Re: [DNSOP] Comments regarding the NSEC5

On 24.3.2015 21:04, Bob Harold wrote: > > But for the servers and public to know which key to use, there will need > > to be some id that matches NSEC5 records to the matching NSEC5 key. > > That requires changing the format of the NSEC5 records, so it cannot be > > done later. > >

Re: [DNSOP] Comments regarding the NSEC5

On 24.3.2015 21:25, Paul Wouters wrote: > On Tue, 24 Mar 2015, Jan Včelák wrote: > >>> The contents of zones quickly becomes visible, what with passive DNS, >>> DITL, people who connect in place X, and then reopen their laptop in >>> place Y, etc. >> >> I know and I completely agree. >> >> On the

Re: [DNSOP] Comments regarding the NSEC5

On Tue, 24 Mar 2015, Jan Včelák wrote: The contents of zones quickly becomes visible, what with passive DNS, DITL, people who connect in place X, and then reopen their laptop in place Y, etc. I know and I completely agree. On the other hand, there are efforts (DPRIVE) to make this data collec

Re: [DNSOP] Comments regarding the NSEC5

On Tue, Mar 24, 2015 at 3:27 PM, Jan Včelák wrote: > On 24.3.2015 20:08, Bob Harold wrote: > > > > On Mon, Mar 23, 2015 at 6:38 PM, Jan Včelák wrote: > > > > On 23.3.2015 18:26, Bob Harold wrote: > > > I think we might need to allow for more than one NSEC5 key and > chain, > > > durin

Re: [DNSOP] Comments regarding the NSEC5

On 24.3.2015 19:20, Paul Hoffman wrote: > Again: a proposal for an operational change to DNSSEC needs to be explicit > about the tradeoffs, particularly when one of the options is "you will be > considered unsigned by some resolvers when you implement this". The current > draft is not have this.

Re: [DNSOP] Comments regarding the NSEC5

On 24.3.2015 20:08, Bob Harold wrote: > > On Mon, Mar 23, 2015 at 6:38 PM, Jan Včelák wrote: > > On 23.3.2015 18:26, Bob Harold wrote: > > I think we might need to allow for more than one NSEC5 key and chain, > > during a transition. Otherwise it might be impossible to later create a

Re: [DNSOP] Comments regarding the NSEC5

On Mon, Mar 23, 2015 at 6:38 PM, Jan Včelák wrote: > On 23.3.2015 18:26, Bob Harold wrote: > > I think we might need to allow for more than one NSEC5 key and chain, > > during a transition. Otherwise it might be impossible to later create a > > reasonable transition process. This might require

Re: [DNSOP] Comments regarding the NSEC5

On 24.3.2015 19:11, Warren Kumari wrote: > On Tue, Mar 24, 2015 at 9:56 AM, Jan Včelák wrote: >> On 24.3.2015 13:57, Paul Hoffman wrote: >>> On Mar 23, 2015, at 6:23 PM, Jan Včelák wrote: > This proposal continues to have fundamental problems that are not > documented in the draft. >

Re: [DNSOP] Comments regarding the NSEC5

> On Mar 24, 2015, at 11:11 AM, Warren Kumari wrote: There is a paper "Stretching NSEC3 to the Limit: Efficient Zone Enumeration Attacks on NSEC3 Variants" by Sharon Goldberg et al, which covers some of the trivial solutions and explains why it won't work: http://www.cs.

Re: [DNSOP] Comments regarding the NSEC5

> On Mar 24, 2015, at 10:41 AM, Matthäus Wander > wrote: > > * Paul Hoffman [2015-03-24 13:57]: >> On Mar 23, 2015, at 6:23 PM, Jan Včelák wrote: - The statement about NSEC3 "offline dictionary attacks are still possible and have been demonstrated" doesn't take into account trivial

Re: [DNSOP] Comments regarding the NSEC5

On Tue, Mar 24, 2015 at 9:56 AM, Jan Včelák wrote: > On 24.3.2015 13:57, Paul Hoffman wrote: >> On Mar 23, 2015, at 6:23 PM, Jan Včelák wrote: This proposal continues to have fundamental problems that are not documented in the draft. - The statement about NSEC3 "offline dicti

