[dnssd] Re: Why SIG(0) doesn't work for >1 hop
Donald Eastlake <d3e3e3@gmail.com> Sun, 03 August 2025 22:09 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: dnssd@mail2.ietf.org
Delivered-To: dnssd@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E5C7B4F2AFDB for <dnssd@mail2.ietf.org>; Sun, 3 Aug 2025 15:09:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.849
X-Spam-Level:
X-Spam-Status: No, score=-1.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNFr9601gBtj for <dnssd@mail2.ietf.org>; Sun, 3 Aug 2025 15:09:11 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 426644F2AFD1 for <dnssd@ietf.org>; Sun, 3 Aug 2025 15:09:11 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-4af14096b9eso22478591cf.3 for <dnssd@ietf.org>; Sun, 03 Aug 2025 15:09:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1754258951; x=1754863751; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=DDedRdvoQVL998wBguoLQBfV3kXzX5At2LDBIyPEFV8=; b=PK1ve7imLBAooXfhjO6weA5uhWgHkqzpMBMBoX89F8CbkRTjb5rqV+Bm40IeHqu9c4 QHf2A0LsP6Zjj5DRNRq9NbnNKrgML/8G6vXgC8wWTQu+OOWGOvlA/8ua6IxbNQ6JaZ2m dJLF3vODEvHYEHAsyOqoUYs61XzBSsHtrA8Y66Ppa6yzH1aylBW/6hJgiVtMOgdJy1SL vG8BI/cSdmr9gZyZkScYWIVAhoTsG7poPhzrKsuWINSBd+b+FaBl/GEge+usXpo/4drk 8H8BEFIw0v9L6Fwcy7mAdEiv8Q/YlJTDG8U7hvq+PWaL/cTZt/Il/EUCs5q77/iwYYKH qgYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1754258951; x=1754863751; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DDedRdvoQVL998wBguoLQBfV3kXzX5At2LDBIyPEFV8=; b=dJccqPkHzQ/vFbQCh3tZxV/QpCqMptTdSFOrTOW6mIg+Yuvqh4PvMIHGBvYCDDYnYx qqVAxJ88Ip3RSagVeDx8Pzwo8Mk/2iZ0LhGS9t/E+yMRPkOtW4HpET0N9MYNNXTaCn9f GtgRpWjMhXO/EvCmF52Cpt3DtV7zk/hHaLw02z4MIOg2JKHRu0vO3SbXXEyp1u365ndU MhQ4W0/tF0ReBCzEyP1OoRZE7g8vp8nuC6xxqtC4FpvAP1k/72Q7yryrxTs/yhAjnary w4POF7Jl72a4ZZpoG7H5zPNKdYI8yYiV1ZGb4EefFG2H8GSI1/HteKpGq+AYhKWlht39 dstA==
X-Gm-Message-State: AOJu0YyASwe5WgE4noPdkGNAx/NuZQd77hsXi1ZbuYwDSIjoEzGArgCp g7IZ+n9uZRJEQ5sc3t6Rs5JyIDMobvDThWnrCk1qhrbENMtqb8bn14a0EV0eEgTJbIdohOzbxES 6/nh6gdEHg3GtrdDflicZm2uivdSBugY+XA==
X-Gm-Gg: ASbGncvlNvSvQin8AixwKsUA/8zgMzZl+aFKX1c7HejZV3Avarg7pI8u7zX2VT11VpL XZhqYyPLzWYaP3QJ0zZb0Dxz1sJE5wKTf8SgFBkyAcbORdexsQa1XVtQ34EFsK/0d+nyzyY8VSb +Hqqy3u4aIQNZBusgmZZUO/eLwc1WEKzvVQ76tN4OYuPl1vHyEDgaAhGoTDNAvmPUfQ7hWJGRlu Pc08EDzg9mV5DjT
X-Google-Smtp-Source: AGHT+IHU4MzN8cgqX9hljGcVjpk87sjPlQ2VMsNTnJcor8NiOpLR6kzdTUz0C1mWn4ho9Jw3DyW1BDwRzqHoTbBHDrI=
X-Received: by 2002:a05:622a:261a:b0:4ab:3fda:ccad with SMTP id d75a77b69052e-4af10954bf9mr137129381cf.8.1754258950461; Sun, 03 Aug 2025 15:09:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAF4+nEFgch_YkvyPTdk8-jxEnPY-hMNWGJkCgfZ+7eKfijwgCw@mail.gmail.com> <6A9664FD-B19E-4958-BD7F-CA5492386002@fugue.com> <CAF4+nEERJrpYRPQdAEFAp7=E3QE=FV_XEsTc9T8MjWtCRerG_A@mail.gmail.com> <5D421D60-93B8-42A5-AE28-2112F34E361C@fugue.com>
In-Reply-To: <5D421D60-93B8-42A5-AE28-2112F34E361C@fugue.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 03 Aug 2025 18:08:59 -0400
X-Gm-Features: Ac12FXwzqwpwsS8yONOYhIN_DJUYFYq4S2YWmSrJJtsV826ZzWsteoMeE-eGGLM
Message-ID: <CAF4+nEHG+2pFAUZj2jRLj=vhyozKWyXL+SSUagwfOyRYtxXeJg@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: DUCXWAUK2VN6OXQLLQ67KB7H4LT2APXG
X-Message-ID-Hash: DUCXWAUK2VN6OXQLLQ67KB7H4LT2APXG
X-MailFrom: d3e3e3@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnssd.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnssd@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dnssd] Re: Why SIG(0) doesn't work for >1 hop
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/T5HfCZKzXooPWD2l2zeD5vApmyI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Owner: <mailto:dnssd-owner@ietf.org>
List-Post: <mailto:dnssd@ietf.org>
List-Subscribe: <mailto:dnssd-join@ietf.org>
List-Unsubscribe: <mailto:dnssd-leave@ietf.org>
