Re: [dns-privacy] [Ext] Threat Model
Mark Andrews <marka@isc.org> Wed, 06 November 2019 04:42 UTC
Return-Path: <marka@isc.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ECE41201EA for <dns-privacy@ietfa.amsl.com>; Tue, 5 Nov 2019 20:42:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1QASGxUuGLyE for <dns-privacy@ietfa.amsl.com>; Tue, 5 Nov 2019 20:42:07 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 220D2120170 for <dns-privacy@ietf.org>; Tue, 5 Nov 2019 20:42:06 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 775CE3AB001; Wed, 6 Nov 2019 04:42:04 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 4DFDE160044; Wed, 6 Nov 2019 04:42:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 13425160047; Wed, 6 Nov 2019 04:42:04 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 9HfqK-f4rMBM; Wed, 6 Nov 2019 04:42:03 +0000 (UTC)
Received: from [172.30.42.68] (n1-40-244-161.bla1.nsw.optusnet.com.au [1.40.244.161]) by zmx1.isc.org (Postfix) with ESMTPSA id EA99D160044; Wed, 6 Nov 2019 04:42:02 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <CAHw9_iKhaA9Nb+eH92YfzdepU90_DgLyS-ZDaMAehKOFO0ksEA@mail.gmail.com>
Date: Wed, 06 Nov 2019 15:42:00 +1100
Cc: Paul Wouters <paul@nohats.ca>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <902F398C-A8E0-48DB-AAEB-15B1AC2EF04E@isc.org>
References: <CABcZeBMQEJ=LE8ATQYnJj59srsK47hf4HT3BMMg3X2crVfSUXQ@mail.gmail.com> <CABcZeBOhSYvqPyDcm9zbMYRc03DmPcCKYTYE-uC54=Mm9HMcnQ@mail.gmail.com> <99ee8cd4-9418-2d64-57fd-487b4f2c3a1a@cs.tcd.ie> <CABcZeBOBFFi=dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com> <CAHw9_iLz5No-SKa74To03ida3DHfeKY58CrJFJpLph8FsvzNQQ@mail.gmail.com> <CABcZeBMFDbATVRvJvvs5b4giQ=0B82i76ahv-ffDgWJOzqZccw@mail.gmail.com> <CAHw9_i+e8veeAz+KYXjvchmjKJz6OZHX1pEYx_Tvs8n5xnfBnQ@mail.gmail.com> <6D6233DC-4D7C-45BC-9D4E-08E6E882C1A5@nohats.ca> <alpine.DEB.2.20.1911042035571.29247@grey.csi.cam.ac.uk> <CAH1iCioH86q1CX7A+F8ON4uzpGqipUy8m3iczyNqSKirAsYBQg@mail.gmail.com> <alpine.LRH.2.21.1911041652450.5093@bofh.nohats.ca> <CABcZeBOtY3saJe5DWTu=Jqy5guqdoKPKSR+XYddbvxwxKsxmig@mail.gmail.com> <CAHw9_iKaeT0VEjZfoCi9Nddc+VBBj0JHWDHv+=g3xzvb6L+Nvg@mail.gmail.com> <alpine.LRH.2.21.1911050941090.30046@bofh.nohats.ca> <CAHw9_i+MxMCd7dDO7N0-hc1SDjvBeoLoUvbg4JWDzXyjR0u4xQ@mail.gmail.com> <alpine.LRH.2.21.1911051437000.11602@bofh.nohats.ca> <CAHw9_iKhaA9Nb+eH92YfzdepU90_DgLyS-ZDaMAehKOFO0ksEA@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/WhykkT0a6QysSqpbHnST-zoiIac>
Subject: Re: [dns-privacy] [Ext] Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 04:42:09 -0000
You can always send a QUERY with no question. It’s not perfect, as it is subject to downgrade attacks, but does allow you to probe server capabilities. % dig +ednsopt=100 +header-only +qr ; <<>> DiG 9.15.4+hotspot+add-prefetch+marka <<>> +ednsopt +header-only +qr ;; global options: +cmd ;; Sending: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38660 ;; flags: rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: ab59773fd258541b ; OPT=100 ;; QUESTION SECTION: ;; QUERY SIZE: 39 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38660 ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: ab59773fd258541b010000005dc24d3939228b15d289bab4 (good) ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Nov 06 15:34:01 AEDT 2019 ;; MSG SIZE rcvd: 51 % > On 6 Nov 2019, at 10:13, Warren Kumari <warren@kumari.net> wrote: > > On Tue, Nov 5, 2019 at 2:40 PM Paul Wouters <paul@nohats.ca> wrote: >> >> On Tue, 5 Nov 2019, Warren Kumari wrote: >> >>> Because then I need to probe them on 853 and wait N before trying on port 53, or I will >>> only get any sort of protection for name-servers which