Re: [Resolverless-dns] Paper on Resolver-less DNS

Eric Osterweil <lists@osterweil.net> Sun, 25 August 2019 21:29 UTC

Return-Path: <lists@osterweil.net>
X-Original-To: resolverless-dns@ietfa.amsl.com
Delivered-To: resolverless-dns@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D6C9120020 for <resolverless-dns@ietfa.amsl.com>; Sun, 25 Aug 2019 14:29:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o_439EVDHzY9 for <resolverless-dns@ietfa.amsl.com>; Sun, 25 Aug 2019 14:29:22 -0700 (PDT)
Received: from mail-qt1-f193.google.com (mail-qt1-f193.google.com [209.85.160.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A7E2120041 for <resolverless-dns@ietf.org>; Sun, 25 Aug 2019 14:29:22 -0700 (PDT)
Received: by mail-qt1-f193.google.com with SMTP id z4so16191759qtc.3 for <resolverless-dns@ietf.org>; Sun, 25 Aug 2019 14:29:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=naQOckg18yjPSFIj+GuIx0yI++15lSFsuPlNOcgATuw=; b=b3lKey+rlLuGNzBTeEFlK2ru+iNH2TZFe5mGszrAMSskWHI/oexNbQyonAxkZ5VK9u OudQLSVKGKpCyg9Qy346ZNs7VRAXzH2r+K+aEqQAqJQw2SHn8WYI1O6U/BzLeIWK1Ewy Az0G999WWi5JXTsCM7cf4PiSUkrPXSM8kX4mKtpmUb2ILQ34rH7coxcFATyf2BmkBPTf S/KwWlLg5GENXmd82k2FD+Y4pamhH6Yn7Ww2tU6kiVAPWqAgbeYA1oD/VTvRcQ2LDBf+ mVfErvMWqWqoz7PFUmqsCoN4Vf7JS7HmofiOPlEhI10KNVdbHB7jNQ+6OBhzKFZVv8r/ B1ag==
X-Gm-Message-State: APjAAAUbWF/DrzGN2sNeIdifUkCW2UVQ1+z8av0bnEyDzj3jA/45NvCW 2ctVzERuJQsgk6rZXUazH/ciQSlK55o=
X-Google-Smtp-Source: APXvYqyozguckhXL3v8Ex0qctY5WW5oleBuoYpNSp6jUUHGcZMwD+UJ//jBGHfPNECa7wMkeXYSyLA==
X-Received: by 2002:aed:2b01:: with SMTP id p1mr15043618qtd.33.1566768560948; Sun, 25 Aug 2019 14:29:20 -0700 (PDT)
Received: from [192.168.1.219] (pool-100-15-252-74.washdc.fios.verizon.net. [100.15.252.74]) by smtp.gmail.com with ESMTPSA id i5sm7008067qti.0.2019.08.25.14.29.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 25 Aug 2019 14:29:20 -0700 (PDT)
From: Eric Osterweil <lists@osterweil.net>
Message-Id: <94F2A83C-F486-4EBB-B57F-FBB6AE15E978@osterweil.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_47B6671A-7B8C-4299-8555-B4581CC87188"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Sun, 25 Aug 2019 17:29:18 -0400
In-Reply-To: <b2b3e56a-c577-f08a-627a-f54e2e6fadb6@informatik.uni-hamburg.de>
Cc: resolverless-dns@ietf.org
To: sy@informatik.uni-hamburg.de
References: <CAHbrMsBhR1yaLxQk7wZk54Jdf5nvkS03KC3UTae0Famu2+SV8g@mail.gmail.com> <4568720.uvMTqBdgP4@linux-9daj> <fb12f102-714d-95cc-c6cc-0871a2df9f50@informatik.uni-hamburg.de> <34813218.VKkrhzyXsx@linux-9daj> <ae355776-a1bb-cf23-f380-133439661d1f@informatik.uni-hamburg.de> <1171283855.590.1566558699991@appsuite-gw1.open-xchange.com> <a8d9398b-4fea-0a1e-3fa7-5954d001f9ea@informatik.uni-hamburg.de> <1405682425.665.1566561941610@appsuite-gw1.open-xchange.com> <220061a8-608c-0a87-4656-213c87979284@informatik.uni-hamburg.de> <849BE7D4-A07E-496B-B413-E1C979390DA8@osterweil.net> <b2b3e56a-c577-f08a-627a-f54e2e6fadb6@informatik.uni-hamburg.de>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/resolverless-dns/UXC0fYdB_6KpIA5HyEilKZSLz3U>
Subject: Re: [Resolverless-dns] Paper on Resolver-less DNS
X-BeenThere: resolverless-dns@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Resolverless DNS <resolverless-dns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/resolverless-dns/>
List-Post: <mailto:resolverless-dns@ietf.org>
List-Help: <mailto:resolverless-dns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Aug 2019 21:29:24 -0000