Hi Ted, On Fri, Jul 25, 2025 at 6:12 AM Ted Lemon <mellon@fugue.com> wrote: > > Can you say more about what aspect of the solution is a kludge? The part that I'm particularly concerned about is that replacing the xid and using the replacement xid as an identifier for looking up the state required to forward the response back to the original requestor seems like an unnecessary complication to me. ? So you are not talking about a normal DNS recursive server? Because you are saying that something all DNS recursive servers have always done is "an unnecessary complication". (I am fudging a little on details below but not much.) Normally a DNS server that is configured to provide recursive service does whatever requests it needs to and then creates a response to send to the original source of the request that it received. The DNS requests sent by the recursive server have IDs that are determined by the recursive server independent of whatever ID was in the original request it got. This has always been a part of DNS. See Section 4.3.1 of RFC 1034. Recursive servers need to know when to forward a TSIG since by default meta RRs are not forwarded, but TSIG is fairly widely supported so this is in many DNS servers. If SIG(0) had been specified to have an Original ID field, like TSIG does, then SIG(0) forwarding would be the same as TSIG forwarding, so straightforward. The above is all independent of whether UDP or TCP is being used between the original source of the request and the DNS forwarder or between the forwarder and another server. The kludginess of the BIND support of forwarding SIG(0) is that forwarding SIG(0) is the only case where it has to use TCP (or some other stream protocol) for forwarding and the only case where it has to jimmy the ID it uses on the DNS request it sends that is carrying the forwarded SIG(0) > From the perspective of SRP, the only reason to have a forwarder is that SRP relies on knowing what link the SRP update was sent from, which requires the use of a link-local source address or using TCP to confirm that the sender is reachable before processing the request. So if the SRP registrar is actually off-network, then either the SRP client needs to use TCP, or there needs to be some sort of relay. So, you're talking about some special SRP UDP relay, not just an IP router and not a recursive DNS server? > The only thing the relay actually has to do is either change the source address to its link-local address and use a source port on which it can receive and forward back a reply, or else use TCP to forward the request in a way that conforms to the security requirements of SRP. > > So in this case the only thing the forwarder needs is some way of figuring out where to send the response that it receives from the SRP registrar. The BIND approach seems like a valid one to me—it's not clear why it's a kludge from this particular perspective. So presumably I am missing something. :) I never said it was invalid. It works. It's just that it involves adding SIG(0) only code that affects the DNS message ID logic which is low level DNS logic that hasn't changed in ages. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com > > On 25 Jul 2025, at 05:26, Donald Eastlake <d3e3e3@gmail.com> wrote: > > > > Hi Ted, > > > > On Thu, Jul 24, 2025 at 12:14 PM Ted Lemon <mellon@fugue.com> wrote: > >> > >> FWIW I think the added complexity of the double signature isn't worth it. > > > > "double signature"? My apologies if the one example in my presentation > > was confusing. It was designed so I could talk about two orthogonal > > things: (1) using more than one SIG(0) in the request and response on > > a DNS hop, and (2) why the Server MUST have the original DNS request > > ID value available to it to be able to validate the the SIG(0). There > > is almost no relationship between these. Problem two exists regardless > > of whether or not any hop along the DNS forwarding server path uses > > more than 1 SIG(0). > > > >> The BIND solution (or a similar UDP-based solution that used a different outgoing UDP source port per incoming source A+P) is a lot easier. I