IETF Logo Mail Archive

Re: [homenet] Dnsdir telechat review of draft-ietf-homenet-front-end-naming-delegation-18

Daniel Migault <mglt.ietf@gmail.com> Fri, 21 October 2022 15:11 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E88E2C14CE36; Fri, 21 Oct 2022 08:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h6CULu27gzfc; Fri, 21 Oct 2022 08:11:13 -0700 (PDT)
Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEFC1C14CE30; Fri, 21 Oct 2022 08:11:13 -0700 (PDT)
Received: by mail-il1-x135.google.com with SMTP id q11so1755167ilj.10; Fri, 21 Oct 2022 08:11:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=iB8WQmkgBHL+HQWid98yOPFFx68wQsVTYgaYujSb9sE=; b=LI7FQJgovZcJ8nqDkoVPc7DgAAROS/gk2rz5ab7FXumm2bYulhoUxiFCtDu1nJGxIz 95J1djsTPTcBEgfDYQ1ebLZkKJKmEf1rhNwHyZUCg+Z61ly8Nf8vrKIqP+4U7MQriAm7 qG6Ncdqpp6qa9SGcXYVP4nDGvrOzMdnpOh3TthozJngHMorFvUOYaB5UqsZqZRTYlNz+ t+9O+m2ssTsLLUTw/5btsuQr7zz1H79RaLdXJDjtkm4lejOuMcoZwaELG0EjaXBLmaJd YRSKGV51rFhvR+DirdUirXbqLY82n+A0VpxgUnLQlG0tLRCiCUdBJn7L5GtpCyIy7lgj Z6JA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=iB8WQmkgBHL+HQWid98yOPFFx68wQsVTYgaYujSb9sE=; b=2loECyjqaDAmiNVzb0raQ4aEaKD/578joLZ3m6UKZ8LQ9I3SC8LSXZFJTvuDY4CGrE M7HIhM4fMQxE08C0H93pr3G6LRvaJZA+W3vNBbw0bC/AW/2SlezXaGLoNj1jpgQY3ru5 R1G6WDtkMWZHP/VKvMf4aYS/QvG+NNKNY/WrVL5gK7rA9wokxxy9wCBdNu0FrtaL6n8d e8V14ORvKaK5blxYds/PN+vGQetVScW8bnzKwgTMmlelDoHlpLMZMX6mpEp1XLYJDwfQ sNofzvzkleEmSlqEJLaYt+wmKwPiwWh/n1jRJn1WgIXznlFoTBhcoAz61EJkWLZnDieJ GN8A==
X-Gm-Message-State: ACrzQf2tqPJEbLD3YR7IdY0KLeXErfV04jPCe4mRUKT9MtbRYw4Es8IP 4N8N2TiM8uZlPZiQTQuZJvnlv1u+/L1icRsm7RAFAwZFe8A=
X-Google-Smtp-Source: AMsMyM7PnJ6WVkLyg49jM4umNPLF5PmkZkkBAenljOGs+PG56TyNwfzq32sLpMlsHmfeGnF7w3t17o9I2o83aWHKBOE=
X-Received: by 2002:a05:6e02:1c0c:b0:2fa:bd75:55a5 with SMTP id l12-20020a056e021c0c00b002fabd7555a5mr14367525ilh.234.1666365072880; Fri, 21 Oct 2022 08:11:12 -0700 (PDT)
MIME-Version: 1.0
References: <166601224491.24452.9575096761631204136@ietfa.amsl.com> <CADZyTknfP8MJLhaEUm=5YqJMRnN+HXnjNnoK1qe1m_mK+f1uSQ@mail.gmail.com> <CAMgEDbTDY3w42-Aw0dBabcfkM6BssZ_qNvin9E_Qaj3R=d__jw@mail.gmail.com> <CADZyTkkr=gV9neZNfxARcAasiHAhfKkgD2zR=+9yJ8fbg1ujsA@mail.gmail.com> <CAMgEDbS2JJiCjG5zCs4Y8s6kSWEf4Fz75D3kupuaPqDUCJZP+g@mail.gmail.com>
In-Reply-To: <CAMgEDbS2JJiCjG5zCs4Y8s6kSWEf4Fz75D3kupuaPqDUCJZP+g@mail.gmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Fri, 21 Oct 2022 11:11:01 -0400
Message-ID: <CADZyTkmnJU3q55kocJ=MrHed98zcc1MEUfTSvf6YAkg=7gf+Dw@mail.gmail.com>
To: Matt Brown <ietf@mattb.net.nz>
Cc: dnsdir@ietf.org, draft-ietf-homenet-front-end-naming-delegation.all@ietf.org, homenet@ietf.org, last-call@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003c398e05eb8cda4a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/KjhhnnHqbUx3sXSbJ7NfsuW09Vk>
Subject: Re: [homenet] Dnsdir telechat review of draft-ietf-homenet-front-end-naming-delegation-18
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2022 15:11:15 -0000

