiGGXW8IrEm
> 4JcgBjaAU2ABRPZ-
> bfBv0LsmZR0Q/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-
> dnsop-dns-zone-digest%2F
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > Section 6.1.   My read of the text is that the security properties are intended
> > to be independent of the transport protocol.  With that assumption and the
> > validation procedures in Section 4, I need help understanding the security
> > properties the client can rely on in the absence of DNSSEC.  Consider the
> > following scenarios and attacker types; and the assurances a client could have
> > when retrieving the zone file from the server:
> >
> > With an on-path attacker (and trusted server hosting the zone file)
> >
> > ** No DNSSEC; No Secure transport = integrity: NO; authenticity = NO
> >
> > ** No DNSSEC; Secure transport = integrity: YES (from the on-path attacker);
> > authenticity = NO
> >
> > ** DNSSEC = integrity: YES; authenticity = YES
> >
> > With a rogue server hosting the zone file (but is not the operator of the zone)
> >
> > ** No DNSSEC; No Secure transport = integrity: NO; authenticity = NO
> >
> > ** No DNSSEC/Secure transport = integrity: NO; authenticity = NO
> >
> > ** DNSSEC = integrity: YES; authenticity = YES
> >
> > The text states that:
> >
> > The zone digest allows the recipient of a zone to verify its
> >  integrity.  In conjunction with DNSSEC, the recipient can
> >  authenticate that it is as published by the zone originator.
> >
> > Can the means to realize integrity without DNSSEC unless there is a reliance
> on
> > transport security of some form be clarified.  Minimally, it seems like this
> > section needs cautionary text (likely with normative language) to the effect of
> > “ZONEMD information from zone files lacking DNSSEC support or that were
> shared
> > over ‘unsecure transport’ cannot be relied upon for cryptographic integrity
> > assurance.”
> 
> You are correct that we intend the security properties to be independent of
> any transport protocol.   I'm reluctant to suggest in this document that
> a recipient could rely on ZONEMD for integrity because it came over a secure
> transport.  Although that might be true, I have to think that the secure
> transport itself provides the integrity assurance, and not the ZONEMD record.

In that case (where no assumptions are made about the transport), it seems that only these scenarios from the list above apply:

 With an on-path attacker (and trusted server hosting the zone file)

** No DNSSEC  = integrity: NO; authenticity = NO
** DNSSEC = integrity: YES; authenticity = YES

With a rogue server hosting the zone file (but is not the operator of the zone)

** No DNSSEC = integrity: NO; authenticity = NO
** DNSSEC = integrity: YES; authenticity = YES

Or more succinctly, without DNSSEC, the two stated security properties aren't provided.  

I'm not sure of what the best way is to resolve this mismatch based on the use cases.  I can see (at least) two paths to resolution:

(1) Specify that ZONEMD records MUST only be used with DNSSEC -- this will preserve the authenticity and integrity properties described in Section 1.1. and 6.  An additional step or two might be needed to the verification process in Section 4.  Does this impact the planned use cases or workflows?

(2) Provide appropriate caveats that ZONEMD information may not mean what you think it means depending on whether DNSSEC is used.  This likely means: the motivational goal in Section 1.1 may need to be weakened; the analysis of alternatives in Section 1.2 won't make sense (for the non-DNSSEC case); and an appropriate applicability-like statement might also be necessary to describe how to use an insecure checksum.  Section 6 would needs additional language to capture the difference between the DNSSEC vs. non-DNSSEC deployment.  Editorially, clearer words like checksum might also help.

[trimmed all of the COMMENT discussion for now]

Regards,
Roman

v2.23.0 | Report a Bug | By Email