IETF Logo Mail Archive

[Gen-art] RE: Gen-ART Review of draft-ietf-dnsext-tsig-sha-05.txt

Ólafur Guðmundsson /DNSEXT co-chair <ogud@ogud.com> Tue, 13 December 2005 04:58 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Em2El-0001mW-2p; Mon, 12 Dec 2005 23:58:03 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Em1mL-0002JD-RF for gen-art@megatron.ietf.org; Mon, 12 Dec 2005 23:28:54 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA24474 for <gen-art@ietf.org>; Mon, 12 Dec 2005 23:27:36 -0500 (EST)
Received: from ns.ogud.com ([66.92.146.160] helo=ogud.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Em1n8-0007Bv-JW for gen-art@ietf.org; Mon, 12 Dec 2005 23:29:31 -0500
Received: from Puki.ogud.com (ns.ogud.com [66.92.146.160]) by ogud.com (8.13.1/8.13.1) with ESMTP id jBD4SCQm092961; Mon, 12 Dec 2005 23:28:12 -0500 (EST) (envelope-from ogud@ogud.com)
Message-Id: <6.2.5.6.2.20051212231720.0384aa10@ogud.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Mon, 12 Dec 2005 23:27:54 -0500
To: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, Elwyn Davies <elwynd@dial.pipex.com>
From: Ólafur Guðmundsson /DNSEXT co-chair <ogud@ogud.com>
In-Reply-To: <62173B970AE0A044AED8723C3BCF23810BEA246F@ma19exm01.e6.bcs. mot.com>
References: <62173B970AE0A044AED8723C3BCF23810BEA246F@ma19exm01.e6.bcs.mot.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Scanned-By: MIMEDefang 2.54 on 66.92.146.160
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2a76bcd37b1c8a21336eb0a1ea6bbf48
X-Mailman-Approved-At: Mon, 12 Dec 2005 23:58:00 -0500
Cc: Olaf Kolkman <olaf@nlnetlabs.nl>, margaret wasserman <margaret@thingmagic.com>, gen-art@ietf.org, Donald Eastlake III <dee3@pothole.com>, Olafur Gudmundsson <ogud@ogud.com>
Subject: [Gen-art] RE: Gen-ART Review of draft-ietf-dnsext-tsig-sha-05.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org

At 16:09 12/12/2005, Eastlake III Donald-LDE008 wrote:
>Well, actually there is a "bad algorithm" error code, defined in RFC 
>3930 in connection with the TKEY RR. However, to require its return 
>by a server when that server receives a query with a TSIG specifying 
>an algorithm that is not implemented or not allowed by that server 
>would be a change to RFC 2845. 2845 specifies that a response to a 
>query where the algorithm name is bad be, at the DNS header RCODE 
>level, the RCODE NOTAUTH, and at the enclosed TSIG RR error code 
>level, the error code BADKEY or BADSIG. It seems to me that it would 
>be reasonable to add BADALG to that list and specify that it be 
>returned under these circumstances. Given that this is effectively a 
>"sub code" under the overall NOTAUTH error, it seems unlikely to do 
>much harm to a resolver which is surprised by getting it. 
>Nevertheless, this seems like something which, at a minimum, should 
>be discussed on the DNSEXT mailing list to obtain further opinions 
>as well as feedback by implementers of deployed TSIG co!
>  de.
>
>Olafur/Olaf: OK if I bring this idea up there?


Adding new error codes is a big change, as I said before most implementations
took the same approach as we did in DNSSEC, each key is tied to one
algorithm. If we add BADALG then we should consider at the same time to
uncouple the hash algorithm from the secret. But it is going to much more
productive to push on getting automated TKEY exchanges to create shorter
lived TSIG keys.

         We need TSIG/SHA yesterday, so please no changes.

         Olafur (TSIG co-inventor at IETF-36)

PS: I was to propose a change to this document it would be to remove SHA1
from it.

