Re: [TLS] Dnsdir early review of draft-ietf-tls-svcb-ech-01
Rob Sayre <sayrer@gmail.com> Sat, 30 March 2024 17:43 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D179C14F6FC; Sat, 30 Mar 2024 10:43:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1xJNUJs5uJae; Sat, 30 Mar 2024 10:43:04 -0700 (PDT)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BAB8C14F5ED; Sat, 30 Mar 2024 10:43:03 -0700 (PDT)
Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a4e38f941c6so171639066b.2; Sat, 30 Mar 2024 10:43:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711820582; x=1712425382; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6CwJDjiLyiJfNPSd1cVmRQxlws+w0H3BN675SvitBw8=; b=GVRljvbvgcoyQgXtwl1lTswoqQZzcCcJ0nL0ovmi1D7XM4Ulw+heuHz1nntz7A0sx+ Ee4uSzwRFYqUWyYLpm8030wM1W7b/ELJEqm0I7SHrKHc8wJ7Im8hdzEn4mYzLA/5nuTb 188LjxnD0oiJkcO30tgZRuB6UlrwS0gNbihwfp3F6sZBQPTJHzvwlbyINHeQPmMId/SM MqHswFWKd4sdLpUYSUDKWO4cTzTk8LbMV7cQTZliy9pT5Mj6Sw+bUp1dFgBM0eSdvhEE qLb9sav1sdTRmDQEIx/BdMdmvPACXURsHC3Xt/Yz13Q2w6lPjoUs2cgNTlr4LdJ4HZpf UucA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711820582; x=1712425382; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6CwJDjiLyiJfNPSd1cVmRQxlws+w0H3BN675SvitBw8=; b=qZ9p3NGck42Cl7QYnTrQjEwBUYTvl5YHvz1msDVA81M2TziyZXmbv1smrxq2fQVjmV enYoz5L8mkx7HBu0liq2KPDm8Syu6icLuwX/PpdcrI4N8LccpwhMjnhRiV2aq4ARRyd6 SXvKhIfg7bu1G+V+CgVs4/kxIfzM1lBxNrhe/X1iAOWiGIIPtp4JUYk6EBYF3w9+lHRF ERJKpYnIYiI/Ql3FDqFxiISlxdccpdOHp9naAOTwnyMpPbwAt7GaIwyl8nzxvHjXRNl7 Ky/owdYSDkIdWcSZvdlH1p8wYMlU+0X46qwoBH9lL83GlQnzWD9ExCoof/Bneeb4sDRo Ihpw==
X-Forwarded-Encrypted: i=1; AJvYcCVprAljsJ5EFkORGe69qhKaAHYz5yPO0mRXGNc2TOSWlAWts+j+MYviVGJbkPjYy5hk9JbPnrGjVUdKCx5ShjsAtQeUgtlIm1cRfKuht6/4ypNaU32Xa00p9ah2g2l2IAoH5C4/+PT6XNbL70eI66Xy6T4O
X-Gm-Message-State: AOJu0YyyU4CuRdIobVuFVbvFBEq7HatHHwnNGD2pkPMEKO7AEPvaYsem mj5DDOwvPTlgt7k2KZIbF4uWg5dMi8qtNg3xu08qOFSGNJ4x2FcXnt4RAOK5o1IfmddZY+OzLLm 0gapFPNtd5EnOAvpJgVXXc6hsGuNzXgSV5aaBXAna
X-Google-Smtp-Source: AGHT+IEI7t+Pr0Fuj0l6EMQyWzZ9EUXZNOW4/a7rKnEY5ULiQoYVrJheyniW627rNAkyc0DQPZhGKgYstN5gtMATV18=
X-Received: by 2002:a17:907:72c6:b0:a47:30a1:4c1b with SMTP id du6-20020a17090772c600b00a4730a14c1bmr4328817ejc.55.1711820581491; Sat, 30 Mar 2024 10:43:01 -0700 (PDT)
MIME-Version: 1.0
References: <171174253501.29384.9373864670898234756@ietfa.amsl.com> <CAChr6SwCKV4P_xab_3dKSwKDfPdxjz3WinQaWebMcXh8-_xy0g@mail.gmail.com> <CAPt1N1knx=+K627L6rsf4nGuiwpSXjWoMB4QcMfwhJdaGKypUw@mail.gmail.com> <CAChr6SxKA7YidnYWW=6DOWeQo+_CKNaWNOQL9JQnJUB3thgBhw@mail.gmail.com> <CAPt1N1=snvSeQ74xs=HNVyszxjTD1SPMxw3+BVh-5-HBnOcZag@mail.gmail.com> <CAChr6Sx0WX-X3dWjkwMJAa4Rz3BhnUdYMFwWgLkorm6d-16g1w@mail.gmail.com> <CAPt1N1=LzjPMfADvdTdt_kCZ3XTznKs4p4_FYAH_RDb6WVcv7w@mail.gmail.com> <CABcZeBMVbi2_0yaTTe+-U2cBWqscXAdhcrwPufKNg0a-8U292A@mail.gmail.com> <CAPt1N1kEVk6MEHqnXAPenRp057eTDhptxsstcxyEkXqWBdyHQA@mail.gmail.com> <CAKC-DJiEWYDmz3EdPq2hjpR6kGPAnRPTA9H1HAwo4BR-1XG=mQ@mail.gmail.com> <CAPt1N1kNCr+khExy8ajksPakgsQtnPWC4ckmwB9kZDhQk4Cywg@mail.gmail.com>
In-Reply-To: <CAPt1N1kNCr+khExy8ajksPakgsQtnPWC4ckmwB9kZDhQk4Cywg@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Sat, 30 Mar 2024 10:42:49 -0700
Message-ID: <CAChr6SwMVuCT7trjZVdG-zhGX21vMK9iu_th+Pc7_94s9hZ8bg@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Erik Nygren <erik+ietf@nygren.org>, Eric Rescorla <ekr@rtfm.com>, dnsdir@ietf.org, draft-ietf-tls-svcb-ech.all@ietf.org, tls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ade0610614e449b3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/XyNin5MQVnA2N6nVOYjzPAf5vVQ>
Subject: Re: [TLS] Dnsdir early review of draft-ietf-tls-svcb-ech-01
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2024 17:43:08 -0000
