Re: [DNSOP] [perpass] draft-hzhwm-start-tls-for-dns-00: Starting TLS over DNS

Paul Hoffman <paul.hoffman@gmail.com> Sat, 15 February 2014 18:36 UTC

Return-Path: <paul.hoffman@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76DA71A0272; Sat, 15 Feb 2014 10:36:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rse3HJgFkTjq; Sat, 15 Feb 2014 10:36:38 -0800 (PST)
Received: from mail-vc0-x234.google.com (mail-vc0-x234.google.com [IPv6:2607:f8b0:400c:c03::234]) by ietfa.amsl.com (Postfix) with ESMTP id 0F84B1A026E; Sat, 15 Feb 2014 10:36:37 -0800 (PST)
Received: by mail-vc0-f180.google.com with SMTP id ks9so10158172vcb.39 for <multiple recipients>; Sat, 15 Feb 2014 10:36:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=r0g6PT4e4OChPqvC0bbwKKMKUvmgpC9Org/zXxNCk3A=; b=ldHiAgXndv1s/jeyvpSSyp09Kh4mkvGaYTKnkx/0VwucGup40CRrOurRCH698dL9dP VDbro1ydKkC6FIOltN55SSZ8R4BNfuqzOmpVH74fi83ZB8vhhkhsadf0cBV82hg8dyYe BGfTCJckeeQ532c6bJOLv7/xtkRP74Ntx9KgTm+0o7IkMEUGk3UBai9McFBjWNVItxT9 abp2tApu7XHJY8GJ0vhjxo8WDNepvqfBbSEXDZ53tHHLphyavfaPx4eBFgBALBK3aXul FI1MuYxSwDpuLyr/IyLlTgUGkxtbcenvEE3nzrzt2BJBlAlp4245xIsR8nWyF4C+IxNj 4y4A==
MIME-Version: 1.0
X-Received: by 10.52.243.102 with SMTP id wx6mr8701267vdc.12.1392489395897; Sat, 15 Feb 2014 10:36:35 -0800 (PST)
Received: by 10.220.104.8 with HTTP; Sat, 15 Feb 2014 10:36:35 -0800 (PST)
In-Reply-To: <CACsn0cn=B201xpoMLhEpwhj_NRtG64zQQyoS7eCf_8-0cmeHFQ@mail.gmail.com>
References: <CAESS1RPh+UK+r=JzZ9nE_DUqcvNtZiS6TNt1CDN-C0uiU7HP=A@mail.gmail.com> <52FEF407.30405@redbarn.org> <20140215140133.GA6990@sources.org> <CACsn0cn=B201xpoMLhEpwhj_NRtG64zQQyoS7eCf_8-0cmeHFQ@mail.gmail.com>
Date: Sat, 15 Feb 2014 10:36:35 -0800
Message-ID: <CAPik8yatYVBPGV8ObXrqWBkni303Vbk6b=OtMvOUeZvA0gbZ6A@mail.gmail.com>
From: Paul Hoffman <paul.hoffman@gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="001a1133ec96cbc96c04f276336c"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/xSfelBz87NIhpz5E6-FJqodz2fM
X-Mailman-Approved-At: Sun, 16 Feb 2014 18:51:55 -0800
Cc: Paul Vixie <paul@redbarn.org>, dnsop@ietf.org, perpass <perpass@ietf.org>, Zi Hu <zihu@usc.edu>
Subject: Re: [DNSOP] [perpass] draft-hzhwm-start-tls-for-dns-00: Starting TLS over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Feb 2014 18:36:40 -0000

On Sat, Feb 15, 2014 at 8:44 AM, Watson Ladd <watsonbladd@gmail.com> wrote:

> Dear all,
> This proposal has multiple shortcomings compared to DNSCurve.
>

And some advantages over DNSCurve.


> First off, it says that the rationale for TLS over DNSCurve is simply
> to "take advantage of TLS". I would respectfully submit that DJB can
> do a better job than the TLS committee, and did. Merely adding bolts
> and nuts onto a design is not improving it.
>

That is a value judgement that cannot be measured. While DJB's crypto
algorithms have been widely adopted, his crypto protocols have not.

Secondly, this proposal only works on TCP. This imposes latency and
> state requirements that most people would rather avoid. The use of
> keepalive only addresses computational burden, not state burden, and
> with the DH speed records we have today unnecessary.
>

That is a measureable criticism. Note that DNSCurve trades latency and
state for massive amounts more computation by parties who might not care to
do any. Even after many years, there has been no noticeable interest in
DNSCurve from those whom that protocol would hit the hardest.


> Thirdly, this proposal ignores entirely how to validate the server
> over the TLS connection.


True.


> Does it need a certificate?


No.


> Who should be
> allowed to sign it?


"Allowed"? Are we now the identity police?


> How should it be validated?


Using TLS authentication.


> DNSSEC provides a PKI,
> and this proposal provides another one. Their interactions will not be
> fun.
>

They in fact might be fun; they have barely been explored.


> Fourthly, there is substantial operational knowledge and deployed,
> working, code implementing DNSCurve. This does not hold for this
> proposal.
>
>
>
I question "substantial" and  "operational" at the level that is expected
for this protocol. Regardless, there is substantial operational knowledge
of TLS that dwarfs whatever has been done for DNSCurve.

--Paul Hoffman