Re: [dns-privacy] Fw: Fw: New Version Notification for draft-zuo-dprive-encryption-over-udp-00.txt
"zuopeng@cnnic.cn" <zuopeng@cnnic.cn> Thu, 16 July 2015 08:59 UTC
Return-Path: <zuopeng@cnnic.cn>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7177A1A0121 for <dns-privacy@ietfa.amsl.com>; Thu, 16 Jul 2015 01:59:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.311
X-Spam-Level:
X-Spam-Status: No, score=-1.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_66=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRnOcqSoXsDv for <dns-privacy@ietfa.amsl.com>; Thu, 16 Jul 2015 01:59:08 -0700 (PDT)
Received: from cnnic.cn (smtp13.cnnic.cn [218.241.118.13]) by ietfa.amsl.com (Postfix) with ESMTP id 720C31A010C for <dns-privacy@ietf.org>; Thu, 16 Jul 2015 01:59:07 -0700 (PDT)
Received: from Foxmail (unknown [218.241.104.65]) by ocmail02.zx.nicx.cn (Coremail) with SMTP id AQAAf0BZYJRVcqdVMLiSBw--.5934S2; Thu, 16 Jul 2015 16:59:01 +0800 (CST)
Date: Thu, 16 Jul 2015 16:58:55 +0800
From: "zuopeng@cnnic.cn" <zuopeng@cnnic.cn>
To: Hosnieh Rafiee <hosnieh.rafiee@huawei.com>
References: <2015070714161016259349@cnnic.cn>, <CA+9kkMAoRAiiLf7uFKP_UFpfvKpT-d=i_KpNxaFQKXcPaxZkMA@mail.gmail.com>, <2015070815195960707175@cnnic.cn>, <CA+9kkMBN70mQ0ZE5NpPmNSsOpWrSsG8hf+ZysAcUoAyUkvndhQ@mail.gmail.com>, <2015071016571191624810@cnnic.cn>, <814D0BFB77D95844A01CA29B44CBF8A70157FCEE@lhreml504-mbs>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7, 2, 6, 40[cn]
Mime-Version: 1.0
Message-ID: <201507161658533163274@cnnic.cn>
Content-Type: multipart/alternative; boundary="----=_001_NextPart827151686143_=----"
X-CM-TRANSID: AQAAf0BZYJRVcqdVMLiSBw--.5934S2
X-Coremail-Antispam: 1UD129KBjvJXoWxZryrZrW7Wr4UJF1rWF48JFb_yoWruF4fpF WrWry3Kw1kGF1xtw18Zw48XrWFyrZ5JFW3Jas3GrZ0y398Xr1xK3y2yr4a9a4UCF1rJw42 vrWq9r15AFnY9aDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUPq14x267AKxVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26F1j6w1UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26F4j 6r4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oV Cq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40En4AKxVAvwIkv4cxYr24l5I8CrVCF 0I0E4I0vr24lYx0E2Ix0cI8IcVAFwI0_Jr0_Jr4lYx0Ex4A2jsIE14v26r1j6r4UMcvjeV CFs4IE7xkEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwACjI8F5VA0II8E6IAqYI8I648v4I1l FcxC0VAYjxAxZF0Ew4CEw7xC0wACY4xI67k04243AVC20s07MxkIecxEwVAFwVW8ZwCF04 k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r106r1r MI8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jrv_JF1lIxkGc2Ij64vIr4 1lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1l IxAIcVCF04k26cxKx2IYs7xG6rW3Jr0E3s1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcV C2z280aVCY1x0267AKxVWUJVW8JwCE64xvF2IEb7IF0Fy7YxBIdaVFxhVjvjDU0xZFpf9x 0JU7b1nUUUUU=
X-CM-SenderInfo: x2xr1vlqj6u0xqlfhubq/
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/PgdjDJzOPE_74uMHAAxDQP9OXc0>
Cc: dns-privacy <dns-privacy@ietf.org>, yaojk <yaojk@cnnic.cn>
Subject: Re: [dns-privacy] Fw: Fw: New Version Notification for draft-zuo-dprive-encryption-over-udp-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 08:59:10 -0000
Hi ,
As for the performance consideration, we may update this draft: just add a symmetric key into the additional section in the DNS query packet.
Then the recursive resolver will use this symmetric key for encryption and the stub will use it for decryption.
In this way, we can reduce computational cost with asymmetric keys.
As for the possibility of an attacker to retrieve information about the query from the header, i think it will be no use because there is no user infomation in the header.
The advantages of the draft is that:
- for every single DNS query(not for persistent connections), the resolution latency would be lower because there is no key agreement process.
