IETF Logo Mail Archive

Re: [TLS] A few comments on draft-ietf-tls-dnssec-chain-extension-02.txt

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 22 March 2017 21:50 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 564B51294B5 for <tls@ietfa.amsl.com>; Wed, 22 Mar 2017 14:50:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oWWtx1unKewd for <tls@ietfa.amsl.com>; Wed, 22 Mar 2017 14:50:39 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BCBB129353 for <tls@ietf.org>; Wed, 22 Mar 2017 14:50:35 -0700 (PDT)
Received: from [172.31.30.83] (gzac12-mdf2-1.aoa.twosigma.com [208.77.215.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id E13927A32F1 for <tls@ietf.org>; Wed, 22 Mar 2017 21:50:34 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <5f39565c-5417-b94f-f1e6-32261c473455@nomountain.net>
Date: Wed, 22 Mar 2017 17:50:33 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: "<tls@ietf.org>" <tls@ietf.org>
Message-Id: <06E7213B-5842-4465-936D-CF153C76B6DA@dukhovni.org>
References: <CABcZeBMM-67C5KQx1pcd=phBkd7htJB7QSR4VGp+kXpq6gbCFg@mail.gmail.com> <1362c5bd-99c6-c806-ce2a-b51f86a31f38@nomountain.net> <54343047-7620-4A96-BD39-6E60AE7EA5A2@sn3rd.com> <5f39565c-5417-b94f-f1e6-32261c473455@nomountain.net>
To: "<tls@ietf.org>" <tls@ietf.org>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/y_UbxRltz1bmhFBwX2I9HJQ9NwQ>
Subject: Re: [TLS] A few comments on draft-ietf-tls-dnssec-chain-extension-02.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2017 21:50:41 -0000

> On Mar 22, 2017, at 10:56 AM, Melinda Shore <melinda.shore@nomountain.net> wrote:
> 
> The draft could definitely benefit from
> additional review.

I find it ironic that section 4 includes:

   The components of the authentication chain are built by starting at
   the target record set and its corresponding RRSIG.  Then traversing
   the DNS tree upwards towards the trust anchor zone (normally the DNS
   root), for each zone cut, the DNSKEY and DS RRsets and their
   signatures are added.  If DNS responses messages contain any domain
   names utilizing name compression [RFC1035], then they must be
   uncompressed.

while at the same time there is ongoing discussion of *adding* compression
of the server certificate chain (as a TLS 1.3 extension).  Would the
compression of server certificates also cover compression of the DNSSEC
chain extension?  If so, perhaps this would be a belated moral victory
for DJB[1]. :-)

-- 
-- 
	Viktor.

[1] https://cr.yp.to/djbdns/notes.html

Compression

Compression DNS packets use an ad-hoc compression method in which
portions of domain names can sometimes be replaced with two-byte
pointers to previous domain names. The precise rule is that a name
can be compressed if it is a response owner name, the name in NS
data, the name in CNAME data, the name in PTR data, the name in MX
data, or one of the names in SOA data.

One problem with DNS compression is the amount of code required to
parse it. Reliably locating all these names takes quite a bit of
work that would otherwise have been unnecessary for a DNS cache.
LZ77 compression would have been much easier to implement.

Another problem with DNS compression is the amount of code required
to correctly generate it. (RFC 1035 allowed servers to not bother
compressing their responses; however, caches have to implement
compression, so that address lists from some well-known sites don't
burst the seams of a DNS UDP packet.) Not only does the compressor
need to figure out which names can be compressed, but it also needs
to keep track of compression targets earlier in the packet. RFC
1035 doesn't make clear exactly what targets are allowed. (Most
versions of BIND do not use pointers except to compressible names;
suffixes of the query name are excluded. dnscache uses pointers to
suffixes of the query name.)

Another problem with DNS compression is that it's not particularly
effective. LZ77 would have done a noticeably better job on current
data, and a much better job on new record types that might become
popular in the future. (BIND versions 4.9.* through 8.1.2 compress
names in new record types, such as RP and SRV, in blatant violation
of RFC 1035. The names are not decompressed by caches that do not
know about the new types. This is an interoperability disaster.)

v2.23.0 | Report a Bug | By Email