Re: [mif] Comments on draft-ietf-mif-dns-server-selection-01
Ted Lemon <Ted.Lemon@nominum.com> Tue, 29 March 2011 06:46 UTC
Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: mif@core3.amsl.com
Delivered-To: mif@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5F63B3A683B for <mif@core3.amsl.com>; Mon, 28 Mar 2011 23:46:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.554
X-Spam-Level:
X-Spam-Status: No, score=-106.554 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RlB+idvBRswh for <mif@core3.amsl.com>; Mon, 28 Mar 2011 23:46:02 -0700 (PDT)
Received: from exprod7og111.obsmtp.com (exprod7og111.obsmtp.com [64.18.2.175]) by core3.amsl.com (Postfix) with ESMTP id 1DC053A67D0 for <mif@ietf.org>; Mon, 28 Mar 2011 23:46:01 -0700 (PDT)
Received: from source ([64.89.228.229]) (using TLSv1) by exprod7ob111.postini.com ([64.18.6.12]) with SMTP ID DSNKTZGAixZmFVSmr1x0Yjm5B98aLZ02Cy5r@postini.com; Mon, 28 Mar 2011 23:47:40 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 9DD231B80C6 for <mif@ietf.org>; Mon, 28 Mar 2011 23:47:35 -0700 (PDT)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 89BA819006C; Mon, 28 Mar 2011 23:47:35 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-01.WIN.NOMINUM.COM ([64.89.228.131]) with mapi id 14.01.0255.000; Mon, 28 Mar 2011 23:47:35 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: "teemu.savolainen@nokia.com" <teemu.savolainen@nokia.com>
Thread-Topic: [mif] Comments on draft-ietf-mif-dns-server-selection-01
Thread-Index: AQHL7T2TZudS6uSp00WtSjuDIkpv2ZRDyiSAgAAVv0w=
Date: Tue, 29 Mar 2011 06:47:34 +0000
Message-ID: <EA8E2993-CEB7-45E9-B573-4140F5560A55@nominum.com>
References: <20110328114453.GD85777@crankycanuck.ca>, <916CE6CF87173740BC8A2CE44309696201647D@008-AM1MPN1-036.mgdnok.nokia.com>
In-Reply-To: <916CE6CF87173740BC8A2CE44309696201647D@008-AM1MPN1-036.mgdnok.nokia.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "mif@ietf.org" <mif@ietf.org>
Subject: Re: [mif] Comments on draft-ietf-mif-dns-server-selection-01
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2011 06:46:03 -0000
On Mar 29, 2011, at 12:29 AM, "teemu.savolainen@nokia.com" <teemu.savolainen@nokia.com> wrote: I think there are four cases to consider here: 1. The server selection option is delivered across a secure, trusted channel. 2. The server selection option is not secure, but the client does DNSSEC validation. 3. The server selection option is not secure, the resolver does DNSSEC validation, and the client communicates with the resolver over a secure, trusted channel. 4. The DNS server IP address that is being recommended in the server selection option is known and trusted by the client; that is, the server selection option serves not to introduce the client to a new server, but rather to inform it that a server it has already been configured to trust is available to it for resolving certain domains. I think any use of the server selection option that falls outside of these four cases should be excluded. By excluding such cases, we eliminate the possibility that the server selection option can be used to initiate an attack that could not be initiated without it. I think that trusting the cell provider connection is something that needs to be thought through carefully. It may in fact be okay to do so. But it depends on that channel being both secure and trusted, not just trusted. In DHCP it's somewhat traditional to trust provider channels even though they aren't cryptographically secure, and we get away with this because they are in fact in secure locations, and the information we're trusting isn't that sensitive. But those two rationalizations don't apply here--cell service is done by radio, and hence not in a secure location, and the information we propose to trust is in fact quite sensitive.
- [mif] Comments on draft-ietf-mif-dns-server-selec… Andrew Sullivan
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… teemu.savolainen
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… Ted Lemon
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… teemu.savolainen
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… Ted Lemon
- Re: [mif] Comments on draft-ietf-mif-dns-server-s… Andrew Sullivan