IETF Logo Mail Archive

Re: [IPsec] draft-pauly-ipsecme-split-dns

Eric Rescorla <ekr@rtfm.com> Tue, 19 June 2018 19:26 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E48D130ECA for <ipsec@ietfa.amsl.com>; Tue, 19 Jun 2018 12:26:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jgNzziwP2TeI for <ipsec@ietfa.amsl.com>; Tue, 19 Jun 2018 12:26:51 -0700 (PDT)
Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1D1D130F0D for <ipsec@ietf.org>; Tue, 19 Jun 2018 12:26:51 -0700 (PDT)
Received: by mail-it0-x22c.google.com with SMTP id k17-v6so15611180ita.0 for <ipsec@ietf.org>; Tue, 19 Jun 2018 12:26:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UqOPfFbbpOkVjPDZ9sO/lKv3zbcARthdsARU5+96KIQ=; b=zaKetd0EqhnBMBkD8MgOpqLRrFpBCpKAS75fvEZ8E1EDCA22WDkDfdRsJK6IUQTwzC 1VIM+ACNoqZJzPiIkRs5J+XcfcdWqJsMzNt0PaU13TwsXcWXA8gpk6Bg+Cum7bX8giRf +GZaHXSuQSjjDOIvL5zJtokNmm+28lqU0Fi4JRm0dOMkIszuL4h95olnpEW5xCPEO7Vt Ie0JOW7Sa4/YkX2Uqn0EvaP21wVB38VcsAysndAuij1TtzT3gEXzs5bhwGYfywPMZ/32 NFJKzsNYF5kSGFYqRjfH+iViGKPFMqgE7s4VMt3ZPlJ9UCGtWGu1MG/V+dkq+snDowz2 KKSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UqOPfFbbpOkVjPDZ9sO/lKv3zbcARthdsARU5+96KIQ=; b=GH+s9jPnx8N7+hMdUyHchS4TJlxj+RHLCregoOl5nF0StDIkMl8Wsb0KPzEQE8Hq12 WOkiPL4L4O7PQV3Qn21HW48QpYa8NFOjUIhDsGTrr+FYgAmMpb5G280/Xl3fhOUph8o0 RW+Ws8ZvU+PqEJ7bue+Vc13anzezlI6DyLbj9jGijWjiGPvAFj30uePBZNb2nXk91PDf F7g5ZJ5roffb81WryegzDXF6t/Vc9YLgnuQWBVKjQFhIrFe6DKEB1EUuroaAsgxCGRxw 6Yu26FYwiG/9ML4lu5QjEg38ZJ54zB7VFm9wxkmB91EvzXl4+u6mssFdSxC+iNRewuVD s25A==
X-Gm-Message-State: APt69E2vY+DSSLSjwhQoeuh/3kTkrHT7oOxu9Qo1s6OAg0UC/IsiZAhK 03iI4/emFiAKOz0xGtN4x22DiXlQSumgIdPNuvjkcg==
X-Google-Smtp-Source: ADUXVKIIjUVbAVfviq7cwjaeme3fs3T561qIbKiaR0z1YLbu3i8+Fwcn/9Sfyflx0GIJYJdjGYWSjJQQkG86RU9wuEE=
X-Received: by 2002:a24:5913:: with SMTP id p19-v6mr13594511itb.126.1529436410986; Tue, 19 Jun 2018 12:26:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:4c45:0:0:0:0:0 with HTTP; Tue, 19 Jun 2018 12:26:10 -0700 (PDT)
In-Reply-To: <20180619183459.GC4218@localhost>
References: <alpine.LRH.2.21.1806181637240.22748@bofh.nohats.ca> <CABcZeBPZFswnn6zoK6h-Oiy8P1o5u-BVVExQSO48fxGWy1cwXQ@mail.gmail.com> <alpine.LRH.2.21.1806181644520.22748@bofh.nohats.ca> <CABcZeBPf6TEh3JtYwT7D6+90y40W7y_=Hx03xNzLxEuQM_YsLQ@mail.gmail.com> <alpine.LRH.2.21.1806181702230.13143@bofh.nohats.ca> <CABcZeBOa8qMhDyCMzPTAtUBZTYPGehrhPrr6h4cVCjP4QZ1+Ew@mail.gmail.com> <alpine.LRH.2.21.1806191109300.16269@bofh.nohats.ca> <CABcZeBPFw1iuHXV+_sEuMaRCYRSk1nH_FujeimOb=ViEAtvkVA@mail.gmail.com> <alpine.LRH.2.21.1806191159310.26059@bofh.nohats.ca> <CABcZeBN2HwiwVzAUjyZU+Q+toFM2jOKHD9xmKwM1V5qhUoULEQ@mail.gmail.com> <20180619183459.GC4218@localhost>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 19 Jun 2018 12:26:10 -0700
Message-ID: <CABcZeBPh33RMWy=pWVSWPp9cDrzrRrVQXgw1BKPLy_W0_Wrdgg@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Paul Wouters <paul@nohats.ca>, IPsecME WG <ipsec@ietf.org>, "draft-ietf-ipsecme-split-dns.all@ietf.org" <draft-ietf-ipsecme-split-dns.all@ietf.org>, "Waltermire, David A. (Fed)" <david.waltermire@nist.gov>, Tero Kivinen <kivinen@iki.fi>
Content-Type: multipart/alternative; boundary="000000000000fbcf53056f03a977"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/q17Sm9Um0EGCVBXLzKKOcqaTF6Y>
Subject: Re: [IPsec] draft-pauly-ipsecme-split-dns
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2018 19:27:06 -0000