Yeah, that sounds fine. I think 9460 is pretty good in that it covers both DNSSEC and encrypted transports for DNS. thanks, Rob On Sat, Mar 30, 2024 at 10:27 AM Ted Lemon <mellon@fugue.com> wrote: > I think that would make sense, yes. > > On Sat, Mar 30, 2024 at 10:58 AM Erik Nygren <erik+ietf@nygren.org> wrote: > >> Do we want a few sentences in Security Considerations that references >> https://www.rfc-editor.org/rfc/rfc9460.html#section-3.1 to call this out? >> >> This seems like something that became less clear when we split these two >> docs apart. >> Most of draft-ietf-tls-svcb-ech used to be a section of what is now >> rfc9460 but got split out >> due to publication timelines. It may be that some non-normative >> references back to rfc9460 >> might help readers not miss things like this which might have been more >> clear when they >> were a single document. >> >> Erik >> >> >> >> >> On Fri, Mar 29, 2024 at 11:31 PM Ted Lemon <mellon@fugue.com> wrote: >> >>> Yes, that fully addresses my concern. Thanks! >>> >>> Op vr 29 mrt 2024 om 22:54 schreef Eric Rescorla <ekr@rtfm.com> >>> >>>> >>>> Hi Ted, >>>> >>>> Doesn't this section of RFC 9460 address this case and say what you are >>>> recommending: >>>> >>>> https://www.rfc-editor.org/rfc/rfc9460.html#section-3.1 >>>> >>>> -Ekr >>>> >>>> >>>> >>>> On Fri, Mar 29, 2024 at 6:49 PM Ted Lemon <mellon@fugue.com> wrote: >>>> >>>>> Okay, I think I see the disconnect, maybe. The issue I'm pointing to >>>>> is that you may or may not be doing DNSSEC validation. And you may or may >>>>> not be /able/ to do DNSSEC validation if the infrastructure breaks it >>>>> accidentally or deliberately. >>>>> >>>>> The document says: "The SVCB-optional client behavior specified in >>>>> (Section 3 of [SVCB]) permits clients to fall back to a direct connection >>>>> if all SVCB options fail. This behavior is not suitable for ECH, because >>>>> fallback would negate the privacy benefits of ECH." >>>>> >>>>> So it's saying that the default handling of SVCB is incorrect and >>>>> would fail open, and overriding that behavior. Given that this is the case, >>>>> that implies that it matters whether the data has been validated, but >>>>> nowhere in the document, certainly not in Security Considerations, is any >>>>> mention made of this issue. So that's what I'm pointing out. >>>>> >>>>> It is absolutely not the case in practice that all stub resolvers do >>>>> validation. You are making a security decision about trust based on data >>>>> the trustworthiness of which you've not discussed, in a situation where the >>>>> implementor has meaningful choices to make with respect to validating that >>>>> trustworthiness. So it's worth mentioning that if the policy is not to >>>>> validate, this vulnerability exists. >>>>> >>>>> I'm a DNS guy, not a TLS guy, so I don't know the history of this >>>>> work—I'm just making this observation about the document I was asked to >>>>> review. The fact that (apparently) no DNSDIR review ever raised this issue >>>>> about the other documents you mentioned is of no interest to me—I'm not >>>>> reviewing those documents.Whether you take this advice is between you and >>>>> the IESG. I'm not even claiming to be right—just pointing out the issue I >>>>> see. >>>>> >>>>> On Fri, Mar 29, 2024 at 7:21 PM Rob Sayre <sayrer@gmail.com> wrote: >>>>> >>>>>> I don't think it relates to DNSSEC. You can fail at DNS (DNSSEC >>>>>> failure) or you can fail during ECH (unless you want to use non-ECH, which >>>>>> is not ECH, and not part of this draft). >>>>>> >>>>>> It makes sense to me: one can reject a request unless the >>>>>> requirements embedded in the SVCB are met (the server chooses those, which >>>>>> can include many aspects of the request). I don't understand why one would >>>>>> insert DNSSEC here. That seems to be the whole point--it works without it. >>>>>> >>>>>> thanks, >>>>>> Rob >>>>>> >>>>>> >>>>>> On