IETF Logo Mail Archive

Re: [dns-privacy] [Ext] Threat Model

Paul Wouters <paul@nohats.ca> Mon, 04 November 2019 21:56 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8203B120154 for <dns-privacy@ietfa.amsl.com>; Mon, 4 Nov 2019 13:56:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0rn_XT90TdGj for <dns-privacy@ietfa.amsl.com>; Mon, 4 Nov 2019 13:56:42 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6943812011F for <dns-privacy@ietf.org>; Mon, 4 Nov 2019 13:56:42 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 476RTM62fSzFh8; Mon, 4 Nov 2019 22:56:39 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1572904599; bh=rWsjvq7ZV+v1u++TLGYcNdDLFNnabfd8ta6+9Arq/nc=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=exM7vZv0dweW1eSPhUcaifhc8066SFqTBkUJ05Q8e0OJgKuiKm/xYBkyt+WX1sAZQ qvacthgWfQcC+BNheCwBpnLNJfVFI+q0wdsFaqW3+1Yg3N5dhyUtc9yaw1kWeQqvGR BKgMWPQyX8w2jQZGXb+kRhk3vTHyG2lUYabllfuo=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id GeJ2_zFdJPG0; Mon, 4 Nov 2019 22:56:38 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 4 Nov 2019 22:56:37 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id CFEC66007C4D; Mon, 4 Nov 2019 16:56:36 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id CB57123D131; Mon, 4 Nov 2019 16:56:36 -0500 (EST)
Date: Mon, 04 Nov 2019 16:56:36 -0500
From: Paul Wouters <paul@nohats.ca>
To: Brian Dickson <brian.peter.dickson@gmail.com>
cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
In-Reply-To: <CAH1iCioH86q1CX7A+F8ON4uzpGqipUy8m3iczyNqSKirAsYBQg@mail.gmail.com>
Message-ID: <alpine.LRH.2.21.1911041652450.5093@bofh.nohats.ca>
References: <CABcZeBMQEJ=LE8ATQYnJj59srsK47hf4HT3BMMg3X2crVfSUXQ@mail.gmail.com> <1a70035e-edef-a3f4-ea91-52409ba37828@icann.org> <CABcZeBPAtvf3RU2gKWzyTaNwd6NBGsBuxq+n6r0W6-2RCnivSA@mail.gmail.com> <17189d1a-7689-f68d-6fe3-8d704af614a3@icann.org> <CABcZeBOhSYvqPyDcm9zbMYRc03DmPcCKYTYE-uC54=Mm9HMcnQ@mail.gmail.com> <99ee8cd4-9418-2d64-57fd-487b4f2c3a1a@cs.tcd.ie> <CABcZeBOBFFi=dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com> <CAHw9_iLz5No-SKa74To03ida3DHfeKY58CrJFJpLph8FsvzNQQ@mail.gmail.com> <CABcZeBMFDbATVRvJvvs5b4giQ=0B82i76ahv-ffDgWJOzqZccw@mail.gmail.com> <CAHw9_i+e8veeAz+KYXjvchmjKJz6OZHX1pEYx_Tvs8n5xnfBnQ@mail.gmail.com> <6D6233DC-4D7C-45BC-9D4E-08E6E882C1A5@nohats.ca> <alpine.DEB.2.20.1911042035571.29247@grey.csi.cam.ac.uk> <CAH1iCioH86q1CX7A+F8ON4uzpGqipUy8m3iczyNqSKirAsYBQg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/1HuUQ2guvXQySD3J5kTjs6V1oyk>
Subject: Re: [dns-privacy] [Ext] Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 21:56:44 -0000

On Mon, 4 Nov 2019, Brian Dickson wrote:

> The names of the servers (and certificate management) would be orthogonal to the signaling of DoT support. I would expect the TLSA records would
> be per-server and orthogonal to the per-zone signaling of DoT support.

Again, that would be russian roulette. If I get an NS RRset with 3
nameservers, and only one of these has a TLSA record, what should I
do ?

1) Pick the TLSA one
2) Pick a random one

For 1) if this protocol is widely deployed, all clients will pick 1) so you just shot your redundancy in the foot.

For 2) the clients get reduced privacy for no good reason, so why would a client do this?

It is really a per-zone property, not a per-nameserver property.

Paul

v2.23.0 | Report a Bug | By Email