IETF Logo Mail Archive

Re: [dns-privacy] [Ext] Threat Model

Eric Rescorla <ekr@rtfm.com> Mon, 04 November 2019 22:13 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F40B81209DB for <dns-privacy@ietfa.amsl.com>; Mon, 4 Nov 2019 14:13:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PXoresUzlUIx for <dns-privacy@ietfa.amsl.com>; Mon, 4 Nov 2019 14:13:18 -0800 (PST)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86CF21201EF for <dns-privacy@ietf.org>; Mon, 4 Nov 2019 14:13:18 -0800 (PST)
Received: by mail-lj1-x22c.google.com with SMTP id g3so13305177ljl.11 for <dns-privacy@ietf.org>; Mon, 04 Nov 2019 14:13:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=O27Zt5bXPMhlXH4UV3isZEIvKeHPUov1V3XIko0w01w=; b=KddSiRuv258SwuIuNPNZZY8hMqgkDpNWm9vBSA5WpqUgamP7iVEWQLwpX3CbXmtJT8 tnf+WQuqrnneKyNYIRJRp/q4udcORHUdo0e+qesta2FTrNOqdoMlRwa49e6OAdN4mtgZ ejlKcbIheZKyPFimNQc1oEKNv9FeoAFj6vfStMCYiezl33FDhQ8gwzZE4D+wvuWliLYD fqbbpCa2mNAGeTwLJ+5lySVkpBY98loXsgx3RRwk2Jyqhp/16grzP+A3y/YRuE1w91P9 IWwdp3wl2aHqdg4L/EdgA0mIdXsAHxBAU4Q40Onm3cERHC54fHGEV9sm0OHbJl3Y6wMc bfFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=O27Zt5bXPMhlXH4UV3isZEIvKeHPUov1V3XIko0w01w=; b=czn+ovuUe0l+vxyK5DaOOtw2Pp1DM67T7CJUFnVW0SwIqfwvTl/PRLWz2g+WY30TkD GmQYYJ7SwJ37qNUONxQC8xjnlDlgTt7AD7EQAPg7G7mDvoUdjfbEXVBHsZFV6YahE8GM UtDW7BQpPbdfYZefbZ4Jef7V9bWPakAQgz6pL3pub3RbE8VIPatz/bKyFulEi1dFRksg 4eJaHI7zrGy3140QuQvI2So4mlFGhZiv5utH3itTEOKPmru/nkfBTTbJVEhgaqBbKfeY XQKBCZSoUEtT8k1rhD3omFDhuBpWzlmS08dqDlGrmlfSwn4iCazszlDQ/TndlEqPKR2I UoZA==
X-Gm-Message-State: APjAAAXYkTvrbniAn9Yel3JE416qGVBfeX883SNAqKSC69aXHdwjcmfk HlGWxL2kHRG/pH5/upGGw7LXD2sSC0MYavBOcgNfGg==
X-Google-Smtp-Source: APXvYqxIxGy2zlvZ/quUmy4h2eldqTYzo/x6wlVp900yqVAIKjGFbvwTMGy9hRCxzyG9bSUOQ0/yHd+ZIGL3WKahvVQ=
X-Received: by 2002:a2e:b4eb:: with SMTP id s11mr4006127ljm.38.1572905596872; Mon, 04 Nov 2019 14:13:16 -0800 (PST)
MIME-Version: 1.0
References: <CABcZeBMQEJ=LE8ATQYnJj59srsK47hf4HT3BMMg3X2crVfSUXQ@mail.gmail.com> <1a70035e-edef-a3f4-ea91-52409ba37828@icann.org> <CABcZeBPAtvf3RU2gKWzyTaNwd6NBGsBuxq+n6r0W6-2RCnivSA@mail.gmail.com> <17189d1a-7689-f68d-6fe3-8d704af614a3@icann.org> <CABcZeBOhSYvqPyDcm9zbMYRc03DmPcCKYTYE-uC54=Mm9HMcnQ@mail.gmail.com> <99ee8cd4-9418-2d64-57fd-487b4f2c3a1a@cs.tcd.ie> <CABcZeBOBFFi=dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com> <CAHw9_iLz5No-SKa74To03ida3DHfeKY58CrJFJpLph8FsvzNQQ@mail.gmail.com> <CABcZeBMFDbATVRvJvvs5b4giQ=0B82i76ahv-ffDgWJOzqZccw@mail.gmail.com> <CAHw9_i+e8veeAz+KYXjvchmjKJz6OZHX1pEYx_Tvs8n5xnfBnQ@mail.gmail.com> <6D6233DC-4D7C-45BC-9D4E-08E6E882C1A5@nohats.ca> <alpine.DEB.2.20.1911042035571.29247@grey.csi.cam.ac.uk> <CAH1iCioH86q1CX7A+F8ON4uzpGqipUy8m3iczyNqSKirAsYBQg@mail.gmail.com> <alpine.LRH.2.21.1911041652450.5093@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1911041652450.5093@bofh.nohats.ca>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 04 Nov 2019 14:12:40 -0800
Message-ID: <CABcZeBOtY3saJe5DWTu=Jqy5guqdoKPKSR+XYddbvxwxKsxmig@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Brian Dickson <brian.peter.dickson@gmail.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005dfc3e05968c9f06"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/-S-BZuUFf9VHGR-CRYBfrOeVb9E>
Subject: Re: [dns-privacy] [Ext] Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 22:13:24 -0000

On Mon, Nov 4, 2019 at 1:56 PM Paul Wouters <paul@nohats.ca> wrote:

> On Mon, 4 Nov 2019, Brian Dickson wrote:
>
> > The names of the servers (and certificate management) would be
> orthogonal to the signaling of DoT support. I would expect the TLSA records
> would
> > be per-server and orthogonal to the per-zone signaling of DoT support.
>
> Again, that would be russian roulette. If I get an NS RRset with 3
> nameservers, and only one of these has a TLSA record, what should I
> do ?
>
> 1) Pick the TLSA one
> 2) Pick a random one
>
> For 1) if this protocol is widely deployed, all clients will pick 1) so
> you just shot your redundancy in the foot.
>
> For 2) the clients get reduced privacy for no good reason, so why would a
> client do this?
>
> It is really a per-zone property, not a per-nameserver property.
>

This is a good point, and seems like an argument against all of the
opportunistic versions as well, even those with HSTS-style mechanisms.

Suppose I look up a.example.com and get ns1.nameservers.example and
ns2.nameservers.example, and I have talked to ns1 and know it does Dot but
I don't know about ns2. What then? Or say I can't connect to ns1....

-Ekr

Paul
>
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
>

v2.23.0 | Report a Bug | By Email