Re: [DNSOP] new dnsop related draft: RFC5011 security considerations
Warren Kumari <warren@kumari.net> Wed, 03 August 2016 19:21 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7D0E12D7DE for <dnsop@ietfa.amsl.com>; Wed, 3 Aug 2016 12:21:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FDjcWKNt2qU8 for <dnsop@ietfa.amsl.com>; Wed, 3 Aug 2016 12:21:02 -0700 (PDT)
Received: from mail-qt0-x236.google.com (mail-qt0-x236.google.com [IPv6:2607:f8b0:400d:c0d::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45BE112D698 for <dnsop@ietf.org>; Wed, 3 Aug 2016 12:21:02 -0700 (PDT)
Received: by mail-qt0-x236.google.com with SMTP id x25so149062809qtx.2 for <dnsop@ietf.org>; Wed, 03 Aug 2016 12:21:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=47lbELVHbLzL3aLrhhsqaSNdb+ekd+TBAHCSHGoHvWA=; b=yk6vecchi0P80A+xDNfjod8buoWDYF29SlHJPG4n/eQW1spCnd3ewCFhFoeGONmO4W TY3L4034o2CKs9t+rcjgdXgwVZWi5p+mln0M8DdbsHFJH5LCt86uyYblrzHVlQiaMt0e qjWZ+p0B9ikrYnUDO7ooKqKpxvDq4yjg64/LWmf/jIttm89VGEVGLsl6iBfM6YiQRR1k f9H+fSxl/pIUO+kzubA1DEvey/S7iRFftoluxtdMP3rsVtB4IelWDISvPJCMi+BeyH/J TnryutXGzwF1bhXCuAkwKZnsh/essOeFQ0nurHCrN/pYjwKQFIII7CJSVijOgxOzNtPa 1AzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=47lbELVHbLzL3aLrhhsqaSNdb+ekd+TBAHCSHGoHvWA=; b=cqT+q1O+MFonB7F9B7mJSBPAH9I89CyYENvYzVX0u0OcHxfCItrM6LkdY8gdrgS8lc JlJpFws1dLcb6Ueq1mdCDzOWhw202fuIGOwZkGxcBQHsK/FzUHcOSBWrDRUBPKuloxax ohOipHn4reVIhNOuPcGYDGtSxkxO7qhCM7JtCRCM+CpADPfGLXEvBdKi3TK0y1EXtGHy vXMe2l9Y49cCYRx2qc1GaWn/y4XTwjvPBGp9CR35ZINWo2Fd83klVwlGdIjh/ZPJP/8b on0DSUJXF1GrWFnUVbP5xRTCXx4ALo8H7CdphyCy25peQcacRJ6pqKPs841Q2jfRCVFg lSnw==
X-Gm-Message-State: AEkoouvWD/xI9AzscxucqGUgV5R+MxHVHODSBII9orQXuvtcjplVrrMm2Ae14yZk54amChehlHputVi9COVM5WLE
X-Received: by 10.237.43.162 with SMTP id e31mr1829350qtd.110.1470252061138; Wed, 03 Aug 2016 12:21:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.176.199 with HTTP; Wed, 3 Aug 2016 12:20:30 -0700 (PDT)
In-Reply-To: <0lvazhhhxe.fsf@wjh.hardakers.net>
References: <0lfuqoqhd7.fsf@wjh.hardakers.net> <99f615b9-15e6-d034-3926-83e273df6870@pletterpet.nl> <0lvazhhhxe.fsf@wjh.hardakers.net>
From: Warren Kumari <warren@kumari.net>
Date: Wed, 03 Aug 2016 12:20:30 -0700
Message-ID: <CAHw9_i+HXcXudyg1dkidSTwF3evxj6SA74QFQYmRL8aPB=H8gQ@mail.gmail.com>
To: Wes Hardaker <wjhns1@hardakers.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yTdZo0BDvzmEFCKdkcF76qCmC5U>
Cc: Matthijs Mekking <matthijs@pletterpet.nl>, dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] new dnsop related draft: RFC5011 security considerations
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2016 19:21:05 -0000
On Wed, Aug 3, 2016 at 10:38 AM, Wes Hardaker <wjhns1@hardakers.net> wrote: > Matthijs Mekking <matthijs@pletterpet.nl> writes: > >> 1. In the introduction you mention there is no guidance to how long a >> DNSKEY must be published before it can be considered accepted. Perhaps >> there is no implicit guidance in RFC 5011, you should be able to derive >> it from the timing parameters defined in that document. > > I believe one can derive it, hence the reason we titled the draft > "security considerations". IE, it's not the intent of the draft to > create anything new, just to more clearly document what is already true > (but misunderstood by most). > >> In fact, it has been done before and RFC 7583 (DNSSEC Key Rollover >> Timing Considerations) gives guidance on exactly this in Section >> 3.3.4. > > I need to study that document again (it's been a while) in order to > fully respond to your note, but I agree there is information in there > that is certainly relevant. And we should certainly add a reference to > it as well, if this document needs to go forward. > > In 3.3.4.1, we have: > > modifiedQueryInterval = MAX(1hr, MIN(15 days, TTLkey / 2)) > Itrp >= AddHoldDownTime + 2 * modifiedQueryInterval > > And in our document, I just realized, fails to define the "safe" > equation that we came up with. But our safe value came out to be: > > Itrp >= AddHoldDownTime + 3 * SignatureLife / 2 + 2 * TTLkey > > We'll go add that equation into our document (which I was sure we had > put in, but apparently not) and republish shortly. Yup, somehow the equation section ran away during edits of the initial version -- Wes and I hunted it down, put it back in the document and it's been posted. Hopefully it is clearer now. W > >> 2. The outlined attack is possible because the defined queryInterval is >> approximately done at the half of the RRSIG expiration interval. If the >> queryInterval was to be increased that it would be at most the full >> expiration interval, the replay attack cannot be successfully executed. >> While this makes the DNSKEY rollover duration even longer, it is now >> secured against the outlined attack. > > I don't think we need to modify 5011 itself. Just how to use it. > > -- > Wes Hardaker > Parsons > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Shane Kerr
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Matthijs Mekking
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Warren Kumari
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Michael StJohns
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Wes Hardaker
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Wes Hardaker
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Wes Hardaker
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Matthijs Mekking
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Matthijs Mekking
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Wes Hardaker
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Bob Harold
- Re: [DNSOP] new dnsop related draft: RFC5011 secu… Wessels, Duane
- [DNSOP] new dnsop related draft: RFC5011 security… Wes Hardaker