Re: [dns-privacy] [SPAM] Re: New draft on encrypting the stub-to-resolver link: draft-hoffman-dns-tls-stub-00.txt
"Hosnieh Rafiee" <ietf@rozanak.com> Thu, 21 August 2014 06:46 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E27AA1A0695 for <dns-privacy@ietfa.amsl.com>; Wed, 20 Aug 2014 23:46:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g8DuEUn2lRK7 for <dns-privacy@ietfa.amsl.com>; Wed, 20 Aug 2014 23:46:51 -0700 (PDT)
Received: from mail.rozanak.com (mail.rozanak.com [IPv6:2a01:238:42ad:1500:aa19:4238:e48f:61cf]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 070451A6F97 for <dns-privacy@ietf.org>; Wed, 20 Aug 2014 23:46:51 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mail.rozanak.com (Postfix) with ESMTP id 1C24F5660142 for <dns-privacy@ietf.org>; Thu, 21 Aug 2014 06:46:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at rozanak.com
Received: from mail.rozanak.com ([127.0.0.1]) by localhost (mail.iknowlaws.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nQ_E6_jybDUU for <dns-privacy@ietf.org>; Thu, 21 Aug 2014 08:46:19 +0200 (CEST)
Received: from kopoli (p5DCC776E.dip0.t-ipconnect.de [93.204.119.110]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.rozanak.com (Postfix) with ESMTPSA id 304FA5660140 for <dns-privacy@ietf.org>; Thu, 21 Aug 2014 08:46:19 +0200 (CEST)
From: Hosnieh Rafiee <ietf@rozanak.com>
To: dns-privacy@ietf.org
References: <00ba01cfbbf9$d561f010$8025d030$@rozanak.com> <20140820143453.GD1065@mx1.yitter.info> <814D0BFB77D95844A01CA29B44CBF8A7A28554@lhreml513-mbb.china.huawei.com> <20140820152343.GH1065@mx1.yitter.info> <814D0BFB77D95844A01CA29B44CBF8A7A285FA@lhreml513-mbb.china.huawei.com> <20140820155522.GJ1065@mx1.yitter.info> <006201cfbcb3$d64e0940$82ea1bc0$@rozanak.com> <20140820212332.GG2464@crankycanuck.ca> <008101cfbcc6$09d9d110$1d8d7330$@rozanak.com> <20140820234921.GA2797@mx1.yitter.info>
In-Reply-To: <20140820234921.GA2797@mx1.yitter.info>
Date: Thu, 21 Aug 2014 08:46:15 +0200
Message-ID: <001701cfbd0b$9c434d20$d4c9e760$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQKUPlzldp8EhTskZiJwFszuzAaxyAJcgbntAd3fAtYBfgMRSgJ6DAKrAnqN6C8Co0HSZgIg9wccAO482t0BvBshJpnAnEvw
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/jNGl4q-thPE4E4OUm4ySea_cNe8
Subject: Re: [dns-privacy] [SPAM] Re: New draft on encrypting the stub-to-resolver link: draft-hoffman-dns-tls-stub-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 06:46:53 -0000
> > This is the nub of your latest argument. Your own classification bring this new argument... > So that we're clear: we're imagining a defence against wide-spread > surveillance enabled in part by the fact that there is a concentration of very > large recursive resolvers that historically not been the case. Agreed.. this is the topic of discussion > Therefore, the flow of network traffic toward those recursors is attractive for > surveillance. Right? That's anyway the circumstance I'm thinking about. Not quite sure... the next flow is attractive for him and not exactly the flows go to recursive DNS server , if, according to your last message the actor want to find a behavior patterns between different flows or analyses the user behaviors... The next flows actually goes to a server or a website. > Now, under your new concern, the surveillance actor must correlate a given > encrypted query flow towards a resolver with a very large user > (client) population, correlate that resolver query with a _possible_ outbound > query from the recursive server to the relevant authoritative servers (which > of course might not happen because of caches), I am not sure about the second part... why the surveillance actor needs to do the correlation between authoritative name servers and recursive? based on the information available in stub resolver query request... he already has all data .. and he doesn't need to go step by step up.. I don't think that he wants to find the DNS servers.. In other words, the first query gave all those information. So could you please clarify what kind of correlation you mean here? >and then correlate the action > with another outbound flow toward whatever service the original user was > planning to connect to. I think here.. he doesn't need this correlation. Because, if behavior patterns are what he looks or what user usually browse, search, connect, etc. per day.. then the next flow is important. > I am very far from believing any more that nobody could do this kind of large- > scale analysis, but it certainly makes the kind of surveillance we're talking > about way harder and way more expensive. That doesn't seem like nothing. This is what I am not quite agree on. In my opinion, our