Re: [dane] [Gen-art] Review of draft-ietf-dane-smime-15
worley@ariadne.com (Dale R. Worley) Mon, 27 February 2017 00:44 UTC
Return-Path: <worley@alum.mit.edu>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89FDA1294E1 for <dane@ietfa.amsl.com>; Sun, 26 Feb 2017 16:44:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.933
X-Spam-Level:
X-Spam-Status: No, score=-1.933 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MvxpqXIHzZAr for <dane@ietfa.amsl.com>; Sun, 26 Feb 2017 16:44:44 -0800 (PST)
Received: from resqmta-po-07v.sys.comcast.net (resqmta-po-07v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:166]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E30F5129A2A for <dane@ietf.org>; Sun, 26 Feb 2017 16:44:42 -0800 (PST)
Received: from resomta-po-15v.sys.comcast.net ([96.114.154.239]) by resqmta-po-07v.sys.comcast.net with SMTP id i9QgcW9AEO8Emi9Qgcftu7; Mon, 27 Feb 2017 00:44:42 +0000
Received: from hobgoblin.ariadne.com ([IPv6:2601:192:4603:9471:222:fbff:fe91:d396]) by resomta-po-15v.sys.comcast.net with SMTP id i9QecmVNWPFGLi9QfcMk9q; Mon, 27 Feb 2017 00:44:42 +0000
Received: from hobgoblin.ariadne.com (hobgoblin.ariadne.com [127.0.0.1]) by hobgoblin.ariadne.com (8.14.7/8.14.7) with ESMTP id v1R0iedr001364; Sun, 26 Feb 2017 19:44:40 -0500
Received: (from worley@localhost) by hobgoblin.ariadne.com (8.14.7/8.14.7/Submit) id v1R0idYL001361; Sun, 26 Feb 2017 19:44:39 -0500
X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to worley@alum.mit.edu using -f
From: worley@ariadne.com
To: gen-art@ietf.org, draft-ietf-dane-smime.all@ietf.org, ietf@ietf.org, dane@ietf.org
In-Reply-To: <148811824790.2888.13003369227902377285.idtracker@ietfa.amsl.com> (worley@ariadne.com)
Sender: worley@ariadne.com
Date: Sun, 26 Feb 2017 19:44:39 -0500
Message-ID: <87innwmphk.fsf@hobgoblin.ariadne.com>
X-CMAE-Envelope: MS4wfJAil5laMlQoI7AP1qZuHwqg5jLsSsUL1K2Ow0SNFoDlRfczxl73mYvnFRc/cOJfaQhysCFkoVkD/YJI/Z2KT5sg0NDFI1nWUOA/kx8dRm/MOAPe2JRL FSgRBac5rdEJDzqILr3mola625uX/msiC2/GFhkRmX66pt4O8WVRka6WSm3ZL7uC/LY7IFtn9tKlIfnFd3a95tzi2QLilR9Js1++xL1/gLLLKUoEdmo9/k7p dY/0mshlajXHLI3/LO5t5A==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/tB3zDpPxuU-mOm1xlbI9pwKIDCI>
Subject: Re: [dane] [Gen-art] Review of draft-ietf-dane-smime-15
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2017 19:20:14 -0000
Dale Worley <worley@ariadne.com> in his review: > 2. Presumably it was deliberate not to have the first label for an > SNAMEA record be the canonical UTF-8 string for the local-part, even > though the DNS architecture (RFC 1035) seems to admit binary labels. > 3. Location of the SMIMEA Record > > The DNS does not allow the use of all characters that are supported > in the "local-part" of email addresses as defined in [RFC5322] and > [RFC6530]. > > I don't have the full background on this. My memory ends at RFC > 1035: > > Although labels can contain any 8 bit values in octets that make up a > label, it is strongly recommended that labels follow the preferred > syntax described elsewhere in this memo, which is compatible with > existing host naming conventions. > > I suspect there is by now a defined way to have "UTF-8 labels". Given > that this draft doesn't use such a mechanism, there's probably a > discussion out there why just using a UTF-8 string as a label doesn't > work. It would be helpful to put a reference to that discussion here, > because the mechanism in the draft is doing a lot of work to avoid the > seemingly obvious mechanism. >From draft-ietf-dane-smime-15: > 9.2. Email Address Information Leak > > The hashing of the local-part in this document is not a security > feature. Publishing SMIMEA records will create a list of hashes of > valid email addresses, which could simplify obtaining a list of valid > email addresses for a particular domain. It is desirable to not ease > the harvesting of email addresses where possible. > > The domain name part of the email address is not used as part of the > hash so that hashes can be used in multiple zones deployed using > DNAME [RFC6672]. This makes it slightly easier and cheaper to brute- > force the SHA2-256 hashes into common and short local-parts, as > single rainbow tables [Rainbow] can be re-used across domains. This > can be somewhat countered by using NSEC3. After thinking about this more, it seems to me that the draft is suffering from conflicting requirements. On one hand, it wants to not have the SMIMEA records provide a complete list of local-parts for the domain name. On the other hand, simply hashing the local-parts does not provide enough protection of the local-parts because one dictionary can be used to attack every domain that uses SMIMEA. And hashing the local-parts with the domain name makes it impossible to present the same set of SMIMEA records for several domain names (that are e-mail equivalent) using DNAME records. This, I think, leads to justifying using hashes as labels for the RRs even though the local-parts are encoded in UTF-8, and could be used as labels themselves. It seems to me the way out of this conflict is to salt the hashes of the local-parts. That is, each domain has a salt value of e.g. 128 bits (16 octets) which is hashed with the local-part to produce the label for the RR. The natural way to distribute the salt is in an RR attached to the _smimecert domain (which ensures that several domains can use DNAME to redirect to one tree of SMIMEA records), and it seems that an easy way to do that is to use an SMIMEA RR with another "certificate usage" value (presumably 4) to specify that the "certificate association data" field holds the salt value: $origin example.com. ; salt _smimecert IN SMIMEA 4 0 0 0f215f3ab4a8bd21b831c8316379d5b0 ; hugh@example.com 51dfb169b7e8f5eeb4c853bf2cc2d9481cb6e9f3bd156afeb3b1cf42._smimecert ( IN SMIMEA 0 0 1 d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971 ) It would even be upward-compatible from the current system if we defined that if there was no SMIMEA record for the _smimecert domain, then the hash is unsalted. Dale
- [dane] Review of draft-ietf-dane-smime-15 Dale Worley
- Re: [dane] [Gen-art] Review of draft-ietf-dane-sm… Dale R. Worley
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Wouters
- Re: [dane] Review of draft-ietf-dane-smime-15 Dale R. Worley
- Re: [dane] [Gen-art] Review of draft-ietf-dane-sm… Dale R. Worley
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Wouters
- Re: [dane] Review of draft-ietf-dane-smime-15 John Levine
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Wouters
- Re: [dane] Review of draft-ietf-dane-smime-15 John Levine
- Re: [dane] Review of draft-ietf-dane-smime-15 Stephen Farrell
- Re: [dane] Review of draft-ietf-dane-smime-15 Paul Hoffman
- Re: [dane] Review of draft-ietf-dane-smime-15 Dale R. Worley