On Tue, Jun 19, 2018 at 11:34 AM, Nico Williams <nico@cryptonector.com>
wrote:

> On Tue, Jun 19, 2018 at 10:13:47AM -0700, Eric Rescorla wrote:
> > I don't think that going point-by-point is getting us very far, so I'm
> > going to try to restate what i think the situation is, from the top.
> >
> > 1. In the current design, many clients (those whose enterprises have any
> > significant number of domains) are just going to have to accept whatever
> > domains the VPN server claims should be treated as internal, and to
> accept
> > the trust anchors the VPN server claims
>
> The I-D should say that clients MUST allow local configuration of what
> domains to accept trust anchors for, and SHOULD allow local policy to
> list . as a domain for which to accept trust anchors.
>
> This local configuration should be per-SG.
>

The ID can say that, but as a practical matter, any enterprise that has
a reasonable number of internal domains is just going to tell people
to configure their client to accept any domain name.


> 2. Because the current design also allows those trust anchors to sign TLSA
> > records, any TLS client which accepts those TLSA records is subject to
> MITM
> > by the VPN server
>
> And SSHFP.  And anything else that might be security-relevent (all of
> DNS, really).
>

Well, different parts of DNS are differently security relevant. For
instance,
the IP-address mapping usually isn't that big a deal because the network
attacker can reroute you anyway.
This definitely merits a Security Considerations note even if this

]

> property were actually the point of this protocol.
>
> > 3. Even if enterprise doesn't intend to run a MITM proxy, this means that
> > any compromise of the VPN server automatically makes it an MITM proxy for
> > the Internet as a whole, because the person who compromises it can simply
> > reconfigure it to advertise any domain of its choice as internal, as well
> > as the corresponding keys and TLSA records.
>
> Sure, but it's not like clients will be choosing to connect to any VPN
> servers.  Generally the client must already have a trust anchor for the
> SG to begin with.


Why? That trust anchor doesn't need to allow the creation of arbitrary
WebPKI certs. All that is needed is to be able to authenticate the
VPN server itself.


Painting this as a security threat to the entire
> Internet is going a bit too far.
>

Why?

-Ekr

v2.23.0 | Report a Bug | By Email