Re: [DNSOP] Comments regarding the NSEC5

* Paul Hoffman [2015-03-24 13:57]: > On Mar 23, 2015, at 6:23 PM, Jan Včelák wrote: >>> - The statement about NSEC3 "offline dictionary attacks are still possible >>> and have been demonstrated" doesn't take into account trivial changes that >>> an operator can choose to take if they are really

Re: [DNSOP] Comments regarding the NSEC5

On 24.3.2015 13:57, Paul Hoffman wrote: > On Mar 23, 2015, at 6:23 PM, Jan Včelák wrote: >>> This proposal continues to have fundamental problems that are not >>> documented in the draft. >>> >>> - The statement about NSEC3 "offline dictionary attacks are still possible >>> and have been demonst

Re: [DNSOP] Comments regarding the NSEC5

On Mar 23, 2015, at 6:23 PM, Jan Včelák wrote: >> This proposal continues to have fundamental problems that are not documented >> in the draft. >> >> - The statement about NSEC3 "offline dictionary attacks are still possible >> and have been demonstrated" doesn't take into account trivial chang

Re: [DNSOP] Comments regarding the NSEC5

Hi Paul, > This proposal continues to have fundamental problems that are not documented > in the draft. > > - The statement about NSEC3 "offline dictionary attacks are still possible > and have been demonstrated" doesn't take into account trivial changes that an > operator can choose to take i

Re: [DNSOP] Comments regarding the NSEC5

On 23.3.2015 18:26, Bob Harold wrote: > I think we might need to allow for more than one NSEC5 key and chain, > during a transition. Otherwise it might be impossible to later create a > reasonable transition process. This might require us to tag the NSEC5 > records with an id, so that the chains

Re: [DNSOP] Comments regarding the NSEC5

On 3/23/15, 14:08, "Paul Hoffman" wrote: >On Mar 23, 2015, at 10:15 AM, Jan Včelák wrote: >> I just submitted an updated NSEC5 draft into the data tracker. The most >> significant change is fixing the NSEC5 key rollover mechanism; the rest >> are just typo fixes and small clarifications in termi

Re: [DNSOP] Comments regarding the NSEC5

> Paul Hoffman > Monday, March 23, 2015 12:08 PM > > This proposal continues to have fundamental problems that are not > documented in the draft. > > ... > > Overall, this seems like a novel idea that comes with a huge > operational overhead and no actual demand. +

Re: [DNSOP] Comments regarding the NSEC5

On Mar 23, 2015, at 10:15 AM, Jan Včelák wrote: > I just submitted an updated NSEC5 draft into the data tracker. The most > significant change is fixing the NSEC5 key rollover mechanism; the rest > are just typo fixes and small clarifications in terminology. This proposal continues to have fundam

Re: [DNSOP] Comments regarding the NSEC5

The completed sections of draft looks good to me, with one exception. I think we might need to allow for more than one NSEC5 key and chain, during a transition. Otherwise it might be impossible to later create a reasonable transition process. This might require us to tag the NSEC5 records with a

Re: [DNSOP] Comments regarding the NSEC5

Hi, I just submitted an updated NSEC5 draft into the data tracker. The most significant change is fixing the NSEC5 key rollover mechanism; the rest are just typo fixes and small clarifications in terminology. http://datatracker.ietf.org/doc/draft-vcelak-nsec5/ Also, I will have a 10 minute talk

Re: [DNSOP] Comments regarding the NSEC5

On Thursday, March 12, 2015 12:39:17 PM Florian Weimer wrote: > On 03/12/2015 11:36 AM, Jan Včelák wrote: > >> And does anyone actually use opt out with NSEC3? > > > > Yes, .com for example. My impression was that Opt-Out was the selling > > point of NSEC3, not the domain name hashing. > > Okay.