Hi Matt,

Thanks for the follow-up, please see my response.

Yours,
Daniel

On Thu, Oct 20, 2022 at 4:37 PM Matt Brown <ietf@mattb.net.nz> wrote:

> On Thu, Oct 20, 2022 at 5:53 PM Daniel Migault <mglt.ietf@gmail.com>
> wrote:
> >
> > Thanks for the feed back. Please see my response inline. Note that we
> are clarifying the use of transport protocols in the current document. For
> the synchronization channel we mandate XoT, for the control channel we
> mandate DoT - still with mutual authentication. I hope the line below
> adresse you concern regarding mutual authentication.
> > Yours,
> > Daniel
> >
> > On Wed, Oct 19, 2022 at 8:29 PM Matt Brown <ietf@mattb.net.nz> wrote:
> >>
> >> On Wed, Oct 19, 2022 at 3:25 PM Daniel Migault <mglt.ietf@gmail.com>
> wrote:
> >> >
>
> <snip>
>
> >> > I would be happy to understand though why DoT would be an issue. The
> only point I can see is that 7858 specifies that it limits its scope to
> client -to resolver communications while admitting such restriction is due
> to a charter limitation. Since XoT mentions it is heavily relying on DoT,
> and resolvers and authoritative servers both handle DNS packets, I tend to
> assume that we may consider DoT can be used for any DNS communications, but
> I might be missing something.
> >>
> >> What I understand when I read this draft is a proposal is to take a
> >> protocol (DoT, RFC7858) with a primary purpose of providing *privacy*
> >> and which states in its design that authentication of clients is not
> >> in scope and use it in a context where *authentication of clients* is
> >> the primary requirement (e.g. the DM needs to know that it's receiving
> >> a connection from a client authorized to control the domain in the
> >> messages). That type of usage outside of the scope envisaged by
> >> RFC7858 brings two concerns to my mind:
> >> 1) *How* will clients/servers choose to implement the client
> >> authentication and will they be compatible with each other without
> >> further guidance/constraint being provided on how client
> >> authentication in DoT should be performed?
> >
> > This is correct that if client authentication is disable it will not
> happen. That said, we can believe that if that is what we are looking at
> the TLS library will be configured appropriately. IN this case the clients
> and the server are specific entities.
> >
> > Regarding 7858, it does not say the client is not authenticated, it says
> that the client authenticates the server and after the negotiation
> completes the connection is encrypted. Client authentication is part of the
> TLS negotiation.
> >
> > Another example is also that when session resumption occurs, it becomes
> hard to claim the client is not authenticated as TLS uses tha PSK-ECDHE
> scheme.
> >
> > To keep things simple, I would say if DoT were not defined we would have
> said the traffic is secured by TLS. If we cannot use DoT we are happy to do
> so, but I do not think using Dot is a concern there. That said, I am happy
> to learn more if I am missing anything.
>
> If I'm understanding you correctly, the argument is that the
> underlying TLS libraries support mTLS, so can be used in the way
> proposed, even though it is outside the scope of what is standardised
> in RFC7858. This may very well be true, but in my understanding it's
> then incorrect to call this using DoT. To me, what is proposed is to
> build further protocol specifics (client authentication) on top of DoT
> - which may work, but if that is what is intended, then it needs to be
> done explicitly - e.g."this standard extends the DoT specification to
> support client authentication via mTLS" or similar.
>
> Are there existing DoT implementations using mTLS to authenticate
> clients to DoT servers that you are aware of? I could not find any in
> a quick search.
>
> As you noted previously the XoT spec provides a good example that
> building on top of DoT in this way is feasible and a reasonable thing
> to do - which is useful - but I think two things should be noted from
> that comparison (emphasis mine below):
> 1) XoT does not say it uses DoT, it says (end of Introduction):
> "encrypting zone transfers using TLS [RFC8499] -- **based closely on
> DoT [RFC7858]** -- seems like a simple step forward. This document
> specifies how to use TLS (1.3 or later) as a transport to prevent zone
> collection from zone transfers." - e.g. it is clear that what is being
> described is not DoT, but something close to it.
> 2) The level of detail in how to accomplish that extension is higher
> than I see present in this draft (e.g. RFC9103 7.1, 7.3 cover TLS
> establishment specifically, and 9.3.3 and 10.0 then cover the addition
> of authentication, etc).
>
I got your point, but I think there is a confusion between the subset of
functionalities being used versus those provided by the protocol. TLS
provides client authentication and its part of TLS, any use of TLS unless
explicitly specified provides this capacity. To my understanding this is
why architect solutions at the protocol level - that is to guarantee any
new scenario that maybe we did not think in the beginning can work.
DoT defines a way to carry DNS messages over TLS and does not restrict the
functionalities provided by TLS - at least at a high level. That some were
using a particular set of functions of TLS does not prevent others from
using others. None of the DoT implementations uses its own TLS
implementation that prevents client authentication - which would be a light
TLS but not TLS. Put in other words, client implementation is supported by
all DoT implementations. DoT clearly identifies session resumption which in
TLS 1.3 is very close to a client authentication. All of this just to
mention that TLS has multiple built-in functionalities.

