Re: [dns-privacy] Direction of draft-mayrhofer-edns0-padding
"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 29 July 2015 17:05 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FFB11B302C for <dns-privacy@ietfa.amsl.com>; Wed, 29 Jul 2015 10:05:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i1VDa_qyidLu for <dns-privacy@ietfa.amsl.com>; Wed, 29 Jul 2015 10:05:22 -0700 (PDT)
Received: from hoffman.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E09CE1B3003 for <dns-privacy@ietf.org>; Wed, 29 Jul 2015 10:05:21 -0700 (PDT)
Received: from [10.32.60.117] (142-254-17-100.dsl.dynamic.fusionbroadband.com [142.254.17.100]) (authenticated bits=0) by hoffman.proper.com (8.15.1/8.14.9) with ESMTPSA id t6TH5JVo058524 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 29 Jul 2015 10:05:19 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 142-254-17-100.dsl.dynamic.fusionbroadband.com [142.254.17.100] claimed to be [10.32.60.117]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 29 Jul 2015 10:05:18 -0700
Message-ID: <C1BD472D-318A-49D6-A30C-AF7C788B8CCF@vpnc.org>
In-Reply-To: <877fpjgcfo.fsf@alice.fifthhorseman.net>
References: <19F54F2956911544A32543B8A9BDE075468A9354@NICS-EXCH2.sbg.nic.at> <4B26F2B2-AA67-492B-9855-30F8ABF38AF9@vpnc.org> <877fpjgcfo.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.1r5084)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/RAUINXd3oIDOZ_tz0zxMj3K5SI8>
Cc: Alexander Mayrhofer <alexander.mayrhofer@nic.at>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Direction of draft-mayrhofer-edns0-padding
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 17:05:26 -0000
On 29 Jul 2015, at 9:23, Daniel Kahn Gillmor wrote: > In the TLS WG, the broad consensus is that if padding is possible at > the > application layer, that is the right place to pad. That will teach me to stop going to the TLS WG. :-) > The rationale > concerns countermeasures to traffic analysis -- in particular, the > application layer has much more knowledge than the TLS layer about > what > its traffic generally looks like. traffic analysis countermeasures > are > subtle and closely tied to existing patterns of usage. TLS is an > abstraction that is intentionally removed from what the application > layer does. > > Also, there is no padding mechanism available in TLS at the moment :) > i'm trying to get one into TLS 1.3 for those application layers that > have nowhere to pad, and i could conceivably write up an extension to > TLS 1.2. But even having that mechanism, you'd need to be able to set > policy about when to pad and by how much. > > So from the thinking and work i've done on this, padding at the > application layer is preferable where possible. Paul, you say you > have > many reasons for wanting to do it in TLS -- can you explain some of > those a bit more? I want to make sure i'm not missing anything vital. Basically, the DNS stack will not know whether or not it is running under TLS/DTLS when the query and reply are formed; TLS/DTLS will be opportunistic. So, to be safe, the DNS client or server will be forced to add padding even when it is not needed, and thus make every message longer. We don't know how much padding is required to prevent analysis for particular query/response pairs, and thus need to add lots of random-length padding to each message to prevent the analysis. This seems wasteful. Instead, if the TLS stack could add the padding, it would only happen when needed. But I understand the problem of "we don't even have that now" and "we don't know when we will have it". The draft in question is trivial to implement, but configuring it (with the length per query or response) seems impossible without adding large amounts. --Paul Hoffman
- [dns-privacy] Direction of draft-mayrhofer-edns0-… Alexander Mayrhofer
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Paul Hoffman
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Stephen Farrell
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Paul Hoffman
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Daniel Kahn Gillmor
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Paul Hoffman
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Stephen Farrell
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Paul Hoffman
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Stephen Farrell
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Sara Dickinson
- Re: [dns-privacy] Direction of draft-mayrhofer-ed… Christian Huitema