>Thanks,
>Donald
>
>-----Original Message-----
>From: Elwyn Davies [mailto:elwynd@dial.pipex.com]
>Sent: Monday, December 12, 2005 2:34 AM
>To: Eastlake III Donald-LDE008
>Cc: Mary Barnes; margaret wasserman; gen-art@ietf.org; Olafur 
>Gudmundsson; Olaf Kolkman
>Subject: Re: Gen-ART Review of draft-ietf-dnsext-tsig-sha-05.txt
>
>A suggestion for the first issue below: Otherwise all is fine.
>
>Regards,
>Elwyn
>
>Eastlake III Donald-LDE008 wrote:
>
> >Hi,
> >
> >See comments below at @@@
> >
> >-----Original Message-----
> >From: Elwyn Davies [mailto:elwynd@dial.pipex.com]
> >Sent: Friday, December 09, 2005 1:46 PM
> >To: gen-art@ietf.org; Mary Barnes; Eastlake III Donald-LDE008; Margaret
> >Wassermann
> >Subject: Gen-ART Review of draft-ietf-dnsext-tsig-sha-05.txt
> >
> >I was selected as General Area Review Team reviewer for this 
> specification (for background on Gen-ART, please see 
> http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
> >
> >@@@ Thanks for this detailed review.
> >
> >Summary:
> >This document appears to have some issues, one significant and 
> some minor ones.  This document updates RFC2845 but it does not 
> appear to consider interoperability with existing 
> implementations.  A related issue is that it defines a number of 
> optional to implement features but does not appear to indicate how 
> a receiver can inform a sender that it does not support the 
> sender's chosen algorithm (an RFC2845 implementation just supports 
> one algorithm) and at a quick glance I couldn't find anything in 
> RFC2845 that covers this issue.  There are also some editorial nits.
> >
> >@@@ See below.
> >
> >Details:
> >
> >s2: This specification introduces a number of optional to 
> implement algorithms but doesn't appear to have any way for a 
> recipient to notify the sender that it does not support the 
> sender's chosen algorithm and what should happen in this 
> case.  This also has a bearing on interoperability between new 
> senders (conforming to this draft) and old receivers that only 
> support RFC2845.  Some words on interoperability should be 
> included.  Consideration should also be given to whether the 
> resulting specification is vulnerable to a bidding down attack.
> >
> >@@@ The general conception for TSIG was that the algorithm, which was
> >intended to always be a keyed MAC such as an HMAC, would be
> >pre-arranged out of channel and statically configured at both ends.
> >TSIG (and DNS in general) is not a symmetric peer-to-peer protocol but
> >a client-server (resolver-server) protocol so one would generally think
> >that the server operator would just dictate this to the
> >client/customer. Keep in mind that this is a pretty light weight
> >mechanism and it is assumed that both ends have approximately
> >synchronized clocks with a small time window for each response outside
> >of which replies are rejected. If there were two possible algorithms
> >but you were sure you had the keying material correct, it would just
> >take one UDP round trip to check if an algorithm was the acceptable
> >one. (There are mechanisms for negotiating the shared secret key. See
> >TKEY, RFC 2930.)
> >
> >@@@ While I have no problem with the concept of providing 
> algorithm negotiation, perhaps via the OPT RR, it would be a MAJOR 
> change requiring extensive discussion on the DNSEXT (or some other) 
> mailing list. Given the severely broken nature of MD5 and the 
> desire of some to use a NIST approved algorithm, I believe it 
> unwarranted to delay providing a standard interoperable way to use 
> HMAC's of the SHA series instead of HMAC-MD5.
> >
> >
>I have no problem with the general concept and I agree that you 
>probably don't want to go in for full blown algorithm 
>negotiation.  I think it would be sufficient to provide a separate 
>error code that indicates that the server doesn't support the 
>algorithm used.  I didn't see such an error code defined 
>anywhere.  It is then up to client policy as to what it does about this.
>
>Regards,
>Elwyn
>
> >s2: I am not sure why the gss-tsig identifier doesn't appear as an 
> Optional entry in the table at the end of the section.
> >
> >@@@ I guess it was just that these are all HMAC algorithms and 
> gss-tsig isn't. But I would have no objection to adding gss-tsig to this table.
> >
> >s3.1: The statement in the last para that the protocol SHOULD support
> >SHA-1 truncated to 96 bits seems a bit out of place in this 
> section.  It probably deserves a separate section however short and 
> possibly a mention in the policy section as it is implying that 
> this is a good thing to generate/accept.
> >
> >@@@ I'm not sure I see the need for a separate section but I have 
> no big objection to it.
> >
> >s9:  I think RFCs 3174, 3645 and 3874 plus the [SHA2draft] 
> references are normative since they specify algorithms which are 
> used by this protocol.
> >
> >@@@ OK except for 3645. That is a separate specification, although 
> it also modifies RFC 2845, referenced only for informative purposes.
> >
> >
> >Editorial:
> >
> >Abstract/Intro: Lots of acronyms need expanding, including TSIG, DNS,
> >GSS, HMAC, SHA.
> >
> >@@@ OK, they should probably be expanded in the Abstract and when 
> first used.
> >
> >s1, para 3: s/meaning/effect/
> >
> >s4, para 1: s/doucment/document/
> >s4, para 5: s/spearate/separate/
> >
> >s6, para 1: s/brute force/break the authentication by brute force/
> >
> >@@@ These all look reasonable and I'd be happy to make them.
> >
> >@@@ Margaret/Olafur: Should I make these changes, except for the 
> addition of algorithm negotiation and making 3645 normative?
> >
> >@@@ Thanks,
> >@@@ Donald
> >
> >


_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art

v2.23.0 | Report a Bug | By Email