current problem is the wrong focus about privacy. In other words, it appears to me that the focus is only on some domain names . While I think domain names alone give no meaningful and useful information to anyone... but the next flow gives important information that is the correlation between a flows from end user to a service (servers but not DNS servers) but with this way of encryption we did not hide this correlation and still exist. (it appears that for this correlation the solution is like what I said in last message, tunneling to hide not only the first flow but the next interesting flows). So, this is the case that I think encryption doesn't make this process expensive unless the surveillance actor have no possibility to sniff the next flows . (the flows from end user to a service like a webserver) without the help of a recursive DNS server. . If this is the case, I agree with your argument... otherwise encryption doesn't change anything since our target person in discussion is looking for something else and we encrypted something that was in no interest of this person. To be clear, please just focus on this scenario where a surveillance actor just skip any traffic goes to a recursive DNS server. But he analyses traffics that comes from users to services. If he has this access to analyze this traffic. He can do this without bothering himself as he is not interested to complicate his data analysis by following the traffic goes to DNS recursive. Therefore, He directly follow traffics that initiated from different users and goes to certain unknown locations. In other words, recursive DNS server is only the helper tool or that flow is only a helper flow, But this helper flow only works in case where the surveillance actor has no possibility to sniff the next interesting flows. But in your example, it appears that this is not a case and he want no meaningful correlation between DNS flows and next flows. While, I think, directly he can have next flows without this correlation. So, when he have access to both traffic flows (DNS recursive and flows end users to services)... why he should bother himself to sniff traffic to DNS server that is of no interest? > This misses the fundamental problem in the way you're approaching this > issue: "just generalise" from specific to all cases. But while set-theoretic > expansion works trivially that way, in practice things are harder to achieve. > "Just generalise" is the way that Internet services that work just fine for 200 > do not work at all for 2 000 000. This is one approach to solve the problem and I am sure you and all people in IETF are familiar with (Divide and conquer algorithms).. in other words, such problem cannot be easily understood if we do not make it as simple as possible. After the solution works for simple case we can also extend it to larger case and see whether or not it still works. Then at the end we can evaluate the solution to this problem as a whole... Best, Hosnieh
- [dns-privacy] New draft on encrypting the stub-to… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Joe Abley
- Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
- Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Carsten Strotmann
- Re: [dns-privacy] New draft on encrypting the stu… 神明達哉
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Paul Wouters
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Carsten Strotmann
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Stephane Bortzmeyer
- Re: [dns-privacy] New draft on encrypting the stu… 神明達哉
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Hosnieh Rafiee
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Jacob Appelbaum
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Paul Wouters
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Jacob Appelbaum
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Paul Hoffman
- [dns-privacy] draft-hoffman-dns-tls-stub-01 posted Paul Hoffman
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… David Ulevitch
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Andrew Sullivan
- Re: [dns-privacy] [SPAM] Re: New draft on encrypt… Hosnieh Rafiee
- Re: [dns-privacy] New draft on encrypting the stu… Wes Hardaker
- [dns-privacy] Authenticating the resolver Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… Mark Andrews
- Re: [dns-privacy] New draft on encrypting the stu… Wes Hardaker
- Re: [dns-privacy] Authenticating the resolver Wes Hardaker
- Re: [dns-privacy] Authenticating the resolver Paul Hoffman
- Re: [dns-privacy] New draft on encrypting the stu… John Heidemann
- Re: [dns-privacy] New draft on encrypting the stu… Phillip Hallam-Baker