<html><head></head><body><div><div><div class=""><div class=""><div class=""><div class=""><br></div></div><br><div class="sh-signature"><div class="gmail_signature"><br></div></div></div><br><div class="sh-quoted-content"><div class=""><div class="gmail_quote">On Fri, May 06, 2022 at 9:18 PM, Mukund Sivaraman <span dir="ltr" class=""><<a href="mailto:muks@mukund.org" target="_blank" class="">muks@mukund.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_extra"><div class="gmail_quote" style="null" id="null"><p class="">On Fri, May 06, 2022 at 08:58:51PM -0400, Amir Herzberg wrote:
<br></p><blockquote class=""><p class="">
Hi NANOGers,
<br></p><p class="">
I have a small question re DNSSEC `proof of non-existence' records: NSEC,
NSEC3 and the (dead?) NSEC5 proposal.
<br></p><p class="">
<begin background (probably known to all/most):> NSEC3 was motivated as a
method to prevent Zone enumeration, then Berenstein showed its defense is
pretty weak. RFC7129 (White Lies) prevents this enumeration attack but
requires online signing with the zone's key, which introduces another
vulnerability and, of course, overhead of online-signing. NSEC5 was
proposed to prevent enumeration without online signing, so arguably more
secure than RFC7129, but has comparable online overhead and appears `dead';
the I-D expired (last update July'17).
<br></p><p class="">
Note that NSEC3 also supports `opt-out', which reduces overhead for
adoptions in domains with many non-adopting ASes, and I believe is not
supported by NSEC.
<br>
<end background>
</p><p class="">
Questions:
<br>
- Do you find zone enumeration a real concern?
</p></blockquote><p class="">
The answer to this would vary depending on who is asked, so it's not
clear how you would use such answers. It may be a concern to some, may
not be a concern to others.
<br></p><p class="">
If zone enumeration was not a real concern, NSEC3 would not
exist. <br></p></div></div></blockquote></div></div></div></div><div><div><br></div><div><br></div><div>Ackchyually, that's only partly true — a significant amount of the driver (some would say hte large majority) behind NSEC3 was that it supports "opt-out". This was important in very large, delegation-centric zones (e.g like .com), where the vast majority of delegations were initially not signed. This allows just signing the signed delegation and the holes between them, and not all of the unsigned delegations. <br></div><div><br></div><div>This was also before things like passive DNS services existed, etc., and the "secrecy" of a zone was viewed more as an actual thing...</div><div><br></div><div>From RFC5155: </div><div>"A second problem is that the cost to cryptographically secure<br></div></div><div> delegations to unsigned zones is high, relative to the perceived<br></div><div> security benefit, in two cases: large, delegation-centric zones, and<br></div><div> zones where insecure delegations will be updated rapidly. In these<br></div><div> cases, the costs of maintaining the NSEC RR chain may be extremely<br></div><div> high and use of the "Opt-Out" convention may be more appropriate (for<br></div><div> these unsecured zones)."<br></div><div><div><br></div><div><br></div><div><br></div></div><div class=""><div class="sh-quoted-content"><div class=""><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_extra"><div class="gmail_quote" style="null" id="null"><p class="">However, public DNS is a public tree and so we should have
limited expectations for hiding names in it.
<br></p><blockquote class=""><p class="">
- Do you think the white-lies countermeasure is sufficient and fine, or do
you have security and/or performance concern (or just think it's
pointless)?
<br>
- and the final question... would you think an alternative to NSEC5 which
will be more efficient and simpler would be of potential practical
importance, or just a nice academic `exercise'?
</p><p class="">
I'm really unsure about these questions - esp. the last one - and your
feedback may help me decide on the importance of this line of research.
Just fun or of possible practical importance?
<br></p></blockquote><p class="">
These questions may be better posed to the <a target="_blank" rel="noopener noreferrer" href="mailto:dnsop@ietf.org" class="">dnsop@<wbr>ietf.<wbr>org</a> and
<a target="_blank" rel="noopener noreferrer" href="mailto:dns-operations@dns-oarc.net" class="">dns-operations@<wbr>dns-oarc.<wbr>net</a> mailing lists, as you'll get more relevant
answers from people who work in the DNS industry.<br></p></div></div></blockquote></div></div></div></div><div><div><br></div><div><br></div><div>Yes, +1, etc.!<br></div><div><br></div><div>W</div><div><br></div><div><br></div></div><div class=""><div class="sh-quoted-content"><div class=""><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_extra"><div class="gmail_quote" style="null" id="null"><p class="">
<br></p><p class="">
Mukund<br></p></div></div></blockquote></div></div></div></div><div><br></div></div><div></div></div></body></html>