Re: [dns-privacy] [SPAM] Re: New draft on encrypting the stub-to-resolver link: draft-hoffman-dns-tls-stub-00.txt
Jacob Appelbaum <jacob@appelbaum.net> Wed, 20 August 2014 16:04 UTC
Return-Path: <jacob@appelbaum.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0E5B1A0453 for <dns-privacy@ietfa.amsl.com>; Wed, 20 Aug 2014 09:04:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wo89e_-vH0j1 for <dns-privacy@ietfa.amsl.com>; Wed, 20 Aug 2014 09:04:10 -0700 (PDT)
Received: from mail-qc0-f181.google.com (mail-qc0-f181.google.com [209.85.216.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5C451A03CF for <dns-privacy@ietf.org>; Wed, 20 Aug 2014 09:04:09 -0700 (PDT)
Received: by mail-qc0-f181.google.com with SMTP id x13so7917153qcv.40 for <dns-privacy@ietf.org>; Wed, 20 Aug 2014 09:04:09 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=kUxAXiz45jli0R5hQBc+hBnKU807hk0p1tpeVX0BaWY=; b=e2RgxOuMsDtwRFkvnTzqBv2zuNNeiwoGEZFYAri0Ce/m58Aqa5v7cpPbHYl1Hnacyt LHgHWGd3ukEho8Ltpv5ZnRNEazKGvKfD2GhJ25cgjoBJbHITmVq3x7g4/x8BpaKcy1Vp rImOPk+5poyZ7Ly5TdmuApGIvNEimYrWQJmi6nfJROjhc+skT1i18WiXIUE/YyIXXF4A ZiiL2gOP/UE/yLaM5BcWeQuYy2W0lqR3+Ye/DAaq1gDiiZBi1aecOD92MfJTtrVULiUv tQvdlWMho87slmroZEmQRQUtiadsd3wqlT9po5JtDmAIyc9CSVraZNZmjqad2Cu+t6i4 v1XA==
X-Gm-Message-State: ALoCoQlnF2i3Wq6RoSGDomgMKjxQXqGLzkjiLYpt+3bSQgUAWCaY/WwemJtuGVCTrg7j507n0m5o
MIME-Version: 1.0
X-Received: by 10.229.212.194 with SMTP id gt2mr78966285qcb.6.1408550648774; Wed, 20 Aug 2014 09:04:08 -0700 (PDT)
Received: by 10.140.91.50 with HTTP; Wed, 20 Aug 2014 09:04:08 -0700 (PDT)
X-Originating-IP: [91.185.200.222]
In-Reply-To: <814D0BFB77D95844A01CA29B44CBF8A7A285FA@lhreml513-mbb.china.huawei.com>
References: <00ba01cfbbf9$d561f010$8025d030$@rozanak.com> <20140820143453.GD1065@mx1.yitter.info> <814D0BFB77D95844A01CA29B44CBF8A7A28554@lhreml513-mbb.china.huawei.com> <20140820152343.GH1065@mx1.yitter.info> <814D0BFB77D95844A01CA29B44CBF8A7A285FA@lhreml513-mbb.china.huawei.com>
Date: Wed, 20 Aug 2014 16:04:08 +0000
Message-ID: <CAFggDF3wej+gFU7-_iTu8N=J+K9uKwOnNhz8oavp3G9rA9XYug@mail.gmail.com>
From: Jacob Appelbaum <jacob@appelbaum.net>
To: Hosnieh Rafiee <hosnieh.rafiee@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/EHqgsgmCZvxxkltX2mLDkBvYMqo
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>, Andrew Sullivan <ajs@anvilwalrusden.com>
Subject: Re: [dns-privacy] [SPAM] Re: New draft on encrypting the stub-to-resolver link: draft-hoffman-dns-tls-stub-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 16:04:13 -0000
On 8/20/14, Hosnieh Rafiee <hosnieh.rafiee@huawei.com> wrote: >> >> > I provided several reason that the observer doesn't exist. >> >> No, you provided several reasons why you think this decision is an >> unreasonable one. Prior to the evidence from a couple years ago that >> national governments were doing wide-spread vacuuming up of everything >> they could by perfoming passive attack through the means of tapping >> lines and so on, the position you are taking was entirely reasonable. >> But in the face of that evidence, some people have decided that, even >> if they can't protect themselves reliably all the time, they get enough >> marginal benefit from privacy to do it whenever they can, even if it's >> not perfect and not terribly hard to subvert. >> >> In other words, you are basically arguing that the benefit that will >> accrue from this technique is not enough given the costs. Others >> disagree with you. Your argument only works if we accept your premise >> that the benefit is not worth the cost; if we evaluate the benefit >> differently, then the cost might be acceptable. > > True. Because the people who you are scaring from to eavesdrop the > communication already know how you want to process this... Huh? > > To be clear... IF this approach wasn't public and not known, then you might > benefit from it but when something is public and known, what you would do as > an attacker? Do you still wait in a hope of receiving plain text information > or easily change your role to a resolver and receive information you want as > it is not hard to detect. > I have not seen information that suggests strongly deployed TLS (with a proper RNG) is broken by a passive observer. Do you have a citation handy? > So in long term there is no benefit to use encryption without authentication > in resolver scenario. > There is a benefit - it forces Eve to become Mallory. Mallory risks being caught red handed. > >> > What I tried to explain here is that an observer role doesn't make >> sense in resolver scenario. >> >> Except that we have an existence proof that it does. > > It really doesn't... at least in this scenario. Why? Because this approach > would be standard and well known... So, if anyone (or the whom you're > talking about) before played the observer role now they would change their > role because they are still interested to receive your data and your node is > unable to detect this interceptions since whatever resolver you use is valid > by your node either a fake resolver or a real resolver. > This is why authentication is important. If the authenticating and non-authenticating resolver behave the same way on the network, it will be very risky to tamper, even with a resolver that fails open. Paul - perhaps this suggests that all stub and recursive resolvers should log keying information, even if it isn't used for validation/authentication/etc? > >> > DNSSEC just came to this game when some folks say that DNSSEC can >> protect this and they only need encryption. >> >> If you had strong authentication of the resolver, then this would be >> true. Since TSIG (which I expect you remember) or SIG(0) can solve the >> authentication part, then in fact the only thing you would need _is_ >> encryption, and then you could rely on the DNSSEC piece as well. >> > > We already know the problem with those approaches and as you said brining > DNSSEC to this discussion doesn't make sense.. > The point is that this solves the confidentiality issues that DNSSEC doesn't solve. It should solve it but many DNSSEC folks refused to address this issue. There are a variety of reasons and this draft by Paul helps us to move past those previous decisions. All the best, Jacob
- [dns-privacy] New draft on encrypting the stub-to… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Joe Abley
- Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
- Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Carsten Strotmann
- Re: [dns-privacy] New draft on encrypting the stu… 神明達哉
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Carsten Strotmann
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Stephane Bortzmeyer
- Re: [dns-privacy] New draft on encrypting the stu… 神明達哉
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Jacob Appelbaum
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Paul Wouters
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- [dns-privacy] draft-hoffman-dns-tls-stub-01 posted Paul Hoffman
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… David Ulevitch
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Wes Hardaker
- [dns-privacy] Authenticating the resolver Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Mark Andrews
- Re: [dns-privacy] New draft on encrypting the stu… Wes Hardaker
- Re: [dns-privacy] Authenticating the resolver Wes Hardaker
- Re: [dns-privacy] Authenticating the resolver Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… John Heidemann
- Re: [dns-privacy] New draft on encrypting the stu… Phillip Hallam-Baker