If the TLS of 9103 were different it is likely that 9103 would update - at
least in some ways - 7858. This is not the case and section 9.3.3 and 10.0
do not mention any changes that apply to DoT and the TLS in XoT and DoT is
the same.

Now, if you believe that just saying DNS is encapsulated as in DoT with a
mutual authentication seems more appropriate, I am happy to consider the
wording that you think is more appropriate.




> Cheers
>
> --
> Matt Brown
> DNS Directorate Member
>
> On Thu, Oct 20, 2022 at 5:53 PM Daniel Migault <mglt.ietf@gmail.com>
> wrote:
> >
> > Thanks for the feed back. Please see my response inline. Note that we
> are clarifying the use of transport protocols in the current document. For
> the synchronization channel we mandate XoT, for the control channel we
> mandate DoT - still with mutual authentication. I hope the line below
> adresse you concern regarding mutual authentication.
> > Yours,
> > Daniel
> >
> > On Wed, Oct 19, 2022 at 8:29 PM Matt Brown <ietf@mattb.net.nz> wrote:
> >>
> >> On Wed, Oct 19, 2022 at 3:25 PM Daniel Migault <mglt.ietf@gmail.com>
> wrote:
> >> >
> >> > Hi Matt,
> >> >
> >> > Thanks for the review. I am only responding to the major comments -
> for now. I apologize for the partial response but I promise I will go
> through all other comments tomorrow (my) morning and hope you will still
> have this partial response (your) morning.
> >>
> >> No problem, likewise responding just to this first message now, and
> >> hopefully to your subsequent message later today!
> >>
> >> >> Major Issues (aka Not Ready):
> >> >>
> >> >> Mutual TLS and DoT - 3.2 and 4.6 recommend that the HNA and DM
> secure their
> >> >> control channel communications using mutual TLS and DoT - but DoT is
> not
> >> >> specified to support mutual authentication. While mutual TLS auth at
> the
> >> >> underlying TLS layer is clearly viable - how to integrate that at
> the DNS
> >> >> layer, and whether that is compatible with DoT on the existing port,
> or would
> >> >> need a further port allocation (and subsequent IANA consideration in
> 13) would
> >> >> need to be addressed. None of the alternative future protocols
> listed in 3.2
> >> >> support mTLS either as far as I am aware.
> >> >>
> >> >> Given the recommendation to use XoT (RFC9103) (which does specify
> mTLS
> >> >> capability) for the Synchronization channel in 5.1 - I wonder why
> this protocol
> >> >> has not also been considered for the control channel instead of DoT?
> >> >>
> >> > The section securing the Synchronization channel  mentions:
> >> >
> >> > The AXFR request from the DM to the HNA SHOULD be secured and the use
> of TLS is RECOMMENDED {{!RFC9103}}.
> >> >
> >> > So this is effectively what we rely on, mostly for the following
> reasons: 1) most of our exchanges are IXFR/AXFR and these are the one with
> the main concern, and 2) we wanted to reuse what is implemented in major
> distributions.
> >> > To put it in another way, we wanted the transaction between the HNA
> and the DM to be protected by TLS, and probably split from DNS over TLS to
> DoT. Would replacing DoT by XoT address your concern ?
> >>
> >> I'll confess my first encounter with XoT was in reading this draft, so
> >> I don't have a lot of context on its suitability for this use-case
> >> yet, but in as much as it looks at a glance to be a protocol that is
> >> intended to support mTLS (where DoT is not) in a context where
> >> authentication is expected, then I think it would address my
> >> concern... more below.
> >>
> >> > I would be happy to understand though why DoT would be an issue. The
> only point I can see is that 7858 specifies that it limits its scope to
> client -to resolver communications while admitting such restriction is due