> On Aug 25, 2019, at 4:40 PM, Erik Sy <sy@informatik.uni-hamburg.de>; wrote:
> 
> 
> On 8/25/19 20:03, Eric Osterweil wrote:
>>> 
>>> Additional pinning of certificates provides the benefit that an
>>> illegitimate certificate can be detected during the server
>>> authentication. Note, that CT can detect this only in the aftermath. As
>>> a drawback of pinning, a misconfiguration of this mechanism always leads
>>> to a fatal error. The trade-off at hand is catching misbehaving CAs
>>> before the connection establishment and accepting hard failures due to
>>> possible misconfiguration versus catching the malicious CA only in the
>>> aftermath of the connection establishment. I think that Chrome decided
>>> for the latter one.
>> 
>> If I follow your logic here, then I think this is a statement that is
>> at least break-even for (but likely actually in favor of) DANE.  If a
>> certificate that is proffered over a TCP connection does not match the
>> TLSA record, it is proactively detected and the session initiation
>> fails, yes?
>> 
> Here is a quote from Chris Palmer on this issue[1]:
> 1:
> https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ <https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ>
> 
> "The strength of PKP ― run-time enforcement with hard-fail — is also
> exactly its weakness. Some people are OK with the risk, but overall I
> think the market has spoken: HPKP has seen close to no adoption. People
> don't want to brick their sites.
> 
> As for DANE, it would at best have the same strength/weakness of HPKP,
> but with the additional problems of DNSSEC.”

I think this consideration is fundamentally too narrow.  As I pointed out (elsewhere in the previous message), DANE is part of an architectural solution ( https://cs.gmu.edu/~eoster/doc/2015-08-US-Telecom-DANE.pdf <https://cs.gmu.edu/~eoster/doc/2015-08-US-Telecom-DANE.pdf> ).  While browser security is a very important space, it is just one potential application.  While DANE does offer an elegant security solution for HTTPS connections, that does not mean its benefits are limited to that venue.

To reiterate earlier points: DANE securely binds associations to names in a generalized architecture.  The architecture is composed of a non-stationary suite of solutions.  In regards to TLS, its protections go beyond just for the browser.  For instance, consider opportunistic transport layer cert/key learning for SMTP (RFC-7672: https://tools.ietf.org/html/rfc7672 <https://tools.ietf.org/html/rfc7672> ).  The deployment numbers for this use are up-and-to-the-right ( http://secspider.net/pix/tlsa-growth.png <http://secspider.net/pix/tlsa-growth.png> ).  However, what I think really illustrate's DANE’s true potential (my own 0.02 here) is the fact that it also enables certificate/key learning for object security suites like S/MIME and PGP ( https://cs.gmu.edu/~eoster/doc/2015-03-24-ietf92-libsmaug.pdf <https://cs.gmu.edu/~eoster/doc/2015-03-24-ietf92-libsmaug.pdf> ).

> In total, it seems like Chrome does not want to deploy DANE.

It continues to be a shame, but there’s always time for people to see look at growing evidence and reconsider previous decisions. ;)

Eric