Re: [Tsv-art] Tsvart last call review of draft-ietf-dots-server-discovery-11

mohamed.boucadair@orange.com Tue, 13 October 2020 08:28 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE7133A091A; Tue, 13 Oct 2020 01:28:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grZyiYJz3cmG; Tue, 13 Oct 2020 01:28:54 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 377CB3A0658; Tue, 13 Oct 2020 01:28:54 -0700 (PDT)
Received: from opfedar05.francetelecom.fr (unknown [xx.xx.xx.7]) by opfedar25.francetelecom.fr (ESMTP service) with ESMTP id 4C9TGW5Cfbz8xJg; Tue, 13 Oct 2020 10:28:51 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1602577731; bh=LQgQK9RX+xAwUxhUCzwH8xV1pApc+nvor2Nb6up0fm8=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=l1swzeXjBPvlDS/pA0SMAATMRrIdtLneUllUuWPEiivaRoA1ZqANEGjgQCC5QQ3SZ mMd8Jm87fHHkv60aoZab9kN1hY2dWnoJkyuHCbtOcA7jNCAm+j2aB1TEX9UMNCuAbI f77mrR/+2KdX1kRUwCerbQdlLYiGo0Urnx6JOd0j9y8EsKF96PD32SWKM5BwU/fLVF +Y6d/haLEwZux5JOkV/8hgFNoz2qZC3bkKIpsb0if/6Ssex2R7mxYCpBAfx6Ek0iin alZ0yArjDydgmY4Sf2EioxbOO4nTN9kfQ2uUFyFXqQItELAqCM0ZJaNy6U1aWRNFsw YFJomDSrbkwmQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.29]) by opfedar05.francetelecom.fr (ESMTP service) with ESMTP id 4C9TGW3rSWz2xCg; Tue, 13 Oct 2020 10:28:51 +0200 (CEST)
From: <mohamed.boucadair@orange.com>
To: Kyle Rose <krose@krose.org>, "tsv-art@ietf.org" <tsv-art@ietf.org>
CC: "last-call@ietf.org" <last-call@ietf.org>, "dots@ietf.org" <dots@ietf.org>, "draft-ietf-dots-server-discovery.all@ietf.org" <draft-ietf-dots-server-discovery.all@ietf.org>
Thread-Topic: Tsvart last call review of draft-ietf-dots-server-discovery-11
Thread-Index: AQHWoCv6EYbxylq39kqMV/uafG6Ik6mVFVTg
Date: Tue, 13 Oct 2020 08:28:51 +0000
Message-ID: <22178_1602577731_5F856543_22178_325_7_787AE7BB302AE849A7480A190F8B93303155F274@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <160246137613.594.10649805135544482452@ietfa.amsl.com>
In-Reply-To: <160246137613.594.10649805135544482452@ietfa.amsl.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/5u3voO8tkAmbQh4J9mjBdEs7evM>
Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-dots-server-discovery-11
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Oct 2020 08:28:56 -0000

Hi Kyle, 

Thank you for the review.

Please see inline. 

Cheers,
Med

> -----Message d'origine-----
> De : Kyle Rose via Datatracker [mailto:noreply@ietf.org]
> Envoyé : lundi 12 octobre 2020 02:10
> À : tsv-art@ietf.org
> Cc : last-call@ietf.org; dots@ietf.org; draft-ietf-dots-server-
> discovery.all@ietf.org
> Objet : Tsvart last call review of draft-ietf-dots-server-discovery-
> 11
> 
> Reviewer: Kyle Rose
> Review result: Ready with Issues
> 
> This document has been reviewed as part of the transport area review
> team's ongoing effort to review key IETF documents. These comments
> were written primarily for the transport area directors, but are
> copied to the document's authors and WG to allow them to address any
> issues raised and also to the IETF discussion list for information.
> 
> When done at the time of IETF Last Call, the authors should consider
> this review as part of the last-call comments they receive. Please
> always CC tsv-art@ietf.org if you reply to or forward this review.
> 
> >From the perspective of the transport area, this document is Ready:
> the
> specification of new SRV application protocol names appears to
> comply with current TSVART guidance.
> 

[Med] Thanks. 

