Re: [dns-privacy] Fwd: New Version Notification for draft-ghedini-dprive-early-data-02.txt
"Martin Thomson" <mt@lowentropy.net> Wed, 26 February 2020 18:22 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97EC43A1059 for <dns-privacy@ietfa.amsl.com>; Wed, 26 Feb 2020 10:22:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=m2afBkGC; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=mBak9x1C
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 857hnGTXS7yt for <dns-privacy@ietfa.amsl.com>; Wed, 26 Feb 2020 10:22:08 -0800 (PST)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 310B33A1056 for <dns-privacy@ietf.org>; Wed, 26 Feb 2020 10:22:08 -0800 (PST)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id ACF6A4E6 for <dns-privacy@ietf.org>; Wed, 26 Feb 2020 13:22:05 -0500 (EST)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Wed, 26 Feb 2020 13:22:05 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=DzjcjJUVtwyQJ3fN0FYJRksaduMdRUg FIRZ/7NX56+o=; b=m2afBkGCaejpbb499+t5hVId0B2my66kyzele9Ldg7IjrQI 8Jd27aLMgi+/K6BHe2EOxEhGwg/eSzkHEwqKmvrkigUcefAdxzn2hI6dOSmcmOM6 s7I8OSVmecUhwBG09UCVTNGe768jKkzJSs3FlkpuxjbiJMuTNPCfn2TtrVgoO2QI XVqSGax3H/yXcpl+aX+XwQhDpWXrEPARJHJ8yRkHbVv1aLtw2TBHYDOOv3HkS+/L BtHBd9d3n7hRlnviIHj6lZ0bYSuGf+xpRrq8lmVXRNsIwd1w8AbXUuvEbob214sM hIvgi1winlRJd/aPFQdmB9KamEbgMiOoRloRSJw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=DzjcjJ UVtwyQJ3fN0FYJRksaduMdRUgFIRZ/7NX56+o=; b=mBak9x1CQsPQ3VfytDPJjM oh8EMqWuw/xI1aZy0DXOW9jjyHdDZJvvz0tdcZH9yBN8gG9gtDm+2HL9u54RLwcG qFaP38VrYwbDnRobHZnjjqIxgbquD5WwT0J+BCVV4Bw8q8mKT2P7FUAKCSx6iyGc X5ruZKBUHCuvFrP8mvD/lVqjzed4/DtF3gLZrMlmzcZG/JbcYnXs+rzxg9sm7Oxm zMGmgAOAV0/dcCU9K2Vm5gygKEkZO4aXINynGiDevYshgY78rFre5EnUS0udCTpC M3YUT7ZfWKzlWSQ4oDq7L+fyzDDt3MhPht+omDlR+Rspm3iCsU/DSSYtAo6Vdx0w ==
X-ME-Sender: <xms:TbdWXl60H562kM9dgf_30tmA9z5T-B2rShJQg1ngZOONVqSZNTSoQQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrleeggdduudefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:TbdWXnI1WTujLduBU2HKzfLTX8Py7Fhv149q17MkpnAJ5OaJEMxY-A> <xmx:TbdWXncaw03J9GEhQ5JkksxAGHrm5qfzR6mLRFRm5uGY4Db8d7wL5g> <xmx:TbdWXic4jAzwZ9IiTko6jkQKmg5xNPQX9zMeQZqPvmrdU_IHjflphQ> <xmx:TbdWXhSkIKt3__bkNGvYKNOjk66EPwyW6zG4GR_C6E3R6zt9So7jgA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0CBA8E00AC; Wed, 26 Feb 2020 13:22:05 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-947-gbed3ff6-fmstable-20200220v2
Mime-Version: 1.0
Message-Id: <4d09d740-897d-4d73-81f5-3587b563f199@www.fastmail.com>
In-Reply-To: <ef8e3693-79cc-0812-ad74-ed4a19c7ff50@cs.tcd.ie>
References: <158264066052.15564.14264935853918182437.idtracker@ietfa.amsl.com> <20200225151359.GA57690@wakko.flat11.house> <ef8e3693-79cc-0812-ad74-ed4a19c7ff50@cs.tcd.ie>
Date: Wed, 26 Feb 2020 11:21:42 -0700
From: Martin Thomson <mt@lowentropy.net>
To: dns-privacy@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/lloeDp7P0yH6EJ8X7E0xMIRIskA>
Subject: Re: [dns-privacy] Fwd: New Version Notification for draft-ghedini-dprive-early-data-02.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2020 18:22:10 -0000
On Tue, Feb 25, 2020, at 08:54, Stephen Farrell wrote: > If an attacker replays a 0rtt query for an A record, > and the recursive acts on the query before the handshake > is complete by sending a cleartext query upstream and > if the attacker can see that upstream query, wouldn't > that be noteworthy? Noteworthy, yes. This amplifies an existing exposure. That is, as long as a cleartext query from the recursive could be correlated with an encrypted query to the recursive, there is a problem. This says that replays can be used - maybe - to turn one query into N. If you rely on the correlation being from a large anonymity set, this can have a serious impact on the ability of an observer to correlate queries. This might be compounded by the fact that early data might contain multiple queries that can be cross-correlated. Whether that motivates a blanket prohibition on use of early data prior to handshake completion depends greatly on other factors. If we manage to ever get encryption toward authoritative servers, and even opportunistic encryption helps considerably in this case, then this particular problem is eliminated. But I wouldn't rule out making the queries. This only applies where the query cannot be answered from cache. Of course that the potential for replay is likely closely tied to the potential for a cache miss, so we might not consider that to be relevant.
- [dns-privacy] Fwd: New Version Notification for d… Alessandro Ghedini
- Re: [dns-privacy] Fwd: New Version Notification f… Stephen Farrell
- Re: [dns-privacy] Fwd: New Version Notification f… Martin Thomson