Re: Quic: the elephant in the room

Nico Williams <nico@cryptonector.com> Mon, 12 April 2021 16:14 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DA573A246E for <ietf@ietfa.amsl.com>; Mon, 12 Apr 2021 09:14:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2R7ZmzSbFBg for <ietf@ietfa.amsl.com>; Mon, 12 Apr 2021 09:14:43 -0700 (PDT)
Received: from crocodile.ash.relay.mailchannels.net (crocodile.ash.relay.mailchannels.net [23.83.222.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BF263A2401 for <ietf@ietf.org>; Mon, 12 Apr 2021 09:14:41 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id C488E541CC8; Mon, 12 Apr 2021 16:14:37 +0000 (UTC)
Received: from pdx1-sub0-mail-a47.g.dreamhost.com (100-98-55-67.trex.outbound.svc.cluster.local [100.98.55.67]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 48454542921; Mon, 12 Apr 2021 16:14:37 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a47.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.98.55.67 (trex/6.1.1); Mon, 12 Apr 2021 16:14:37 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Occur-Skirt: 762418766aa77c1c_1618244077556_1963151481
X-MC-Loop-Signature: 1618244077556:1314220322
X-MC-Ingress-Time: 1618244077556
Received: from pdx1-sub0-mail-a47.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a47.g.dreamhost.com (Postfix) with ESMTP id 02EB08ACC9; Mon, 12 Apr 2021 09:14:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=u0XyVZAtjG23Z3 Z1AS+52JLhi5o=; b=LoI+o+ERoqDDw5ZrVUPdd+zk3BkoYhYUoCwFo6brq5sF0J ubEKhsxpVB10qb0t1HH/a3cCdejmfwBsN6b5vskltGLuRd2aIWD7fTpl1hmMhFr/ 35uULD7dggySE1RbUwrYQ4+3rUwb5YBK1ZNvuYLkRD6DpbA+PXs4DqqO2+Gog=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a47.g.dreamhost.com (Postfix) with ESMTPSA id 1D8DA7E5FC; Mon, 12 Apr 2021 09:14:34 -0700 (PDT)
Date: Mon, 12 Apr 2021 11:14:32 -0500
X-DH-BACKEND: pdx1-sub0-mail-a47
From: Nico Williams <nico@cryptonector.com>
To: Michael Thomas <mike@mtcc.com>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, IETF Discussion Mailing List <ietf@ietf.org>
Subject: Re: Quic: the elephant in the room
Message-ID: <20210412161431.GT9612@localhost>
References: <3b25c77d-e721-e86d-6c34-a90039aab0e2@mtcc.com> <CAMm+Lwhi8xwFgZJL7jod2g4urZt_f+dm0tNi+3y1osqOfch2mQ@mail.gmail.com> <3593a01f-73f4-7d03-a85b-dff64a8b070e@mtcc.com> <506A780B-9C0D-4F4A-B045-098F6152F4DB@akamai.com> <14cd802e-2a1b-97d4-c80d-b57f93e8cc21@mtcc.com> <E4374100-265E-4426-9F9A-AC437DA31D2B@depht.com> <15059e21-b7c2-4211-869e-df3ffdf7c34a@mtcc.com> <CAMm+LwgnoqXKNSKxt0-rDa8ze6J9LsZz0jVeogBXAWNDveC_ZQ@mail.gmail.com> <20210412155121.GQ9612@localhost> <c268bc55-803a-ab9d-6d38-9d90fd6e5c99@mtcc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <c268bc55-803a-ab9d-6d38-9d90fd6e5c99@mtcc.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/GfV0nHrb-x0aOy66Ifw2He0CqSI>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Apr 2021 16:14:48 -0000

On Mon, Apr 12, 2021 at 09:02:57AM -0700, Michael Thomas wrote:
> On 4/12/21 8:51 AM, Nico Williams wrote:
> > You get better security properties (w.r.t. possible compromised root or
> > ccTLD/TLD keys) if the resolver finds the DNSSEC chain on its own using
> > qname minimization than you get with stapling, but I agree that stapling
> > is a performance win.  We'll really want transparency for DNSSEC if we
> > do any kind of full chain stapling.
> 
> Can somebody explain what "stapling" is?

In general "stapling" means sending all the ancilliary things that the
peer would otherwise have to lookup on its own to save it the bother.
So:

 - "OCSP" == RP sends request to OCSP Responder

 - "stapled OCSP" == supplicant sends its EE cert and chain and cached
   OCSPResponse to the RP so the RP need not go talk to an OCSP
   Responder

 - "DANE" == RP looks up all the relevant RRs needed to validate
   supplican't certificate

 - "stapled DANE" == supplicant sends TLSA RRs and DNSSEC chain along
   with its certificate so that the RP need not perform those lookups
   separately

(RP == relying party)
(supplicant == the entity authenticated by the end-endity certificate it
 presents to the RP)

Nico
--