Re: [dns-privacy] ENDS0 Padding Profile: Rough first draft

Hugo Connery <hmco@env.dtu.dk> Tue, 01 November 2016 19:38 UTC

Return-Path: <hmco@env.dtu.dk>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB074129961 for <dns-privacy@ietfa.amsl.com>; Tue, 1 Nov 2016 12:38:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.117
X-Spam-Level:
X-Spam-Status: No, score=-4.117 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w14f15V0W218 for <dns-privacy@ietfa.amsl.com>; Tue, 1 Nov 2016 12:38:53 -0700 (PDT)
Received: from spamfilter2.dtu.dk (spamfilter2.dtu.dk [130.225.73.113]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 262F912999D for <dns-privacy@ietf.org>; Tue, 1 Nov 2016 12:38:52 -0700 (PDT)
Received: from ait-pexedg02.win.dtu.dk (ait-pexedg02.win.dtu.dk [192.38.82.192]) by spamfilter2.dtu.dk with ESMTP id uA1Jcjh5005276-uA1Jcjh7005276 (version=TLSv1.0 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL); Tue, 1 Nov 2016 20:38:45 +0100
Received: from ait-pex02mbx06.win.dtu.dk (192.38.80.18) by ait-pexedg02.win.dtu.dk (192.38.82.192) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 1 Nov 2016 20:38:42 +0100
Received: from ait-pex01mbx01.win.dtu.dk (192.38.82.181) by ait-pex02mbx06.win.dtu.dk (192.38.80.18) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 1 Nov 2016 20:38:45 +0100
Received: from 523x.env.dtu.dk (130.225.73.250) by ait-pex01mbx01.win.dtu.dk (192.38.82.181) with Microsoft SMTP Server id 14.3.319.2; Tue, 1 Nov 2016 20:38:44 +0100
Message-ID: <1478029123.2553.24.camel@env.dtu.dk>
From: Hugo Connery <hmco@env.dtu.dk>
To: Bob Harold <rharolde@umich.edu>
Date: Tue, 01 Nov 2016 20:38:43 +0100
In-Reply-To: <CA+nkc8Ai6fkOQGSiP-1GQHMWVhmFXeVEhptyNSDvJbS6B-rHEA@mail.gmail.com>
References: <CAHXf=0p+Afhs27SQraupwyF4DO9on4a3aJKJ_B7Gc+gHzBmqtQ@mail.gmail.com> <1477998568.4843.13.camel@env.dtu.dk> <CA+nkc8Ai6fkOQGSiP-1GQHMWVhmFXeVEhptyNSDvJbS6B-rHEA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.18.5.2 (3.18.5.2-1.fc23)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Originating-IP: [130.225.73.250]
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/94TeAlD1lRAx_1DB5bROwOjotHw>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>, Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com>
Subject: Re: [dns-privacy] ENDS0 Padding Profile: Rough first draft
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 19:38:56 -0000

On Tue, 2016-11-01 at 15:05 -0400, Bob Harold wrote:
> 
> On Tue, Nov 1, 2016 at 7:09 AM, Hugo Connery <hmco@env.dtu.dk> wrote:
> > Hi,
> > 
> > [snip]
> > 
> > 
> Good start.
> 
> 4.4.  Random Length Padding
> 'Alternatively, pad a certain percentage of "remaining space"?'
> -- This, like fixed length padding, is discoverable and thus of no
> help.

I think we may have a terminology misunderstanding here.

Obviously, constantly appending a fixed length padding is of little
value.  Based upon known characteristics (which the watchers have 
in abundance) it would be easy to identify the size of the fixed
offset and thus you move to length based analysis which reduces us to
the no padding 'strategy'.

But this is not what I think is being proposed.  "pad a certain
percentage" should perhaps be "pad a (pseudo) random number generated
percentage of the remaining length".  It comes under the heading
"Random length padding" so I think this a valid interpretation.

> You should specifically recommend against this, in case someone else
> thinks of it and does not realize the problem with it.

Yes, I hope that the final document specifies all options, including
the bad ones, and provides clear descriptions about the trade-offs
involved.  Eg. No padding provides no confidentiality increase, and 
constant length (fixed) appending of padding is equivalently bad as 
the attacker will likely have historical data which will allow them
to rapidly discover the fixed offset, thus the fixed offset strategy
degenerates to the no padding strategy and is equivalently bad.

Regards,  Hugo