Re: [dane] I-D Action: draft-ietf-dane-smime-03.txt

Viktor Dukhovni <viktor1dane@dukhovni.org> Fri, 07 February 2014 18:11 UTC

Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88EC01A01B0 for <dane@ietfa.amsl.com>; Fri, 7 Feb 2014 10:11:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X9XqyZ981yZf for <dane@ietfa.amsl.com>; Fri, 7 Feb 2014 10:11:29 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id CF8A51A00F0 for <dane@ietf.org>; Fri, 7 Feb 2014 10:11:29 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 40FB12AB245; Fri, 7 Feb 2014 18:11:29 +0000 (UTC)
Date: Fri, 7 Feb 2014 18:11:29 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20140207181129.GO278@mournblade.imrryr.org>
References: <41938fd202ba460285b59132c29ac826@BY2PR09MB029.namprd09.prod.outlook.com> <20140206195322.GD278@mournblade.imrryr.org> <11698F58-B554-4CC8-872F-D2A3BF08986C@kirei.se> <20140206215742.GF278@mournblade.imrryr.org> <alpine.LFD.2.10.1402071254350.21252@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.LFD.2.10.1402071254350.21252@bofh.nohats.ca>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] I-D Action: draft-ietf-dane-smime-03.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2014 18:11:34 -0000

On Fri, Feb 07, 2014 at 12:57:09PM -0500, Paul Wouters wrote:

> On Thu, 6 Feb 2014, Viktor Dukhovni wrote:
> 
> >I think that HMAC-sha224 would be wiser, since otherwise a single
> >dictionary works for all domains.
> 
> So what, telnet'ing to port 25 and issuing HELO and RCP TO: is cheaper
> already.

There's a difference between online and off-line attacks.  

For an NSEC zone, if the hash does not include the full address,
the attacker can trivially perform a lookup in a pre-computed
domain-indendent dictionary.  Thus the usernames are easily recovered
off-line.  So if you don't do HMAC, you must hash the full address,
not just the localpart.

For an NSEC3 zone, the attacker gets lightly iterated salted hashes
of the query fqdn, and needs to compute the same for each guess of
a plausible user name.

Bottom line, hash the full address, not just the localpart.

-- 
	Viktor.