Re: [dnssd] Secdir telechat review of draft-ietf-dnssd-srp-23
Ted Lemon <mellon@fugue.com> Mon, 29 January 2024 20:32 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF478C15171B for <dnssd@ietfa.amsl.com>; Mon, 29 Jan 2024 12:32:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lfrQ_QrwfkmB for <dnssd@ietfa.amsl.com>; Mon, 29 Jan 2024 12:32:59 -0800 (PST)
Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D5B8C151538 for <dnssd@ietf.org>; Mon, 29 Jan 2024 12:32:59 -0800 (PST)
Received: by mail-qv1-xf33.google.com with SMTP id 6a1803df08f44-68c3eb209f4so16411546d6.1 for <dnssd@ietf.org>; Mon, 29 Jan 2024 12:32:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20230601.gappssmtp.com; s=20230601; t=1706560378; x=1707165178; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xBDWi8MsF4j5RcrQmjYPgjpID8gC8DNE+YT7pJYWuTQ=; b=ESGigbmr1JUubWUvSyc+pgVz6hCLCMu3+B70rIlJwdAOBXdsw8ei8Y5pZL5wyu0bFu HKqD0rzcYTE61CsPpDtfKKZr9VothBrxF5cRrf5+mUyULvnHkRj1tqtkBeVWQ6DWhZR1 H4QqOwqjvvKqhZxNL176KifmsPGHo0pr7o1qpfQP8vCS0738roQny2nKfcFZ0ujghBbQ 8joQNX9g/kEKp08q/Aos9kHuE43ETOw62ELTao7JUkuhoV1Pxlp2TGyxstCr2/JWVOCd jQudlLISQeoubaCd57MbisA5sycWkwQHUCNnYmknzI3f5GuH+mGelg80lkIZwlkaiY4c NXIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706560378; x=1707165178; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xBDWi8MsF4j5RcrQmjYPgjpID8gC8DNE+YT7pJYWuTQ=; b=AKL0atj6aAXveOUx1M+U5GQHzMAwNtgWzr3gX2uZIC1aaUiuN1kjpkX55KIBTwdWXd NnmZjLFhZm+95FehjwwX+iGb2B93BFeEstO+eHk8U3uzM7pwoucZ4ifZu3IKXKhmIiF2 0EUKzZt5OqEwhsjN8GrDI5BSGETs4/XfgfFS/aiQ2uocO/McLMXntPr/JLy0izUcsyRd FrD2Qd4vuXUfVDf3xU7SIV+RZDTYXW1psZe0KqtMxhm6ZctZNvPmA6V7+ADb+OYe0RTk KFfv8gY4orSA7nulstsREnb4iK9lAZOprU/r+821dNYu7ivDRIDm8r61v0JOYBdq2HAK VyIg==
X-Gm-Message-State: AOJu0YwUwo3rJlyWVucU0Jgz1SKC3Y3kAyIDB4z58R/QtP9me7+RjKsE CDfvAdfWAjO/w/WhEq9czByNKW8LRiTgSyvPTDxE+m8Ii12MjgYh7pDTvnKy8tQRI4TUs+zrbJT u0S9EUXbOItwzVMoLwt5HTv74cpcKHdRHNw6vDA==
X-Google-Smtp-Source: AGHT+IEG77ZqkTANwNBrEM59fJZgvIYVIUEal/2NB0UVw+OaKzDB8yaG8KlL/NROO1JRJnGB3207KbQXfKQ9lIDRV5U=
X-Received: by 2002:a05:6214:2b06:b0:680:5fc8:4ae2 with SMTP id jx6-20020a0562142b0600b006805fc84ae2mr6203157qvb.126.1706560378300; Mon, 29 Jan 2024 12:32:58 -0800 (PST)
MIME-Version: 1.0
References: <169152312263.24934.16256094577792938802@ietfa.amsl.com>
In-Reply-To: <169152312263.24934.16256094577792938802@ietfa.amsl.com>
From: Ted Lemon <mellon@fugue.com>
Date: Mon, 29 Jan 2024 15:32:22 -0500
Message-ID: <CAPt1N1nxitWD5yqDdZX8TGww-pO7aTujn289t2TVcbrO_QAFBQ@mail.gmail.com>
To: Joey Salazar <joeygsal@gmail.com>
Cc: secdir@ietf.org, dnssd@ietf.org, draft-ietf-dnssd-srp.all@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="00000000000022fed606101b8d5a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/7NUHwo5zw3YglAvMw_U2fo5sPrI>
Subject: Re: [dnssd] Secdir telechat review of draft-ietf-dnssd-srp-23
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jan 2024 20:33:00 -0000
Joey, thanks for this review, and apologies for the very late response.
> 1. Introduction
> The mention of authentication in mDNS might be confusing, perhaps something
> along the lines "In this regard, our goal with this specification is
> to impose similar constraints to mDNS [RFC6762], which allows arbitrary
> hosts on a single IP link to advertise services [RFC6763] and relies on
> whatever service is advertised to provide authentication. This pratice
> in
> mDNS is considered reasonably safe because it requires physical
> presence on
> the network in order to advertise, with an off-network mDNS attack
> simply
> being not possible. Because of this you will see..."
>
It took me a bit of head scratching to figure out what you meant here. I've
changed:
The reason for this is precisely that we have not established trust. So we
can only publish information that we feel safe in
publishing even though we do not have any basis for trusting the requestor.
We reason that mDNS <xref target="RFC6762"/>
allows arbitrary hosts on a single IP link to advertise services <xref
target="RFC6763"/>, relying on whatever service is
advertised to provide authentication
to:
The reason for this is precisely that we have not established trust. So we
can only publish information that we feel safe in
publishing even though we do not have any basis for trusting the requestor.
We reason that mDNS <xref target="RFC6762"/>
allows arbitrary hosts on a single IP link to advertise services <xref
target="RFC6763"/>, relying on whatever service is
advertised to provide authentication as a part of its protocol rather than
in the service advertisement.
To make it clear that the authentication being described is not being
provided by mDNS or SRP.
6. Security Considerations
> Even though specifying key management policies is out of scope, perhaps it
> could be worthwhile to add a short mention that "If a key that is used for
> SRP
> is also used for
> other purposes" it could represent a vulnerability.
>
This is discussed in -23 here:
The policy described here for managing keys assumes that the keys are
only used for SRP. If a key that is used for SRP is also used for
other purposes, the policy described here is likely to be
insufficient. The policy stated here should not be applied in such a
situation: a policy appropriate to the full set of uses for the key
must be chosen. Specifying such a policy is out of scope for this
document.
> Other than these remarks, I continue to find the document easy to read and
> to
> follow, with good use of highlights of related protocols and RFCs.
>
> Thanks!
- [dnssd] Secdir telechat review of draft-ietf-dnss… Joey Salazar via Datatracker
- Re: [dnssd] Secdir telechat review of draft-ietf-… Ted Lemon