Re: [dns-privacy] Threat Model
Ted Hardie <ted.ietf@gmail.com> Fri, 01 November 2019 21:28 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 417B6120271 for <dns-privacy@ietfa.amsl.com>; Fri, 1 Nov 2019 14:28:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VsBE_XdQjc1L for <dns-privacy@ietfa.amsl.com>; Fri, 1 Nov 2019 14:28:04 -0700 (PDT)
Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D948B12004D for <dns-privacy@ietf.org>; Fri, 1 Nov 2019 14:27:41 -0700 (PDT)
Received: by mail-il1-x129.google.com with SMTP id w1so1003825ilq.11 for <dns-privacy@ietf.org>; Fri, 01 Nov 2019 14:27:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=W/PPC2KioyWniP9baICxfFDBg8gFnzcUeyPstzcnyUs=; b=qMNeL93l2K95fdV8UgU6TfRyOD9VzsULBOx8xNUghGBKwaHFq9lebK4xviWrT+yb4P gyyPgnjrFbV2sv2R3oCuUzaAZuu71fdY5T+44teIcP5kYDGF46+KaZMlRy5FNY9H8+Fj cnOfSpwKCZKJhEmRoI0JqqaqIVItYiNr6OUzmIcLJfE+/WK5ax8CPFxbJPptw0ipHpn4 Dz4FsHV3nuLiY/oAyOw5WkXp/uJ+thYmi/38jEP9bKyuhki/9HJhmjMmzNWVam+e+43Z fBic5Vt7BUSkOM2Uafaz/vsDTQYxwacisGVTepEurRihEEJhzAxef9LyLenKIvBFhRe6 1e2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=W/PPC2KioyWniP9baICxfFDBg8gFnzcUeyPstzcnyUs=; b=Y5L2YqIcVz+j8OD/lU+9BwD6sBlYF2TeYFkURyJiNYiNVG+aidrRreM9sv+oyA85C5 pB0zL7FOZJbo0/heHOaVTycDy0ymYG9rvZ3eE4J4sWM9h6q8mi8zsv4BHPpkGbriSnh9 mARon+aTDPDr5OS+11nQfEyZtYPyMucBGgEit7rSmUxCn5GZfGshrTXymR2M1qA69VSz pWlwZz3n7bh3b1ZCRCrAlIQltxTzaBGf9u76lVXNys4JCX2AyoA9qmnKNJ5RRkc0k9NK mZCeOkFzJY3fsMPdYtXFXLfQwsxwVZNdKhskWa8Os1qIH2LRuBwOvEK6Ik647US6OwpM XDJw==
X-Gm-Message-State: APjAAAUm8kzKvk7vctviDjQrBUb/50dlYbRPFwt3AbxF8p6JM7IrcVJb 2dzC/OdLjdRzmRsZQVdZI7OGJo/DwDoh43O1avI=
X-Google-Smtp-Source: APXvYqxwRJz+Dx/qenbX5YRZLxLqif1W5vfSc3Fe3lj3NLFPr+QJIOXwP5LSCu9PqN6xSzyb7EKsWgW76yTt6kRR1+c=
X-Received: by 2002:a92:9957:: with SMTP id p84mr15299906ili.290.1572643661000; Fri, 01 Nov 2019 14:27:41 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBMQEJ=LE8ATQYnJj59srsK47hf4HT3BMMg3X2crVfSUXQ@mail.gmail.com> <CAH1iCiphfkJKAAFTGw78ps-4O9BBRW2kKyWhXvnOJHx9VGHkuw@mail.gmail.com>
In-Reply-To: <CAH1iCiphfkJKAAFTGw78ps-4O9BBRW2kKyWhXvnOJHx9VGHkuw@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Fri, 01 Nov 2019 14:27:14 -0700
Message-ID: <CA+9kkMCoAduVAgoekUQiJVpW+WRBNcPaKcnBBEvZWu1DKF2LjQ@mail.gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Cc: Eric Rescorla <ekr@rtfm.com>, dns-privacy@ietf.org
Content-Type: multipart/alternative; boundary="000000000000c5b4cc05964fa2f1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/diiLCxMK4rWZo2VsVnviT8e4STs>
Subject: Re: [dns-privacy] Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 21:28:06 -0000
(cutting a good bit) On Fri, Nov 1, 2019 at 12:54 PM Brian Dickson <brian.peter.dickson@gmail.com> wrote: > > > If the attacker does not have access to the timing data, IMHO the R2A > queries expose no PII, since the query data cannot be associated with an > originating client. > In the cases where EDNS Client Subnet is used, it does seem to associate the query with a pool of potential clients even when there is no timing data; depending on the size of that pool, this could easily represent a loss of privacy. > In this case, an on-path active attacker isn't actually a threat (!!). > > Even without EDNS Client subnet, the active attacker now has access to new targeting data. Let us say that the active attacker sits in front of vlogsite.example. If the attacker sees a query for free-disputed-territory.vlogsite.example, the information that specific recursives are seeing that traffic may be of interest to one or more of the parties disputing the territory. If this strategy is used, this creates an interesting side effect. On a > busy enough resolver, the regular cache refresh traffic may be significant > enough to negatively impact timing attacks against encrypted C2R traffic in > determing IP/QNAME matches, even if port 853 is blocked and all traffic is > on port 53. > This is similar to the logic this working group used to conclude that doing the client-to-recursive first was the right choice. I don't think the fact that it is still true when port 853 is blocked refutes the advantages of encrypting recursive to authoritative traffic. This risk needs to be given context, specifically where are the client, the > recursive, and authoritative, and whether an attacker is able to block port > 853 to cause the downgrade? > The current passive attack does not require the attacker to expose her > existence, while port blocking reveals the existence (if not the identity) > of the attacker. > I think Eric's point is different from a standard downgrade by port blocking. If the attacker is on path and there is no authentication of the authoritative server, then a back-to-back user agent can be used to eavesdrop on the query traffic. Your recursive makes a TLS connection to the attacker and sends a query; the attacker reads it and retrieves the answer from the authoritative server in order to provide you a reply. You get the right answer (and can even use DNSSEC to check it), but the query stream still leaked to the attacker. This is an active attack (because the attacker terminates the TLS connection and starts a new outbound connection), but the result is equivalent to what a passive attacker would get from port 53 data. regards, Ted
- [dns-privacy] Threat Model Eric Rescorla
- Re: [dns-privacy] Threat Model Christian Huitema
- Re: [dns-privacy] Threat Model Brian Dickson
- Re: [dns-privacy] Threat Model Ted Hardie
- Re: [dns-privacy] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] what's good enough, or Threat M… John Levine
- Re: [dns-privacy] what's good enough, or Threat M… Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] what's good enough, or Threat M… John R Levine
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model David Conrad
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] Threat Model Livingood, Jason
- Re: [dns-privacy] [Ext] Threat Model Tony Finch
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model John Levine
- Re: [dns-privacy] [Ext] Threat Model John Levine
- Re: [dns-privacy] [Ext] Threat Model Tony Finch
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Dan Wing
- Re: [dns-privacy] [Ext] Threat Model Mark Andrews
- Re: [dns-privacy] [Ext] Threat Model Ralf Weber
- Re: [dns-privacy] [Ext] Threat Model Hugo Connery
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Ted Hardie
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Bob Harold
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Ebersman
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Bob Harold
- Re: [dns-privacy] [Ext] Threat Model sthaug