[DNSOP] Re: Collision Free Key Tags for DNSSEC draft

Paul Wouters <paul@nohats.ca> Tue, 08 July 2025 13:05 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 56406414C9FA for <dnsop@mail2.ietf.org>; Tue, 8 Jul 2025 06:05:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gihw-yWK__YX for <dnsop@mail2.ietf.org>; Tue, 8 Jul 2025 06:05:16 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id F21D1414C133 for <dnsop@ietf.org>; Tue, 8 Jul 2025 06:01:11 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4bc1Sk5zX7z45D; Tue, 8 Jul 2025 15:01:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1751979670; bh=T5PlEr3xUyd+FPa1+iTqyclq/L3UgwE+iOcwsL2UNv8=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=eXe9FViGNL8FF8+j8ESGRK7JDlsUJgAsfGX8PB5cbsCdj3L/3FZ1zimt6u5hxE1Bo k3e3Q6GqymaS/cxkVUUqVQ1z+rilVleBCpoioLRQXZxZNydrMPJ4xI4cseeLS3r6Jz akXlw9GxeVtEmCsMwhzBI8odsHNlNjoCmxaIUZgk=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id ZhvzHcJIToHv; Tue, 8 Jul 2025 15:01:10 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 8 Jul 2025 15:01:09 +0200 (CEST)
Received: from smtpclient.apple (unknown [193.110.157.207]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id EBDC016195A8; Tue, 08 Jul 2025 09:01:08 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Tue, 08 Jul 2025 09:00:58 -0400
Message-Id: <45260BA6-B4C0-4A2C-8E69-51D72C833C1F@nohats.ca>
References: <0c4715d1-cd1b-4726-a372-6ac3c26af786@nic.cz>
In-Reply-To: <0c4715d1-cd1b-4726-a372-6ac3c26af786@nic.cz>
To: Libor Peltan <libor.peltan=40nic.cz@dmarc.ietf.org>
X-Mailer: iPhone Mail (22F76)
Message-ID-Hash: IEHCM2ICZF5FVCXP2OE64J2U4B24J6RJ
X-Message-ID-Hash: IEHCM2ICZF5FVCXP2OE64J2U4B24J6RJ
X-MailFrom: paul@nohats.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Peter Thomassen <peter=40desec.io@dmarc.ietf.org>, John Levine <johnl@taugh.com>, dnsop@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Collision Free Key Tags for DNSSEC draft
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rmfNAmqZ-dgsWwpJ4pwkJ1JF2Nc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Jul 8, 2025, at 03:27, Libor Peltan <libor.peltan=40nic.cz@dmarc.ietf.org> wrote:
> 
> 
> I think that having DNSSEC non-BOGUS 100% of the time is critical at least for important zones (like TLDs).

> AFAIK the current state is that the _specification_ allows the atuhoritatives to publish DNSKEYs with any number of konflicting keytags and the validating resolvers MUST(?) accept those;

Yes.

> while in _reality_ the resolvers started to impose some limitations.

Which resolvers ? How did they break the RFC?

> This dicrepancy between specification and reality should be fixed by us.

Us being the spec or the implementations ? ;)

> I suggest something like: "resolvers MUST accept two keytag-conflicting keys within *each* DNSKEY RRset they are validating"

This is already the case.

> and "authoritatives MAY publish DNSKEY with at most two keytag-conflicting keys"

This is already basically the case. If you follow the below requirement.

> and "authoritatives SHOULD do best effort to avoid keytag conflicts whenever possible".

This might not be specified but in practise is already the case. Some DPS statements might have language here (and when reviewing the ICANN DPS/source code, I pointed out they should add some checks for this and create a different new key if there was a keytag collision)

Note that your proposed requirements are not always easy to implement, for example in the root where the KSK and ZSK are independently managed.

A better solution would be for resolvers to detect when they are under keytag DoS, and then take counter measures - not for the protocol to be changed and made more complicated.

Paul

> 
> Libor
> 
>> On 08. 07. 25 8:49, Peter Thomassen wrote:
>> 
>> 
>>> On 7/8/25 02:17, John Levine wrote:
>>> It appears that Shumon Huque <shuque@gmail.com> said:
>>>> Please review the draft and speak up if you have comments, and would like
>>>> to see this draft adopted (or not).
>>> 
>>> I don't hate the draft but since we have been living with colliding tags for two
>>> decades and experience shows that collisions of more than two tags never appear
>>> unless maliciously created, this doesn't strike me as a good use of our time.
>>> 
>>> Just add "more than two colliding tags" to the long list of limits in DNS
>>> resolvers and we can work on something else.
>> 
>> +1
>> 
>> Peter
>> 
>> _______________________________________________
>> DNSOP mailing list -- dnsop@ietf.org
>> To unsubscribe send an email to dnsop-leave@ietf.org
> 
> _______________________________________________
> DNSOP mailing list -- dnsop@ietf.org
> To unsubscribe send an email to dnsop-leave@ietf.org