IETF Logo Mail Archive

Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]

Shumon Huque <shuque@gmail.com> Wed, 10 June 2020 11:55 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEB983A0765 for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 04:55:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xpn7wwCdV-x7 for <dns-privacy@ietfa.amsl.com>; Wed, 10 Jun 2020 04:55:14 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D86053A060D for <dns-privacy@ietf.org>; Wed, 10 Jun 2020 04:55:13 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id l12so2205427ejn.10 for <dns-privacy@ietf.org>; Wed, 10 Jun 2020 04:55:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YSV2Ts1gmT8HfdmSQOYRiRmIedwULfzDgY9l/gvBVSk=; b=QoKLNrOVeHf0+74zalUH7qKWZdRlLo0Z6LIB52XjpCidaYTq/FsSg8ciWlAQG0dRi8 2fFJVtdlodoYDqnJniL3ZwOfGgyHHtDWuisLM3V3DqJY7rkrWPI7l2GZNanTeI1FNawT 6H7LPzDUmz7k+Hplc0fC+RoH01PsFFQxjzJavMdQ1o9HWEpXLG6DaXN7Z31vzuQlBuTk 9wRx4M4MVyd7wosJvQ072dG0TRQ+4mYuujSZmGlcGjx0J3GZpH8UwRTziQuwgEL8jPBJ mbzBIVsOHU31XH2ihmG9MOI/p35jX3a2XlAvkz3MlxwqAbkgi4O/u5v/174STENopr2d UmEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YSV2Ts1gmT8HfdmSQOYRiRmIedwULfzDgY9l/gvBVSk=; b=mIgeQdVmF5Ry8v++qmEHjzUFkk4zYnZm5svqWIQRxdkSr4wokl8S1FvW6T2s40zjwR 12nKaG0g2Wga5zezTXAPUkkNo37JX/3zlDvMREF1EgKylgQf2dwV/oEQnSpZ4kdA+Emf 57PDZa0Cj1Kp8yYGkpS0g8WTCKBJtGuNNrj1/xVVyngS+kPCgsPrdRk3zQTPE9b1Hhsp mA323nKUKnzYWAAYo5K8Y0pQGQpybfBql0knrQRIMW1kjccxygUgZ9tzS6Y1fUgrXZna d1V4bo0XdSENpUcVrz1W/71fwiJy9+8cEVjrP/fpOggGugAh0pJIhmA+waa4E0oeCV6v ueCA==
X-Gm-Message-State: AOAM5313TQ4FvO+qPrjeBOgnf0d2i0D+5AW/vIhNl2LKtaCHOD8X3dsH cDFSIupyvdr6EQVU5gWWYamFNw4FVrXOKACqIoA=
X-Google-Smtp-Source: ABdhPJypRoIJ2OfTxVeseJ8A7pewRFWhiBWUGLgUyEblsDvvTWIO4wR3xp1oMXPXsGIFGUA838Jp/OfPnh76NoYJuSc=
X-Received: by 2002:a17:906:840d:: with SMTP id n13mr2958332ejx.49.1591790112360; Wed, 10 Jun 2020 04:55:12 -0700 (PDT)
MIME-Version: 1.0
References: <CAHPuVdUoZVecj5Jfd6NxyJ-cRhTJTS1N8vcC5pC3uWQECLOCnQ@mail.gmail.com> <20200609183122.203851A5666F@ary.qy> <CAHPuVdVwxSG3pXNECy-2CUtR-bMG4DyQ5cYQPcnf9xNjzVGc4Q@mail.gmail.com> <b10fb7a1-08f9-9cff-f29d-3a43eec6772f@huitema.net>
In-Reply-To: <b10fb7a1-08f9-9cff-f29d-3a43eec6772f@huitema.net>
From: Shumon Huque <shuque@gmail.com>
Date: Wed, 10 Jun 2020 07:55:01 -0400
Message-ID: <CAHPuVdVJ2_DoPpb5C2ET8kEzvfDHACPNQP-2r__sVTQ76WmL4w@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: dns-privacy@ietf.org
Content-Type: multipart/alternative; boundary="000000000000344e9205a7b984e7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/tL2v7rEKuqZzgRIF0-21K3BPYxg>
Subject: Re: [dns-privacy] NS names, was re-evaluation of the draft, was Re: [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jun 2020 11:55:16 -0000

On Tue, Jun 9, 2020 at 11:43 PM Christian Huitema <huitema@huitema.net>
wrote

> There are two tests that matter: first, verify that the NS record is
> genuine and that the designated server is indeed the server chosen by the
> target domain; two, verify that the TLS connection terminates at the
> specified server. It is tempting to take a shortcut and merely verify that
> the TLS connection terminates at a server authorized by the target domain,
> but I don't think that's a good idea. John pointed out a management issue:
> the server would have to manage a large set of certificates, one for each
> domain it serves. But on top of the management issue, there are also
> performance issues and privacy issues.
>
> TLS authenticates the server during the connection handshake. That means
> one authentication per connection. In the case of a resolver accessing
> several domains served by the same big server, that means establishing
> separate TLS connections for each target domain, instead of establishing
> just one connection. That will clearly impact performances, but there is
> also a privacy aspect. In the absence of SNI encryption, the SNI can be
> observed. If the SNI just carries the name of the name server, no big deal.
> But if it carries the name of the target domain, the exchange reveals that
> this particular resolver queried that particular domain. Mix that with
> observation of the traffic to the recursive resolver, and you have an
> interesting privacy leak.
>

Hi Christian - yes, the zone name leakage issue would necessitate
SNI encryption in this design. Coupled with the fact that real privacy
means hiding in a large crowd (i.e. locating the zone name servers on
large DNS hosters serving thousands of zones, whose name server
names and addresses reveal no obvious connection to the zone name),
and the resulting certificate management issues that John pointed out,
this idea looks less attractive.

The more I think about all the privacy leaks that have to be plugged at
the DNS and application layers, Tor increasingly looks better as a
general purpose solution (either as a network to funnel DNS messages
through, or even better, having zone operators locate authority servers
inside Tor as hidden services). It has a significant performance cost,
but real privacy always does.

Shumon

v2.23.0 | Report a Bug | By Email