Why there are no hashes in cloudflare sdns string?

DNSCrypt / dnscrypt-resolvers

Lists of public DNSCrypt / DoH DNS servers and DNS relays

https://dnscrypt.info

1.22k stars 261 forks source link

Why there are no hashes in cloudflare sdns string? #867

Closed slowpeek closed 10 months ago

slowpeek commented 10 months ago

As I understand it, if there are no hashes, there is no cert check:

if !found && len(stamp.Hashes) > 0 {
    dlog.Criticalf("[%s] Certificate hash [%x] not found", name, wantedHash)
    return ServerInfo{}, fmt.Errorf("Certificate hash not found")
}

google's stamp contains 3 hashes:

sdns://AgUAAAAAAAAABzguOC44LjigHvYkz_9ea9O63fP92_3qVlRn43cpncfuZnUWbzAMwbmgdoAkR6AZkxo_AEMExT_cbBssN43Evo9zs5_ZyWnftEUgalBisNF41VbxY7E7Gw8ZQ10CWIKRzHVYnf7m6xHI1cMKZG5zLmdvb2dsZQovZG5zLXF1ZXJ5

1ef624cfff5e6bd3baddf3fddbfdea565467e377299dc7ee6675166f300cc1b9
76802447a019931a3f004304c53fdc6c1b2c378dc4be8f73b39fd9c969dfb445
6a5062b0d178d556f163b13b1b0f19435d02588291cc75589dfee6eb11c8d5c3

cloudflare's stamp contains none:

sdns://AgcAAAAAAAAABzEuMC4wLjEAEmRucy5jbG91ZGZsYXJlLmNvbQovZG5zLXF1ZXJ5

Do I get it right: by default with server_names = ['cloudflare'] dnscrypt-proxy is not secure at all (since the cert is not checked)?

jedisct1 commented 10 months ago

Cloudflare certificates change all the time, so this is unfortunately impossible to maintain.

And yes, it means that it is completely insecure against adversaries having power of certificate authorities, and products adding their own CAs.

slowpeek commented 10 months ago

@jedisct1

One year ago (early Jan) I imported new cloudflare's cert into my mikrotik router and set up DOH on it with enabled "Verify DoH Certificate". It works no problems since that time. Just to make sure, I compared the cert on my router and on cloudflare - they are the same.

Do you consider yearly certs as too much volatile or do I miss something?

jedisct1 commented 10 months ago

It was far more frequent. Hashes were removed in 2020. Maybe things have stabilized since? That would be surprising, though. I have websites fronted by Cloudflare and the certificate chain keeps changing at least twice a month.

What stamp are you using?

jedisct1 commented 10 months ago

Current hash is:

 [CN=Cloudflare Inc ECC CA-3,O=Cloudflare\, Inc.,C=US] [9cbba0fc962f7a2b31c62b1b175a2de4c50a8395727e30b626a80009a780e3d8]

slowpeek commented 10 months ago

My config

server_names = ['cloudflare-static']

..

[static]

[static.'cloudflare-static']
stamp = 'sdns://AgcAAAAAAAAABzEuMC4wLjEAEmRucy5jbG91ZGZsYXJlLmNvbQovZG5zLXF1ZXJ5'

Sample run:

> dnscrypt-proxy -show-certs
[2023-12-29 23:29:23] [NOTICE] dnscrypt-proxy 2.0.45
[2023-12-29 23:29:23] [NOTICE] Firefox workaround initialized
[2023-12-29 23:29:24] [NOTICE] Advertised cert: [CN=cloudflare.com,O=Cloudflare\, Inc.,L=San Francisco,ST=California,C=US] [8daa18baf94b4af89d1079557b901674e94e66974a8504a32bfaf1eb3fa5700d]
[2023-12-29 23:29:24] [NOTICE] Advertised cert: [CN=Cloudflare Inc ECC CA-3,O=Cloudflare\, Inc.,C=US] [9cbba0fc962f7a2b31c62b1b175a2de4c50a8395727e30b626a80009a780e3d8]
[2023-12-29 23:29:24] [NOTICE] [cloudflare-static] OK (DoH) - rtt: 45ms
[2023-12-29 23:29:24] [NOTICE] Server with the lowest initial latency: cloudflare-static (rtt: 45ms)

jedisct1 commented 10 months ago

Cloudflare are also still using Digicert (at least for the "family" and "security" resolvers) and we need another CA for people choosing the RSA cipher suites.

d46ec48730cef5e2868d3e48e0780f1f9ee0a4b7 re-adds these certs. Hopefully these are the same everywhere in the world. Let's see how long it takes before something breaks.