- the approach in this draft works for both TCP and UDP while TLS only works for TCP and DTLS only works for UDP;
- this approach is easy to implement. If using DTLS, the server need to maintain a session talbe which would be complicated. If using TLS, maximum number of concurrent connections would be a problem.
Thanks for your comment!
regards
zuopeng@cnnic.cn
From: Hosnieh Rafiee
Date: 2015-07-10 17:42
To: zuopeng@cnnic.cn; yaojk
CC: dns-privacy
Subject: RE: [dns-privacy] Fw: Fw: New Version Notification for draft-zuo-dprive-encryption-over-udp-00.txt
Hi All,
The part of your approach is really familiar to me...carrying public key in the same message and adding it in the additional section, encrypting the DNS message
Have you take a look on https://tools.ietf.org/html/draft-rafiee-intarea-cga-tsig draft or aware of this work (section 12.4. CGA-TSIGe (DNS privacy))?
The disadvantages of the draft-zuo-dprive-encryption-over-udp-00 is that
- Using asymmetric encryption for the whole message except for the header. The performance consideration is not convincing. For approaches like TLS, it only uses public key cryptography for a key agreement. Or for CGA-TSIG, it uses only a random number with defined size as a session key and only encrypt that value.
I had some researches before on the encryption with symmetric and asymmetric algorithms. The performance of asymmetric algorithm is not really comparable to symmetric especially the decryption process. This result in delay for the end system while not fully cover privacy because of DNS header.
- Possibility of an attacker to retrieve information about the query from the header as you use the full header dissimilar to CGA-TSIG
Furthermore, do you think it is necessary of using a new format for keys when there are existing formats such as DNSKEY that all carry public key.
Best,
Hosnieh
From: Ted Hardie
Date: 2015-07-10 02:04
To: yaojk
CC: dns-privacy
Subject: Re: [dns-privacy] Fw: Fw: New Version Notification for draft-zuo-dprive-encryption-over-udp-00.txt
On Wed, Jul 8, 2015 at 12:21 AM, Jiankang Yao <yaojk@cnnic.cn> wrote:
It's also not clear to me, given that the stub public key is sent in the query to the recursive resolver how you avoid an attacker standing up a back-to-back user agent which strips that option, substitutes its own public key, gets the data and then passes it on. (It may be, of course, that this attack is out of scope).
[Jiankang Yao]
Yes, the attacker standing up a back-to-back user agent can strip that option, substitute its own public key, get the data and then pass it on.
but I think that it should be no use because the attacker can not know the contents of the DNS packet send by the stub.
I think I wasn't clear enough about the attack. If the attacker strips the option and sends it with its own public key, it can decrypt the response. It can send its version in advance of sending the original packet along, so it can see the response and potentially drop packets that match some policy. (If they are acceptable, it just sends the queued packet along). It can also be done along side the original packet, to enable tracking without applying policy. That's mildly detectable, since the recursive resolver would see multiple queries, but it would be pretty easy to obfuscate by generating new client public keys and varying the query interval.
Does that make sense?
[Peng Zuo]
since the whole DNS query packet(except the DNS header) is encrypted by the stub using the public key of the recursive resolver, the dns packet structure becomes invisable to attackers, attackers could not locate the additional section of the DNS query, so i think it would be difficult for the attacker to substitute it with its own key.
regards,
________________________________________
zuopeng@cnnic.cn
- [dns-privacy] Fw: Fw: New Version Notification fo… Jiankang Yao
- Re: [dns-privacy] New Version Notification for dr… Paul Hoffman
- Re: [dns-privacy] Fw: Fw: New Version Notificatio… Ted Hardie
- Re: [dns-privacy] New Version Notification for dr… Jiankang Yao
- Re: [dns-privacy] Fw: Fw: New Version Notificatio… Jiankang Yao
- Re: [dns-privacy] New Version Notification for dr… 🔓Dan Wing
- Re: [dns-privacy] Fw: Fw: New Version Notificatio… Ted Hardie
- Re: [dns-privacy] Fw: Fw: New Version Notificatio… zuopeng@cnnic.cn
- Re: [dns-privacy] Fw: Fw: New Version Notificatio… Hosnieh Rafiee
- Re: [dns-privacy] Fw: Fw: New Version Notificatio… Hosnieh Rafiee
- Re: [dns-privacy] Fw: Fw: New Version Notificatio… Ted Hardie
- Re: [dns-privacy] Fw: Fw: New Version Notificatio… zuopeng@cnnic.cn
- Re: [dns-privacy] Fw: Fw: New Version Notificatio… Hosnieh Rafiee