Re: [DNSOP] [secdir] Secdir last call review of draft-ietf-dnsop-server-cookies-04

Benjamin Kaduk <kaduk@mit.edu> Fri, 04 December 2020 20:37 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 022973A0C4D; Fri, 4 Dec 2020 12:37:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HoGXXaH1FDOY; Fri, 4 Dec 2020 12:37:12 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86ED63A0FCC; Fri, 4 Dec 2020 12:36:44 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0B4KaZoj000847 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 4 Dec 2020 15:36:41 -0500
Date: Fri, 04 Dec 2020 12:36:35 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Ondřej Surý <ondrej@isc.org>
Cc: last-call@ietf.org, draft-ietf-dnsop-server-cookies.all@ietf.org, secdir@ietf.org, dnsop WG <dnsop@ietf.org>
Message-ID: <20201204203635.GS64351@kduck.mit.edu>
References: <160693121881.9413.5642470305677631145@ietfa.amsl.com> <17AFD6F5-11DA-41BC-8C37-E1893648041D@isc.org> <CABcZeBPRn3aTBsApawvk_Ecyzdbi+SX9=b74y0_uhYx_Y8p-5w@mail.gmail.com> <51A61472-45D7-4133-80BC-1F470B5CBD84@isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <51A61472-45D7-4133-80BC-1F470B5CBD84@isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ytaLdogdZiA_Z5d0REqDVcdroq0>
Subject: Re: [DNSOP] [secdir] Secdir last call review of draft-ietf-dnsop-server-cookies-04
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 20:37:14 -0000

Hi Ondřej,

Just because someone else does something, even a "big name", doesn't
necessarily make it a good idea for us to also do it.
We should be able to justify our algorithm choices on cryptographic
principles, not just appeal to authority.

In a similar vein, you said something about the 32-bit timestamp being wide
enough to prevent brute-force attacks.  Could you say a bit more about what
attacks those are that are being prevented?  I'm not really seeing how the
width of the timestamp comes into play for that concern, just from a quick
skim of the document.  (Timestamps tend to not provide much protection
against brute force by themselves, since time is relatively guessable,
especially to seconds precision.)

Thanks,

Ben

On Wed, Dec 02, 2020 at 11:18:29PM +0100, Ondřej Surý wrote:
> SYN cookies in both Linux and FreeBSD uses siphash.
> 
> * FreeBSD: https://svnweb.freebsd.org/base?view=revision&revision=253210 (since 2013)
> * Linux: https://github.com/torvalds/linux/commit/fe62d05b295bde037fa324767674540907c89362#diff-14feef60c3dbcf67539f089de04546c907233cbae09e1b2dd2c2bc6d6eae4416 (since 2017)
> 
> I believe that the SYN cookies have exactly the same properties as DNS cookies.
> 
> Ondrej
> --
> Ondřej Surý (He/Him)
> ondrej@isc.org
> 
> > On 2. 12. 2020, at 22:15, Eric Rescorla <ekr@rtfm.com> wrote:
> > 
> > Well hash tables are an application with somewhat different security properties than MACs, so I don't think this is dispositive.
> > 
> 
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview