Re: [DNSOP] nsec3-parameters opinions gathered

Mark Andrews <marka@isc.org> Mon, 08 November 2021 23:49 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E6453A0EF6 for <dnsop@ietfa.amsl.com>; Mon, 8 Nov 2021 15:49:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b=KVFU0WMX; dkim=pass (1024-bit key) header.d=isc.org header.b=K29cBj37
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XxdR3A1jo31s for <dnsop@ietfa.amsl.com>; Mon, 8 Nov 2021 15:49:10 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DFD93A0EDE for <dnsop@ietf.org>; Mon, 8 Nov 2021 15:49:10 -0800 (PST)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.1.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id E2239433F2A for <dnsop@ietf.org>; Mon, 8 Nov 2021 23:49:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1636415348; bh=CoNxOXjlwtbu5BRpeFl3WUESIvCMFF3Xl8Yn9taC2lg=; h=From:Subject:Date:References:To:In-Reply-To; b=KVFU0WMX3fjQxAYBuXs57rzFtlQ0I5GMOvp4Ujztn49VK1fmtD6y2ORZa5yziNqFi tdGXlpbBNa+q8lvNXhoqRX0MzwHPNv8CeedxYK/RxPW5/FpbaUcCyNubYTU/rx+mab EU/3kdDm38haPE09SRsxILDNeraOwlpPqROnYjEs=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id D5596F07C94 for <dnsop@ietf.org>; Mon, 8 Nov 2021 23:49:07 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id A8351F07CBD for <dnsop@ietf.org>; Mon, 8 Nov 2021 23:49:07 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org A8351F07CBD
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1636415347; bh=ofQaKiAXZEuzUJgDSqfP1aIDY2A6b37SpH9D5ttbAKQ=; h=From:Mime-Version:Date:To:Message-Id; b=K29cBj37J4oOTvmzfJkLDnpYhQcSLJ59mmiVGgIGcM1PaYoIjJRDSzA9hbvN1q5SD f2tBlm1bVRYD5gHE7J8KVqVUhEaEl0wvVl78t2Xs2RcELnjSbhSMcOClNEfcvkb8uE cgKBIBR9dVon0LvWeAA6ZWvGl8y07hx3fZQ1dGxU=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id tu7MRbT4g-Mo for <dnsop@ietf.org>; Mon, 8 Nov 2021 23:49:07 +0000 (UTC)
Received: from smtpclient.apple (n114-74-30-70.bla4.nsw.optusnet.com.au [114.74.30.70]) by zimbrang.isc.org (Postfix) with ESMTPSA id 1F155F07C94 for <dnsop@ietf.org>; Mon, 8 Nov 2021 23:49:06 +0000 (UTC)
From: Mark Andrews <marka@isc.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Tue, 09 Nov 2021 10:49:04 +1100
References: <ybl7ddnr16f.fsf@w7.hardakers.net> <206e17b4-a920-8e3e-586d-ecc29855fae3@nic.cz> <45a10ca4-93e1-3c9c-7434-83c387d5246e@NLnetLabs.nl> <E354E8D8-5584-4607-A98D-76869F5CC68B@ogud.com> <f3622705-423c-84b7-be54-d0491e7f5062@andreasschulze.de> <50917406-6FAF-4851-995A-B686F53E27B4@dukhovni.org>
To: dnsop@ietf.org
In-Reply-To: <50917406-6FAF-4851-995A-B686F53E27B4@dukhovni.org>
Message-Id: <75FC3AE1-7DF1-426E-BAB3-B542E1B6B7FC@isc.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rQuqRCWOVo-ZKxvkmYn792BBkqo>
Subject: Re: [DNSOP] nsec3-parameters opinions gathered
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Nov 2021 23:49:15 -0000


> On 9 Nov 2021, at 05:09, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
>> On 8 Nov 2021, at 12:55 pm, A. Schulze <sca@andreasschulze.de> wrote:
>> 
>> sorry for maybe asking an already answered question,
>> but why is NSEC3 considered to have no benefit at all?
> 
> My take is that NSEC3 provides little benefit beyond the initial
> (0th) iteration.
> 
>> I'm still on "NSEC allow zone-walks while NSEC3 don't"
>> At least not without additional effort.
> 
> But, of course that initial iteration provides only limited protection
> against zone walking, it deters *casual* attacks, by those who are not
> sufficiently motivated to expend CPU on dictionary attacks (that would
> likely recover a decent fraction of the names for most zones).
> 
> There are a few possible paths forward:
> 
> * Accept that sufficiently determined adversaries will mount a dictionary
>  attack, but there won't be many of them.  Make do with NSEC3 and zero
>  iterations.
> 
> * Accept that your zone data is not secret, publish vanilla NSEC records
>  and let the zone walkers go at it.  For some TLDs, spin up a public
>  AXFR service, or make zone data available via HTTPS, call it "Open Data".
> 
> * Use NSEC in combination with online signing (with ECDSA P256(13)), using
>  minimal covering NSEC RRS.  These *actually* preclude offline dictionary
>  attacks at the cost of online signing of negative answers.  If not leaking
>  zone data is important enough, this is the actually secure way to get there.

Even there you leave yourself and your clients open to random subdomain
reflection attacks.  DNSSEC synthesis is your friend.

> NSEC3 is neither fish nor fowl.  Regardless of any practically realistic
> iteration count, it is still vulnerable to dictionary attacks.  Its main
> tangible benefit (at some non-trivial security cost) is opt-out, which is
> increasingly a bad idea for most zones.
> 
> Thus we find .COM and others using "NSEC3 1 1 0 -" (just opt-out).  But
> most zones, if they use NSEC3 at all, should have "NSEC3 1 0 0 -", or
> just NSEC, possibly with minimal covering replies via online signing.
> 
> -- 
> 	Viktor.
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org