[dane] Improving DANE S/MIME Privacy

Alice Wonder <alice@domblogger.net> Tue, 11 April 2017 17:16 UTC

Return-Path: <alice@domblogger.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FE3712704A for <dane@ietfa.amsl.com>; Tue, 11 Apr 2017 10:16:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=domblogger.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1T9FUIUnlfmt for <dane@ietfa.amsl.com>; Tue, 11 Apr 2017 10:16:05 -0700 (PDT)
Received: from mail.domblogger.net (mail.domblogger.net [IPv6:2600:3c00::f03c:91ff:fe56:d6a2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D92A12EB29 for <dane@ietf.org>; Tue, 11 Apr 2017 10:16:05 -0700 (PDT)
Received: from localhost.localdomain (68-189-44-253.dhcp.rdng.ca.charter.com [68.189.44.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.domblogger.net (Postfix) with ESMTPSA id 0F9E55F1 for <dane@ietf.org>; Tue, 11 Apr 2017 17:16:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=domblogger.net; s=default; t=1491930965; bh=xXnKtSNwoStCjcp9EshF4Fr4/0+pOW8RG0ZWGxabQNw=; h=To:From:Subject:Date; b=WobcM0XSrvV2Qidaudo54+FXV1D5y0otp2rXMJ0C6IorHdxYDqF3nLWSCGfrUmkLB AN6Ec8h0VPQE3xlBys1h4gx7yxp77+FlNJO3Jv0EZQcEpOVMU/kaZoukdaKGT6CTrt b8in1BoCwRqNvRnZO4Kp3oxcmGdNbKxb4CmXI2h0=
To: dane@ietf.org
From: Alice Wonder <alice@domblogger.net>
Message-ID: <f7332bd5-f003-c828-8f4a-0d543099c872@domblogger.net>
Date: Tue, 11 Apr 2017 10:16:04 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/g7LRMj3rkVWrG6qDfLtBIfCKLn8>
Subject: [dane] Improving DANE S/MIME Privacy
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Apr 2017 17:16:07 -0000

Hello,

This is respect to DNSSEC validation for S/MIME

When generating a hash for use in DNS, the draft for DANE/SMIME 
currently only uses the username portion of the address.

The obvious (and noted) privacy implications are that someone could 
discover e-mail addresses by rainbow table DNS queries and/or zone walking.

I believe this can be mitigated.

S/MIME makes use of x.509 certificates, so I suggest using the serial 
number from the x.509 certificate as a salt with the username before 
taking the hash.

This could be done optionally rather than mandatory, though I certainly 
would want to do it on mail systems I administer.

One of the things I worry about is spammers discovering valid e-mail 
addresses through the DANE S/MIME and then using the public key of that 
user to send encrypted malware that can not be filtered on the SMTP 
servers because it is hidden.

If the serial number for the x.509 certificate is a salt for the hash, 
then spammers can not determine the validity of an e-mail address from 
DNS but those who already have the certificate can use DNS to DANE 
validate the certificate.

Thank you for your time,

Michael A. Peters (aka Alice Wonder)