IETF Logo Mail Archive

[dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-dns-over-tls-07: (with DISCUSS and COMMENT)

"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Wed, 09 March 2016 14:19 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DC4812DEB2; Wed, 9 Mar 2016 06:19:23 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.16.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160309141923.27481.29744.idtracker@ietfa.amsl.com>
Date: Wed, 09 Mar 2016 06:19:23 -0800
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/R5vdkF89x9MVjL_4r5Z_uq3v8Ds>
Cc: tjw.ietf@gmail.com, dns-privacy@ietf.org, draft-ietf-dprive-dns-over-tls@ietf.org, allison.mankin@gmail.com, dprive-chairs@ietf.org
Subject: [dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-dns-over-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 14:19:23 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-dprive-dns-over-tls-07: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dprive-dns-over-tls/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


Many thanks for doing this work. Before I ballot yes on this
one, there are two things I'd like to check (and a bunch of 
non-blocking comments about which I'm also happy to chat):

(1) 4.2: Why didn't you just mandate one way of calculating a
fingerprint as being mandatory to implement? (E.g. a sha256 hash of
the DER encoded SPKI?) and why is the "don't pin to a CA" rule in
appendix A not a MUST in the body of the document? Wouldn't it be
better to do both of those? (Or to say why you're not doing them,
e.g. if current implementations do different things.) Given that
recursives publishing PINs will pick something, having that
something supported by all clients would seem like a fine thing.

(2) Section 5: Is it ok to (almost:-) recommend TLS false start like
that?  Don't you need to at least point out that that has additional
requirements over and above RFC7525? I've not checked those in
detail though, as I'm waiting for the TLS WG to do their publication
request for false start. If you've done that checking, then you
might be just able to say "yeah, that's not a problem" but I'd like
to know since implementers here are likely to read this as saying
"Do RFC7525 and you're good."


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


- abstract: rfc-ed prefers s/[RFC7258]/(RFC7258)/ in abstracts

- abstract: would RFC7626 be a better thing to point at from here
instead of RFC7258?

- intro: maybe "recently adopted" is no longer true, consider
rephrasing?

- intro: Might be better to refer to RFC7525 as BCP195, so that you
don't need to say "or its successors." Same thing in 3.2.

- 3.1: "purely for encrypted communications" is good - but do we
need to say anything about NULL ciphersuites? RFC7525 says you MUST
NOT negotiate those, so it's probably ok, unless you want to
re-enforce that here.

- 3.2: "make use of trusted a SPKI Fingerprint pinset" needs to be
rephrased.

- 3.4, 2nd last para: this recommends using tickets (RFC5077), which
is fine. RFC7525 (section 3.4) suggests changing tickets at least
weekly. Is that suggestion also good here or would it be better to
recommend (or suggest) some other ticket lifetime? I'd guess 
it's fine but maybe you know better?

- 4.1, RFC 7435 is about "opportunistic security" and not about
"opportunistic encryption." That followed a long terminology debate,
so you might want to s/encryption/security/ there. (But I don't care
personally:-)

- 4.1, last para: OS never provides "guaranteed" privacy. I think
what you mean is that while you're always vulnerable to an on-path
attacker, if there is no such attacker then you do get privacy (to
the recursive) albeit with no guarantee. I think that's subtly
different from what's stated.

- 4.2, "The user MUST be alerted" needs a qualification - what if
it's my calendar running in the background? I'd prepend a "Where
possible,... " at least.

- Section 7: I'm not clear from the note if you do or don't want
this text in the RFC. I'd suggest keeping it. (Except the note.)

- Section 9, point 4: I think it'd be fair to note that naive
padding schemes may not work as well as planned against traffic
analysis, and to say that implementations that allow for flexibility
there might be good so that we can experiment with ways of
mitigating traffic analysis.

- Section 10: This contradicts the front page which has 6 names
listed.

v2.23.0 | Report a Bug | By Email