IETF Logo Mail Archive

Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers

Eric Rescorla <ekr@rtfm.com> Tue, 30 June 2020 22:06 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13D933A08AD for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 15:06:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKxN0cr9vwey for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 15:06:34 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDB9A3A089C for <add@ietf.org>; Tue, 30 Jun 2020 15:06:33 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id n23so24534153ljh.7 for <add@ietf.org>; Tue, 30 Jun 2020 15:06:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xnHpyqtMYFjlRzQC1+44fgO2wboMSkN8fXQWOcozAm4=; b=x4njfS0PQLepnikX2GJvnJt0DGLQtfBceGTfcVCK7iWvhY7LylBJZVdW60E1lPalTx AQ2iUM01xxw/00v9ZgpC1+ikgY7eht+E99ijGokqx0gpjbg8DL0PnRms0SXx5s6MSDeu Zq6kzC8kb4XXPp0MWslXIfgZgAO8k+0kpFHC4CSh7OTrW7wJHvgkA1anTeBDYb3f8e48 h2Ourb5RcD3vQ2Ywt3bIa1GVmciomMgn/sGDJfo5QJc+iOABMgRzYKzHgZGhphs37E8I eElCEf+jrAB8OLhsXeTMfMy/bCbUDlNdjYQUEZFW13ZZwOFKg2VpeqTCSrPs6PEi86fa 445g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xnHpyqtMYFjlRzQC1+44fgO2wboMSkN8fXQWOcozAm4=; b=QPzWa2jLpndCzDz+X0YEWfDgOCSRv86u5sqGpDYwF9UupcrBeoCNTztBQEyTqhoN/V Sfn0TbSQ8XBe/sueNQa6P28ntSOCe2JjdSApEZsoG16ZAeKDQDJWe2+AZApHMouJBgH6 dC/VcKdn9X/qKFWJaCbwWoHc0Z4L/g2DLc+KtOVF0DtMahMuY7SznlCxqoUAHcEk+iH7 HbXHSSXvkRYhcffdD1sPfUT0k4B+ZBjWvxANj8jVOT0SKzr5TJ+CDFOzl7zzTy0qgLPy h8IysXINnsR41TQlzcDJy/RvT3DEw9NYLHYgpDK1A/hN2lirXpKdp/qBU7pUVESMB5sM IzGg==
X-Gm-Message-State: AOAM532Wxy0tuViNau2F3RLc3kPWm3tLF1dsvEhEaKV9PfKquy5zxvdf sMjCO1W0YkZlW7ucxQEyo1XP4F1G/V8Qw86zpvpGng7hckA=
X-Google-Smtp-Source: ABdhPJy7lJQhC4kYBW776BOAbJcHOho7XahQdCsFeeq5CV2ikwYMSaDqNa0bTZZtll3Zkm8HLk2medUQHWTn42DtgXQ=
X-Received: by 2002:a2e:8092:: with SMTP id i18mr3739603ljg.265.1593554791906; Tue, 30 Jun 2020 15:06:31 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBPTkWeB40wpTowKvEJ-gXA3AL2e-BE+C_FC7Js7-D0DZQ@mail.gmail.com> <bd78f54e-038d-9cff-b6a8-c9c6323ed5f5@redbarn.org> <668384b7-90f5-4ff1-b9e2-d0257aee731d@www.fastmail.com> <3421779.8U4dVgcHlH@linux-9daj> <CABcZeBP8okFjJZk6+PYnTRqDi+KW+=4eT9niRZKkQ00THgL81g@mail.gmail.com> <493383543.2474.1593552227901@appsuite-dev-gw1.open-xchange.com>
In-Reply-To: <493383543.2474.1593552227901@appsuite-dev-gw1.open-xchange.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 30 Jun 2020 15:05:55 -0700
Message-ID: <CABcZeBPMEshFOWYbkzkY0fuqe+suOtj4r3F9snQ7W3xb_ze=3Q@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: Paul Vixie <paul@redbarn.org>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004d514e05a954636d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/TOQd4oE8c8E-LD10cdKl_Yw9fBU>
Subject: Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 22:06:36 -0000

On Tue, Jun 30, 2020 at 2:24 PM Vittorio Bertola <vittorio.bertola=
40open-xchange.com@dmarc.ietf.org> wrote:

>
> Il 30/06/2020 14:58 Eric Rescorla <ekr@rtfm.com> ha scritto:
>
> On Tue, Jun 30, 2020 at 2:19 AM Paul Vixie <paul@redbarn.org> wrote:
>
> i have badly misunderstood.
>
> the way i know that the ip address provided by the isp was delivered
> securely
> today is because off-net DHCP forgery is hard,
>
>
> Let's start here:
> I agree that off-net DHCP forgery is hard. However, once you assume that
> you are off-path, then Do53 interception is *also* hard. So for this to be
> useful you need an environment in which the attacker is able to attack Do53
> but *not* to attack DHCP. What I'm asking for is for someone to define that
> threat model precisely so that we can design protocols that match it.
>
> I have written and deleted two or three longer replies to this, so I will
> just quote what Daniel Migault wrote a few messages ago: "The threat model
> seems for Comcast and the end user having the traffic redirected to
> Cloudflare instead of the local resolver." But of course the basic issue is
> that we seem to disagree on what a threat is.
>

No, I don't in fact that's the issue at all. To recap, this is a solution
for a very specific problem. I'm not suggesting that it's a generic
solution.

However, there have been a number of proposals for nominally generic
solutions none of which seem to come with a fully defined threat model. I'm
trying to get to what that model is. Specifically, I agree that it would be
a useful to allow endpoint devices to securely learn the identity of the
Do[HT] server associated with their local network [0]. This would then
allow you to get private resolution even if there were attackers on the
network (as in classical Ethernet or unencrypted WiFi). However, even with
that objective, we still need to define a realistic set of attacker
capabilities and then a design which is secure given those capabilities.
That is what I am asking for.

-Ekr

[0] Under the assumption that you are connecting to the right network, of
course, which is sometimes a very thin assumption.

> --
>
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> vittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email