I’ve spoken to recently enough that >>> I have them in cache — that works for e.g: ns1.google.com, but not ns0.nohats.ca >> >> Well, that's how we do things when remembering per-server >> characteristics, which we need to do anyway in case of outages. >> >> Like EDNS0 support and DNS COOKIES support is remembered and cached, >> why wouldn't resolvers do the same for this property. We didn't put >> "ns-edns" out there in name hacks either. Why start now? > > For things like COOKIES I don't need knowledge of the server *before* > I contact it -- when I want to lookup www.nothat.ca, and get back a > cookie, I've learnt something useful for future connections. > > For privacy, I really don't want to have to leak the fact that I'm > looking up secret.nohats.ca because I happen to be the first user who > is (recently) asking for a name on ns0.nohats.ca. > a.ns.facebook.com is popular and so in basically all caches, all the > time - and so users looking that up would get privacy most of the > time. > ns01.kumari.net is (obviously) less popular, and so basically never in > caches -- and so anyone looking up kink.kumari.net will be exposed. > > Now, I really don't think it is fair and right that people looking up > Facebook (or Google) get privacy simply because those sites are > popular, and people reaching my personal site don't. > I could get privacy back by moving my DNS to a large commercial DNS > hoster (ns59.domaincontrol.com is in many caches, much of the time), > but this seems like an even worse push. > > I'd like some system where I can signal that I support DoT: > 1: without my parent having to do anything (like be upgraded to support DoT) > > 2: without having people to probe and wait for a timeout > > 3: with my users first connection protected, so they don't have to > lookup safe.kumari.net (to make sure that the resolver knows that > ns01.kumari.net supports DoT), or something like _dot.kumari.net > before looking up secret.kumari.net. > > 4: without expecting everyone to support DNSSEC. > > I'd like to see something less stupid than ns01-dot.kumari.net, but I > don't really see what else the child controls at the parent (without > having a separate set of info / RR type / encoding stuff in DS, etc) > > W > > > >> >> Paul > > > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [dns-privacy] Threat Model Eric Rescorla
- Re: [dns-privacy] Threat Model Christian Huitema
- Re: [dns-privacy] Threat Model Brian Dickson
- Re: [dns-privacy] Threat Model Ted Hardie
- Re: [dns-privacy] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] what's good enough, or Threat M… John Levine
- Re: [dns-privacy] what's good enough, or Threat M… Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] what's good enough, or Threat M… John R Levine
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model David Conrad
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] Threat Model Livingood, Jason
- Re: [dns-privacy] [Ext] Threat Model Tony Finch
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model John Levine
- Re: [dns-privacy] [Ext] Threat Model John Levine
- Re: [dns-privacy] [Ext] Threat Model Tony Finch
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Dan Wing
- Re: [dns-privacy] [Ext] Threat Model Mark Andrews
- Re: [dns-privacy] [Ext] Threat Model Ralf Weber
- Re: [dns-privacy] [Ext] Threat Model Hugo Connery
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Ted Hardie
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Bob Harold
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Ebersman
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Bob Harold
- Re: [dns-privacy] [Ext] Threat Model sthaug