don't mean to say you shouldn't describe such a solution, but I don't see the value of it. You have to keep a table anyway, so you're just making the key a little bit smaller if it's a transaction ID rather than a port number. > > > > I'm not sure what you think "such a solution" is since you seem to say > > it has something to do with double signatures. The solution in the > > rfc2931bis draft is an EDNS0 option. > > > > I think the BIND solution is a kludge, admittedly a clever kludge > > needed because of my lack of foresight when I specified SIG(0) a > > quarter of a century ago in the year 2000. It is not specified in any > > IETF document and it is my impression that only BIND supports it. It > > does not take care of the admitted less pressing need for an extended > > error return separate from DNS header error code. It does not provide > > any assistance in conveying the key state information called for in > > draft-berra-dnsop-keystate. If it is not clear, I think continuing > > dependence on this sort of kludge is not a good idea. > > > > Thanks, > > Donald > > =============================== > > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > > 2386 Panoramic Circle, Apopka, FL 32703 USA > > d3e3e3@gmail.com > > > >> I can see this maybe making sense in a really high volume situation, where you might run out of ports, but even then I don't think this is really an issue, because we only need the ports to disambiguate transaction IDs, so in practice we could do this very efficiently and not consume very many ports. > > > >> On 24 Jul 2025, at 17:26, Donald Eastlake <d3e3e3@gmail.com> wrote: > >> > >> The clearest description of the data in a DNS request that is signed by SIG(0) is probably in > >> https://datatracker.ietf.org/doc/draft-eastlake-dnsop-rfc2931bis-sigzero/ > >> In particular, the data signed includes the DNS message header. This header, whether the request is an UPDATE (RFC 2136, Section 2.2) or other (RFC 1035, section 4.1.1) includes the "ID" field which DNS uses to match up replies with requests. > >> > >> To verify the SIG(0), you need the public key and exactly the same data as the data that was signed. > >> > >> Normally, when a DNS forwarder forwards a request, the header it constructs for the forwarded request has a new ID which is the forwarder's ID so the forwarder can recognize the response the forwarder gets. (If the forwarder just reused, over UDP for example, the ID from the request it received, there would be conflicts as, in general, the forwarder is getting requests from multiple different original requesters that are generating uncoordinated IDs.) > >> > >> TSIG, which is in many ways similar to SIG(0), solves this by including the original request message ID inside the TSIG (RFC 8945, Section 4.2). > >> > >> The BIND DNS implementation solves this problem for SIG(0) by always using a separate TCP connection to forward a request with a SIG(0). That way it can use the same ID in the forwarded request and keeps things straight by having an ID space scoped to that TCP connection. > >> > >> It seems likely to me that this general problem with >1 hot SIG(0) will be fixed in the DNSOP WG. > >> > >> Thanks, > >> Donald > >> =============================== > >> Donald E. Eastlake 3rd +1-508-333-2270 (cell) > >> 2386 Panoramic Circle, Apopka, FL 32703 USA > >> d3e3e3@gmail.com > >> > >> >
- [dnssd] Why SIG(0) doesn't work for >1 hop Donald Eastlake
- [dnssd] Re: Why SIG(0) doesn't work for >1 hop Ted Lemon
- [dnssd] Re: Why SIG(0) doesn't work for >1 hop Donald Eastlake
- [dnssd] Re: Why SIG(0) doesn't work for >1 hop Ted Lemon
- [dnssd] Re: Why SIG(0) doesn't work for >1 hop Donald Eastlake
- [dnssd] Re: Why SIG(0) doesn't work for >1 hop Edward Lemon
- [dnssd] Re: Why SIG(0) doesn't work for >1 hop Stuart Cheshire
- [dnssd] Re: Why SIG(0) doesn't work for >1 hop Donald Eastlake
- [dnssd] Re: Why SIG(0) doesn't work for >1 hop Ted Lemon