Re: [dns-privacy] Warren Kumari's Discuss on draft-ietf-dprive-rfc7626-bis-06: (with DISCUSS and COMMENT)
Tim Wicinski <tjw.ietf@gmail.com> Thu, 08 October 2020 12:51 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 721AC3A0A94; Thu, 8 Oct 2020 05:51:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0FnvntQfuZRz; Thu, 8 Oct 2020 05:51:19 -0700 (PDT)
Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BABA63A09F9; Thu, 8 Oct 2020 05:51:19 -0700 (PDT)
Received: by mail-oi1-x230.google.com with SMTP id m7so6197747oie.0; Thu, 08 Oct 2020 05:51:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mpJegk01fJYde5Op7lhlZ4mIncXDUaX1zsoSKwEEq5U=; b=nn1to8ZmNt0BwFfI9M85qS7XV7R1BdF/adHAdnpMOPWE+pdZwsLvLPwKU0WXUgY/X4 QNpraoSt8MpzuAuJm9D/vCv9cVdGHZY46/t7QjkF/3PvFnqa4TDZTVR2Q2Jo/qBXjpyW 8hcndrpgWMiUkLvUV6gY3ckPnl5IxldjvWA/N/3J7Ljs/KDempUBaxgwafs9BblBgge6 ObxfLMiqsbohEVrZNe43fhk3fTjNViVacm6mdrUbyJFuOCsPR+y352ncCAFzL03PGYKX SLXwbMmTuNQxDqK5++hoUqcbe/6em3oFOavRcydclp/l9VqvTU9icS1GB/QYMjLhVJRH AAVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mpJegk01fJYde5Op7lhlZ4mIncXDUaX1zsoSKwEEq5U=; b=h929z9LhuUyw04tXnVNewsh2GFq/yWccm0d7Iz+YWI8wueS4HnSIpN9aYndbFQZIM+ DBSEC/wLHfi5fXrrwQ+mvAS9yUsPUVCMMmubhC0YCUJlf3IZ+mghpnFoUTi46ea75aA1 EahOhK/e9Ih+4h5z7RqnnQPV670Nnb+OLGRC9+5wMzEAM8d9b6vhr9bw2ngYoMZKMADQ 6wN847yCOR9oouS8d1Hn7R447KGhFiGu486nN+lvamFA9GPQ76N6w10lH42dLNNvNSsL wdlv/h/LHi4/bhL+t8bzJebgtVbr3CmGalm/gaaBRAqFwKZWcPAnV4aMw7xvmeQ2ouo8 12tw==
X-Gm-Message-State: AOAM532ORmNNMrMO9ewGKn3LJFnCMf+1q7MqnPEOQuzkimHjHstmFSwJ 7ZOZaxrtHbpPIaQWgD4m1TZRWUHD1HS1xbbVFPo=
X-Google-Smtp-Source: ABdhPJwDrpSiZuXreqnHi+CQ4tZwDl7NUM2b3xt7VDZiEI3/SpVfrVmIYdt779CpKMwtP7DwsukQsLuihRujEMISXwg=
X-Received: by 2002:aca:b4c4:: with SMTP id d187mr5231968oif.21.1602161478929; Thu, 08 Oct 2020 05:51:18 -0700 (PDT)
MIME-Version: 1.0
References: <160193413191.28964.1483642169279931217@ietfa.amsl.com> <59635c3f-e291-02bc-06a8-cbef46e38361@innovationslab.net> <CAHw9_iL8eq+sLXJaDLD9qzyk9CFhTcuKpC8D+LvAHZLdd2-MOg@mail.gmail.com> <20201007211615.GV956@denic.de> <CAHw9_iJa+-e9uP78yX+_pj0FUd94MTue6No7MPBGE3EAAcADtg@mail.gmail.com>
In-Reply-To: <CAHw9_iJa+-e9uP78yX+_pj0FUd94MTue6No7MPBGE3EAAcADtg@mail.gmail.com>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Thu, 08 Oct 2020 08:51:07 -0400
Message-ID: <CADyWQ+F5Q1PR825H8eX0woNjosBAYt2QxmrsDR7fzaiWrJZd=w@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: Brian Haberman <brian@innovationslab.net>, DNS Privacy Working Group <dns-privacy@ietf.org>, dprive-chairs@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-dprive-rfc7626-bis@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d313c505b1284909"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/RvDMFSFW3BOKk4GnJHBMlA2VUE4>
Subject: Re: [dns-privacy] Warren Kumari's Discuss on draft-ietf-dprive-rfc7626-bis-06: (with DISCUSS and COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2020 12:51:22 -0000
Warren There are many ways in which supposed "private" resources currently leak. A few examples are DNSSEC NSEC zone walking; passive-DNS services; etc. with the references added in. and changing the section title tim On Wed, Oct 7, 2020 at 8:16 PM Warren Kumari <warren@kumari.net> wrote: > On Wed, Oct 7, 2020 at 5:16 PM Peter Koch <pk@denic.de> wrote: > > > > Hi Warren, > > > > On Wed, Oct 07, 2020 at 04:39:54PM -0400, Warren Kumari wrote: > > > > > 4.1. The Public Nature of DNS Data > > > > > > It is often stated that "the data in the DNS is public". This > sentence > > > makes sense for an Internet-wide lookup system, and there > > > are multiple facets to the data and metadata involved that deserve a > > > more detailed look. First, access control lists (ACLs) and private > > > namespaces notwithstanding, the DNS operates under the assumption > > > that public-facing authoritative name servers will respond to > "usual" > > > DNS queries for any zone they are authoritative for without further > > > authentication or authorization of the client (resolver). Due to > the > > > lack of search capabilities, only a given QNAME will reveal the > > > resource records associated with that name (or that name's non- > > > existence). In other words: one needs to know what to ask for, in > > > order to receive a response. However, there are many ways in > > > in which supposed "private" resources leak, including DNSSEC > > > NSEC zone walking [REF]; passive-DNS services [ref]; employees > > > taking their laptops home (where they may use a different resolver), > > > and refreshing names which should only exist in their enterprise > > > environment, etc. > > > > I think this text is mixing too many aspects that are (or should > eventually be) > > covered in other parts of the document. > > The document is in IESG eval -- there is no more "eventually". > > > > The antipodes are _not_ 'public' > > and 'secret'. The purpose of that section was to exactly counter the > > too narrow perception that 'all data in the DNS is public' (which by the > > way, was a usual counter argument to NSEC3) to help motivate the need > > for further dealing with DNS privacy. > > I fully agree that we need to explain the need for DNS privacy -- but > to my mind the original text does the opposite - it provides the > illusion that you can put private info in the DNS and (realistically) > expect it to stay that way. I fully agree with your below that things > like passive dns is not a feature of the DNS, but it *is* a way that > records that people might assume to be private leak. > > Yes, I do fully understand that the primary purpose of this is to > discuss the privacy needs / implications of leaking in *transactions*, > but this section seems to pooh-pooh the risks of exposing "private" > names... > > > Tim's suggestion (coupled with changing the section title) would be > fine with me... > > W > > > It does not suggest to store secrets > > in the DNS. The original text, I believe - biased as might be - did and > does clearly > > differentiate betweeen residual data and transactions. 'passive DNS' > > is not a feature of the DNS - it is a by-product and, from the > perspective > > of privacy, to be addressed under 'risks'. > > > > -Peter > > > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf >
- [dns-privacy] Warren Kumari's Discuss on draft-ie… Warren Kumari via Datatracker
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Brian Haberman
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Warren Kumari
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Tim Wicinski
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Rob Sayre
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Peter Koch
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Warren Kumari
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Rob Sayre
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Tim Wicinski
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Warren Kumari
- Re: [dns-privacy] Warren Kumari's Discuss on draf… Eric Vyncke (evyncke)