> That said, I have some questions and comments that may or may not be
> of interest to the transport ADs:
> 
> * Section 4 says:
> 
>    The discovery method is reiterated by a DOTS agent upon the
> following
>    events:
> 
>    o  Expiry of a a validity timer (e.g., DHCP lease, DNS TTL)
>       associated with a discovered DOTS agent.
> 
> >From my reading, rendezvous information for the DOTS server is
> "pushed"
> >to the
> client via DHCP, so it's not clear the above is actionable. Is it
> simply the case that a client should use the DOTS server assigned in
> the most recent lease?
> 

[Med] The intent is to avoid using "stale" servers. So yes, this is about using the server that was most recently discovered but also about not using a server beyond a validity time associated with the discovered server. 

> * Section 5.1 describes a trust mechanism that can charitably be
> described as "hopeful". Fundamentally, the security of TLS relies on
> a three-legged stool:
> 
>     (1) The integrity of the X.509 server certificate issuance
> procedures
>     (2) The cryptographic trust anchors configured in a client
>     (3) Pre-established trust in the server's identity, which must
> match a
>     ServerAltName in the signed server certificate
> 
> The security considerations section briefly alludes to the problems
> with using DHCP via reference to security considerations sections in
> DHCP RFCs, but I don't think that quite does justice to the problem
> here. TLS is cripped by a failure in any of the above:
> 
>     * A trusted CA wrongly issues a certificate to a third party
> with the
>     ability to hijack rendezvous (e.g., through BGP or DNS attacks)
> * A user's
>     certificate store is augmented by a CA under the control of an
> adversary *
>     Via a mistaken or injected hostname, a user establishes a
> connection to the
>     wrong endpoint that nonetheless has a legitimately-issued
> certificate
> 
> Using DHCP, an inherently insecure protocol, to inform DOTS clients
> of the hostname of DOTS server knocks this third leg out, calling
> into question the entire mechanism.

[Med] We didn't include such discussion as this is a variation of agent impersonation (covered by the pointer to RFC8811) and rogue servers in RFC8415. Also, we have the following:

   This document assumes that security credentials to authenticate DOTS
   server(s) are provisioned to a DOTS client using a mechanism such as
   (but not limited to) those discussed in [RFC8572] ...

We can add some text to elaborate on this further. 

 Measures can be taken to
> mitigate this risk, such as configuring clients with a domain
> whitelist (e.g., accept DOTS names only within a particular domain),
> configuring clients with a set of private CAs as trust anchors,
> configuring border routers with network-layer packet filtering for
> DOTS traffic, etc., but ultimately without some preconfiguration,
> clients are at the mercy of rogue DHCP.
> 
> * Section 5.2.1 has:
> 
>    The DHCPv4 [RFC2132] DOTS Reference Identifier option is used to
>    configure a name of the peer DOTS agent.  The format of this
> option
>    is illustrated in Figure 6.
> 
>             Code  Length   Peer DOTS agent name
>            +-----+-----+-----+-----+-----+-----+-----+--
>            |TBA3 |  n  |  s1 |  s2 |  s3 |  s4 | s5  |  ...
>            +-----+-----+-----+-----+-----+-----+-----+--
> 
>      The values s1, s2, s3, etc. represent the domain name labels in
> the
>      domain name encoding.
> 
> Is the final label zero-length?

[Med] Yes, as indicated in 5.2.1: 

   o  Peer DOTS agent name: The domain name of the peer DOTS agent.
      This field is formatted as specified in Section 10 of [RFC8415]. 

 Other parts of the DHCPv4 protocol
> terminate domain names with a zero-length label. What if a zero-
> length label appears in some s_i other than the final one?
> 

[Med] Names are validated as per the rules in Section 10 of RFC8415:  

   If the DHCP client receives OPTION_V4_DOTS_RI only, but
   OPTION_V4_DOTS_RI option contains more than one name, as
   distinguished by the presence of multiple root labels, the DHCP
   client MUST use only the first name.  Once the name is validated
   (Section 10 of [RFC8415]), the name is passed to a name resolution
   library.

> * Section 7 says:
> 
>    This document does not define any keys; the TXT record of a DNS-
> SD
>    service is thus empty (Section 6 of [RFC6763]).
> 
> RFC 6763 says that an empty TXT record MUST be included alongside
> the SRV record where DNS-SD is concerned. Should normative language
> be used here, or should we rely on the normative reference in case
> that guidance changes in the future?

[Med] I don't think that the use of normative language is needed here. RFC6763 is sufficient by its own.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.