> to a charter limitation. Since XoT mentions it is heavily relying on DoT,
> and resolvers and authoritative servers both handle DNS packets, I tend to
> assume that we may consider DoT can be used for any DNS communications, but
> I might be missing something.
> >>
> >> What I understand when I read this draft is a proposal is to take a
> >> protocol (DoT, RFC7858) with a primary purpose of providing *privacy*
> >> and which states in its design that authentication of clients is not
> >> in scope and use it in a context where *authentication of clients* is
> >> the primary requirement (e.g. the DM needs to know that it's receiving
> >> a connection from a client authorized to control the domain in the
> >> messages). That type of usage outside of the scope envisaged by
> >> RFC7858 brings two concerns to my mind:
> >> 1) *How* will clients/servers choose to implement the client
> >> authentication and will they be compatible with each other without
> >> further guidance/constraint being provided on how client
> >> authentication in DoT should be performed?
> >
> >
> > This is correct that if client authentication is disable it will not
> happen. That said, we can believe that if that is what we are looking at
> the TLS library will be configured appropriately. IN this case the clients
> and the server are specific entities.
> >
> > Regarding 7858, it does not say the client is not authenticated, it says
> that the client authenticates the server and after the negotiation
> completes the connection is encrypted. Client authentication is part of the
> TLS negotiation.
> >
> > Another example is also that when session resumption occurs, it becomes
> hard to claim the client is not authenticated as TLS uses tha PSK-ECDHE
> scheme.
> >
> > To keep things simple, I would say if DoT were not defined we would have
> said the traffic is secured by TLS. If we cannot use DoT we are happy to do
> so, but I do not think using Dot is a concern there. That said, I am happy
> to learn more if I am missing anything.
> >
> >> 2) What are the security implications of authenticating clients in
> >> DoT? No doubt there are ways to do it that are not secure and should
> >> be avoided, but neither DoT or this now proposed draft examine this in
> >> any way.
> >
> >
> > XoT did that and optimized AXFR over TLS.
> >>
> >>
> >> Generally any time I see a security protocol/mechanism designed for
> >> one purpose (e.g. privacy) re-used in another context (e.g. client
> >> authentication) without significant examination of the implications
> >> and safety of that, I hear warning bells.
> >
> >
> >>
> >>
> >>
> >> > Another point I would like to clarify is why another port would be
> needed for mTLS as this is a capacity announced by the TLS server. The
> support of mTLS is simply announced by the server by sending a
> CertificateRequest. The TLS client may only accept such communications. I
> do not necessarily see this as an issue, but again maybe I am missing
> something.
> >>
> >> Sorry for the confusion here, the point I was trying to make was
> >> simply whether DoT on the existing port could be used, or whether to
> >> get the authentication properties you need from the connection you
> >> actually need a new protocol (not DoT) that is designed fro
> >> authentication, not privacy to achieve that, and if that were the
> >> case, then such a hypothetical new protocol would presumably require
> >> its own port.
> >>
> >> Hope that clarifies.
> >>
> > yes it does. I do not think we need a new port.
> >
> >>
> >> --
> >> Matt Brown
> >> DNS Directorate Member
> >
> >
> >
> > --
> > Daniel Migault
> > Ericsson
>
>
>
> --
> Matt Brown
> DNS Directorate Member
>


-- 
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email