IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

Shumon Huque <shuque@gmail.com> Fri, 27 July 2018 02:45 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 697D81292F1 for <dnsop@ietfa.amsl.com>; Thu, 26 Jul 2018 19:45:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kb5uFVcitmHU for <dnsop@ietfa.amsl.com>; Thu, 26 Jul 2018 19:45:25 -0700 (PDT)
Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E14312785F for <dnsop@ietf.org>; Thu, 26 Jul 2018 19:45:25 -0700 (PDT)
Received: by mail-yw0-x22c.google.com with SMTP id v197-v6so1364489ywg.3 for <dnsop@ietf.org>; Thu, 26 Jul 2018 19:45:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xfp8xT/H/65Q7JxNAo/yoLDClfx8S2LqLh504rVfbd4=; b=olS6zW6rXAWKN9NhsUjr5RRaOtRWm94yFsohjNHJ90iojG4iR/WDrwAotZ5fsEkIao PCoeD+mlEguTy8WZ+vNBlRYU3Xtufi8fL0NEKjMNlgubZCq0lOkAl0+QfJO0N8uRa21X yeJLPtgY3BNbeE+fnThmTdsAuyPlrGMgHRNz4isgGqxqUnKDkAANwJQAMp3kTMbGjHkw RJmuKr3RZwCigLNiKDRyWMnX32KBTNeBySKrda+V97ZUgOPiYm6r7ZEr2PzXtG0rHoa2 /NgJ9+dY61sOUnC58DzQ6DVABUoYlfE+CI5VABa6J7+WnToAlrnLLEGqOeNXMikxsCiO 6J7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xfp8xT/H/65Q7JxNAo/yoLDClfx8S2LqLh504rVfbd4=; b=agMe9IYlmrCqBBvu55h6xK34lPVbbtN6thXDswDG+iI9UFHgyNDA5RssSz4GwAdpe8 hr1rdvIQ5nmyFBRpc5aeI7jSh+8k7Ba+hRtgGrIYLajfi9cyuSFaTNb8tQ9l71k4nrQ+ cCidcqodu3eYo6S+flyBhWkR8qLXEhyMyz5bvIkh9pev/ly6QN7xmYaNcSf6bUvFnjWf ukp2H4Ojz8cKVRDCJMQQQ+NzrJCcMNvWk6mnczcN2x6RWG61rjCPeTqWwb0EIqkaFeQ2 8pRh2Q8xwWbtWtGfsArRiSutO8iSqRafOuBt03z8NojP6ckEGhpBsarG/Z/R8MMX0c8N LnbQ==
X-Gm-Message-State: AOUpUlFc+CWrzAhFh1fJ7LDvlyOksqOBDyfkcC0RMFxsb9raFL1oRA71 beq6BLsMo50pW3dEZal0L9XcK/MxGlNiZikzXWw=
X-Google-Smtp-Source: AAOMgpd9gC7jMWPgcMLzomAa+2W+UbWazT/gKr633HPHCg/5iVv8vMVIpyXXqHQ4bMc0+au3f5+rpBaynIeAEdNIVWs=
X-Received: by 2002:a81:7d43:: with SMTP id y64-v6mr2221065ywc.371.1532659524302; Thu, 26 Jul 2018 19:45:24 -0700 (PDT)
MIME-Version: 1.0
References: <4DCC5A51-1AB0-47B6-92B5-79B6894F9A9C@verisign.com> <CAJE_bqcELQbQeHPvvEBHOxpRyWYL76BmT_-G4jW4pTnUUXFMUw@mail.gmail.com> <CAAObRXL2LoB3f=296ZPE1Pp1nHkG---pRPAmyO1trTROxneHDQ@mail.gmail.com>
In-Reply-To: <CAAObRXL2LoB3f=296ZPE1Pp1nHkG---pRPAmyO1trTROxneHDQ@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
Date: Thu, 26 Jul 2018 22:45:12 -0400
Message-ID: <CAHPuVdU8YjbnsVGP4qEVoMA4ZdBo3_bHjV+PxgAOEGsKd742Uw@mail.gmail.com>
To: Davey Song <songlinjian@gmail.com>
Cc: 神明達哉 <jinmei@wide.ad.jp>, "dnsop@ietf.org WG" <dnsop@ietf.org>, mweinberg=40verisign.com@dmarc.ietf.org
Content-Type: multipart/alternative; boundary="00000000000081fdff0571f21acf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/uR-rTD2sqD1HMxDe39cS2AuNlUE>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2018 02:45:27 -0000

On Thu, Jul 26, 2018 at 10:16 PM Davey Song <songlinjian@gmail.com> wrote:

>
> - It was not really clear exactly what kind of problem this digest
>>    tries to solve, especially given that the primarily intended usage
>>    is for the root zone, which is DNSSEC-signed with NSEC.
>>
>
> It puzzled me as well.
>
> It is said in the document that diffferent from DNSSEC (and NSEC), the
> zone digest is for the intergirty of unsigned NS and Glue of the zone. As I
> asked in IETF102: why unsigned NS and glue is worth of protecting by
> introducing a new RRtype, addtional complexity of degesting and validation.
> Is it really necessary for local resolver(or local-root) aware the integity
> of NS and glue?  any technical problems if the NS RR and glue are
> modified locally?
>

The ZONEMD digest is over the entire zone, not just the delegation NS and
glue records.

Normally, in order to ensure that secondary servers accurately got a copy
of a zone from the master server, we would use a channel protection
mechanism like TSIG. This is typically needed even if they were no unsigned
data in the zone because authoritative servers do not typically validate
signatures of the data in zones they themselves serve - in theory they
could, but in fact I don't know any implementations that validate RRSIGs
received over zone transfers - they just trust the source and serve the
data. Resolvers validate signatures. Authoritative servers that serve
signed zones trust that they have already have an authentic copy of the
zone.

The problem for wide scale distribution of the root zone, is that
traditional TSIG (without adding a complex key management infrastructure)
doesn't scale. Earlier in this thread, I had proposed that SIG(0) could be
a scalable solution to this problem, but it has some limitations, and Duane
has argued that the full zone signature is a better solution. I'm not
opposed to this, but I think Mark Andrew's XHASH proposal is worth thinking
through also.

Even if the local-root-zone resolvers were modified to validate signatures
of signed RRsets in the zone, if a MITM attacker fed them bogus glue, to
recover from this, they would need operator intervention to manually
retransfer the zone. This doesn't strike me as a robust operational
configuration.

--Shumon.

v2.23.0 | Report a Bug | By Email