[DNSOP] Re: Light weight encrypted DNS proposal
Joe Abley <jabley@strandkip.nl> Thu, 15 August 2024 10:24 UTC
Return-Path: <jabley@strandkip.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09E9CC180B56 for <dnsop@ietfa.amsl.com>; Thu, 15 Aug 2024 03:24:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=strandkip.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mgppzvbL274J for <dnsop@ietfa.amsl.com>; Thu, 15 Aug 2024 03:24:21 -0700 (PDT)
Received: from qs51p00im-qukt01072501.me.com (qs51p00im-qukt01072501.me.com [17.57.155.14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8A04C1D4A9C for <dnsop@ietf.org>; Thu, 15 Aug 2024 03:24:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=strandkip.nl; s=sig1; t=1723717461; bh=tI5kSjPcWCy961m9qQfvk/BHptKIXpPQCT8T+yxRm/s=; h=Content-Type:From:Mime-Version:Subject:Message-Id:Date:To; b=ohaTcrx4i7A3n9re9Ibpj2gPx45aHb5B9EGRICxsW3zAWX7wiaM+mGSm6bqoDLT0P JgTlQhElb3x8vVeNd94fBHn8XXUldnCkKqGx4DjR3RAIXjybbuqk5SEDKAKW0JRZOj pBGWtu7Zm8oNMCDRDIk+Jbxl0b7Slb05uidGLy7xlix7sdR4PfwpXm/r/sqPPR1FvJ apHy/2F5jVtYsFDOx6i8DcueABdSVLWqXJvQCuSsl0kiqC5IL4nQpCCocsJqXUvg+U OjFHYApP8X4HNsfrDFC4sCUDl/X3fDtm+tXwRXW7NQyUV8BZuwxypWktm3ZDK37ZU9 +FHeAkMXq52PA==
Received: from smtpclient.apple (qs51p00im-dlb-asmtp-mailmevip.me.com [17.57.155.28]) by qs51p00im-qukt01072501.me.com (Postfix) with ESMTPSA id 2FC834400D1; Thu, 15 Aug 2024 10:24:18 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Joe Abley <jabley@strandkip.nl>
Mime-Version: 1.0 (1.0)
Message-Id: <25D0098D-D2F8-456B-BC2D-02F89257F8A7@strandkip.nl>
Date: Thu, 15 Aug 2024 12:24:06 +0200
To: Vint Joseph <vintjoseph871@gmail.com>
X-Mailer: iPhone Mail (21G93)
X-Proofpoint-GUID: ZemPlGZxotYN13WIPRqOil2nd1A1lddv
X-Proofpoint-ORIG-GUID: ZemPlGZxotYN13WIPRqOil2nd1A1lddv
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-15_02,2024-08-13_02,2024-05-17_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 bulkscore=0 adultscore=0 clxscore=1030 mlxlogscore=250 malwarescore=0 mlxscore=0 phishscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2308100000 definitions=main-2408150075
Message-ID-Hash: E3VGJRNXVKS7ZR2RLK6VZAHFNCI4G2JI
X-Message-ID-Hash: E3VGJRNXVKS7ZR2RLK6VZAHFNCI4G2JI
X-MailFrom: jabley@strandkip.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org, mohit06jan@gmail.com, ethan.hamadeh@gmail.com
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: Light weight encrypted DNS proposal
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rlS0vWKhLy6-cbtGaMTllhyucTU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Hi there! On 15 Aug 2024, at 00:17, Vint Joseph <vintjoseph871@gmail.com> wrote: > The core idea/synopsis > We plan to implement a system using elliptic curve cryptography. A preshared key, referred to as the public key G^S, is distributed from the dns server to the client. "Preshared" is easy to type but more difficult to implement. Most DNS servers have no prior knowledge of the clients that might send them queries. How do you distribute a key to all possible clients in such a way that it can be trusted to protect privacy? How do you manage the lifecycle of such a key, imagining that it needs to be possible to change it, e.g. due to key compromise? What additional failure modes would such key management introduce? > When the client needs a DNS response, it generates a key pair consisting of a private key C and a public key G^C. Key generation on every query does not seem lightweight, e.g. for a client such as a busy DNS resolver that sends millions of queries per second to authoritative servers, or for a resource-constrained single-user device that sends hundreds of queries per second to a resolver. > The client then sends a DNS request encrypted with the shared key G^CS and includes its public key G^C in the DNS extension. Upon receiving the public key G^C, the DNS server computes the shared key G^CS using its private key S and the client's public key G^C. These are ephemeral keys, ensuring that each DNS packet has its own session keys. If this proposal was implemented, it would amplify the work required on a DNS server to process an incoming query. Amplification of resources required per query is generally to be avoided since it presents an opportunity for denial of service attacks. What mitigation do you imagine for this problem? > The DNS server responds to the DNS query and sends the DNS response encrypted using G^CS. If the DNS server plans to change the keys, then a public key G^S1 is sent to the client , in the response packet. But these are optimizations which can be done later. > Thank you and I'm looking forward to your feedback! I suggest you review the specifications for dnscrypt, DoH, DoQ and DoT which are (to varying degrees) already implemented and deployed, and consider (a) what they worried about that you don't, and whether you are missing something and (b) whether there is actually a need for a more lightweight mechanism than what already exists. More generally, if you want to share a proposal with an IETF working group I suggest writing it up as thoroughly as you can in the form of an internet-draft. This is the normal way that proposals are reviewed by working groups. If you look around ietf.org you should find various tutorials to guide you on how to write and submit an internet-draft. Joe
- [DNSOP] Light weight encrypted DNS proposal Vint Joseph
- [DNSOP] Re: Light weight encrypted DNS proposal Vladimír Čunát
- [DNSOP] Re: Light weight encrypted DNS proposal Peter Thomassen
- [DNSOP] Re: Light weight encrypted DNS proposal Martine Sophie Lenders
- [DNSOP] Re: Light weight encrypted DNS proposal Joe Abley
- [DNSOP] Re: Light weight encrypted DNS proposal Mukund Sivaraman
- [DNSOP] Re: Light weight encrypted DNS proposal libor.peltan