Re: [DNSOP] Comments regarding the NSEC5

https://nic.cz/ - Original Message - > From: "Florian Weimer" > To: "Jan Včelák" > Cc: dnsop@ietf.org, "Nicholas Weaver" > Sent: Thursday, March 12, 2015 12:39:17 PM > Subject: Re: [DNSOP] Comments regarding the NSEC5 > On 03/12/2015 11:36 AM, Jan

Re: [DNSOP] Comments regarding the NSEC5

On 03/12/2015 11:36 AM, Jan Včelák wrote: >> And does anyone actually use opt out with NSEC3? > > Yes, .com for example. My impression was that Opt-Out was the selling point > of > NSEC3, not the domain name hashing. Okay. Are they interested in switching to NSEC5? -- Florian Weimer / Red H

Re: [DNSOP] Comments regarding the NSEC5

On Thursday, March 12, 2015 11:31:37 AM Florian Weimer wrote: > On 03/12/2015 11:15 AM, Jan Včelák wrote: > > On Wednesday, March 11, 2015 09:52:55 AM Nicholas Weaver wrote: > >> Why not just do something simpler? The only thing NSEC5 really differs > >> in a way that counts is not in the NSEC rec

Re: [DNSOP] Comments regarding the NSEC5

On 03/12/2015 11:15 AM, Jan Včelák wrote: > On Wednesday, March 11, 2015 09:52:55 AM Nicholas Weaver wrote: >> Why not just do something simpler? The only thing NSEC5 really differs in a >> way that counts is not in the NSEC record but really just the DNSKEY >> handling, having a separate key used

Re: [DNSOP] Comments regarding the NSEC5

On Wednesday, March 11, 2015 10:02:31 AM Paul Hoffman wrote: > Proposal: until there is evidence that there is a community that needs the > features of NSEC5 that cannot be easily replicated in NSEC3, this WG does > not consider a protocol change that would require every resolver to be > updated.

Re: [DNSOP] Comments regarding the NSEC5

On Wednesday, March 11, 2015 09:52:55 AM Nicholas Weaver wrote: > Why not just do something simpler? The only thing NSEC5 really differs in a > way that counts is not in the NSEC record but really just the DNSKEY > handling, having a separate key used for signing the NSEC* records. > > So why def

Re: [DNSOP] Comments regarding the NSEC5

> On Mar 11, 2015, at 9:39 AM, Jan Včelák wrote: > > NSEC5 proof is the FDH of domain name. > NSEC5 hash is SHA-256 of NSEC5 proof. > > I will clarify that. Why not just do something simpler? The only thing NSEC5 really differs in a way that counts is not in the NSEC record but really just t

Re: [DNSOP] Comments regarding the NSEC5

On Wed, 11 Mar 2015, Nicholas Weaver wrote: Why not just do something simpler? The only thing NSEC5 really differs in a way that counts is not in the NSEC record but really just the DNSKEY handling, having a separate key used for signing the NSEC* records. So why define NSEC5 at all. Inste

Re: [DNSOP] Comments regarding the NSEC5

> On Mar 11, 2015, at 9:39 AM, Jan Včelák wrote: > > On 11.3.2015 17:30, Florian Weimer wrote: >> On 03/11/2015 05:19 PM, Jan Včelák wrote: >> It's not clear if the security goals make sense. What do zone operators gain if zone enumeration attacks are moved from offline to online, ot

Re: [DNSOP] Comments regarding the NSEC5

Hello Florian, On 11.3.2015 12:01, Florian Weimer wrote: > do you plan to submit this to an IETF working group, or as an individual > submission? We plan to submit the draft as an individual submission. > It's not clear if the security goals make sense. What do zone operators > gain if zone enu

Re: [DNSOP] Comments regarding the NSEC5

On 11.3.2015 17:30, Florian Weimer wrote: > On 03/11/2015 05:19 PM, Jan Včelák wrote: > >>> It's not clear if the security goals make sense. What do zone operators >>> gain if zone enumeration attacks are moved from offline to online, other >>> than a need to provision additional server capacity?

Re: [DNSOP] Comments regarding the NSEC5

On 03/11/2015 05:19 PM, Jan Včelák wrote: >> It's not clear if the security goals make sense. What do zone operators >> gain if zone enumeration attacks are moved from offline to online, other >> than a need to provision additional server capacity? It's not that they >> can block resolution requ

[DNSOP] Comments regarding the NSEC5

Hi Jan, do you plan to submit this to an IETF working group, or as an individual submission? It's not clear if the security goals make sense. What do zone operators gain if zone enumeration attacks are moved from offline to online, other than a need to provision additional server capacity? It's