Fri, Mar 29, 2024 at 3:57 PM Ted Lemon <mellon@fugue.com> wrote: >>>>>> >>>>>>> I'm not telling you that you have to require DNSSEC. I'm saying the >>>>>>> document is incomplete if you don't talk about how it relates to DNSSEC. I >>>>>>> think EKR got the point, so maybe go with his approach? >>>>>>> >>>>>>> On Fri, Mar 29, 2024 at 6:27 PM Rob Sayre <sayrer@gmail.com> wrote: >>>>>>> >>>>>>>> It's a policy choice, though, right? I think ekr hinted at this >>>>>>>> issue as well. >>>>>>>> >>>>>>>> It's that one might also view requests that reveal the SNI as >>>>>>>> insecure. If that's the case, DNSSEC doesn't help. There will certainly be >>>>>>>> a transition period where that will be impractical for many servers. I >>>>>>>> think these are separate problems, though. >>>>>>>> >>>>>>>> thanks, >>>>>>>> Rob >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Mar 29, 2024 at 3:10 PM Ted Lemon <mellon@fugue.com> wrote: >>>>>>>> >>>>>>>>> It looks like if you can't get the SCVB you're going to fail >>>>>>>>> insecure, so being able to use DNSSEC to prevent that for signed domains >>>>>>>>> seems worthwhile. >>>>>>>>> >>>>>>>>> On Fri, Mar 29, 2024 at 4:41 PM Rob Sayre <sayrer@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> On Fri, Mar 29, 2024 at 1:02 PM Ted Lemon via Datatracker < >>>>>>>>>> noreply@ietf.org> wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I don't think it's reasonable to specify the privacy properties >>>>>>>>>>> of SVCB and >>>>>>>>>>> /not/ talk about DNSSEC validation. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Could you explain more about this part? I think DNSSEC doesn't >>>>>>>>>> add much here, unless you want to accept non-ECH traffic. For example, many >>>>>>>>>> of the test servers will bounce you to some other site if you don't send >>>>>>>>>> ECH or screw it up in some way (speaking as someone who has screwed it up >>>>>>>>>> many times...). >>>>>>>>>> >>>>>>>>>> I think there might be a DoS attack here, where someone messes >>>>>>>>>> with the response, but they can also turn off the DNSSEC bit unless it's >>>>>>>>>> DoT/DoH/DoQ etc. So, if using those, it's just the trustworthiness of the >>>>>>>>>> DNS server itself, right? Sorry if I'm missing something. >>>>>>>>>> >>>>>>>>>> thanks, >>>>>>>>>> Rob >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>> TLS mailing list >>>>> TLS@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/tls >>>>> >>>>
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Rob Sayre
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Eric Rescorla
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Rob Sayre
- [TLS] Dnsdir early review of draft-ietf-tls-svcb-… Ted Lemon via Datatracker
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Ted Lemon
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Ted Lemon
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Ted Lemon
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Rob Sayre
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Ted Lemon
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Eric Rescorla
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Ted Lemon
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Erik Nygren
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Ted Lemon
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Rob Sayre
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Erik Nygren
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Rob Sayre
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Ted Lemon
- Re: [TLS] [dnsdir] Dnsdir early review of draft-i… Tim Wicinski
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Eric Rescorla
- Re: [TLS] Dnsdir early review of draft-ietf-tls-s… Sean Turner
- [TLS]Re: Dnsdir early review of draft-ietf-tls-sv… Erik Nygren