IETF Logo Mail Archive

Re: [dns-privacy] Direction of draft-mayrhofer-edns0-padding

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 29 July 2015 13:55 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E7E81A1B98 for <dns-privacy@ietfa.amsl.com>; Wed, 29 Jul 2015 06:55:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qck3OnJeXBDE for <dns-privacy@ietfa.amsl.com>; Wed, 29 Jul 2015 06:55:26 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BF97C1A1B89 for <dns-privacy@ietf.org>; Wed, 29 Jul 2015 06:55:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 86D82BE7D; Wed, 29 Jul 2015 14:55:03 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ml-bgV3X3gKw; Wed, 29 Jul 2015 14:55:01 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.19.103]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 9979DBE53; Wed, 29 Jul 2015 14:55:01 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1438178101; bh=KWU0MAuSYdydD1AhrAZ1Qpxv2BlIs0bUsW+9ZOHStCw=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=xpi/O5lC7f+dKzUIWEeso1xnFQ9gHBbROHM71pvoNqzxZX+Q0AA/97wTmHJppXW1c 3b7uh9ZGR0EJ2oQACirfBkqvwekdJtfDSVt1/NWxXTEFkjGsr90drnxVp+4CU+feCP pPiKFI0DX1O649lIE45xyhFCL523APu2gGPqJB1g=
Message-ID: <55B8DB35.1070906@cs.tcd.ie>
Date: Wed, 29 Jul 2015 14:55:01 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>, Alexander Mayrhofer <alexander.mayrhofer@nic.at>
References: <19F54F2956911544A32543B8A9BDE075468A9354@NICS-EXCH2.sbg.nic.at> <4B26F2B2-AA67-492B-9855-30F8ABF38AF9@vpnc.org>
In-Reply-To: <4B26F2B2-AA67-492B-9855-30F8ABF38AF9@vpnc.org>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/wCLM-_OJNyIcspkRNO91NRyAkmQ>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Direction of draft-mayrhofer-edns0-padding
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 13:55:37 -0000


On 29/07/15 14:41, Paul Hoffman wrote:
> On 29 Jul 2015, at 5:28, Alexander Mayrhofer wrote:
> 
>> Hi,
>>
>> I'm working through my notes from the DPRIVE session regarding the
>> EDNS0 Padding option. My takeaway was as follows:
>>
>> - Generally, this seems to be a reasonable idea
> 
> That may be too strong of an assessment. There were questions about
> whether the padding should be done in DNS or in TLS. My personal view is
> that if the two types of padding give similar benefits, it absolutely
> should be done in TLS for many reasons. 

With no hats, I disagree. Given that we don't yet know how
to effectively pad at any layer, my belief is that we should
define the basic mechanism at every layer so that when someone
does figure it out, the protocol mechanics exist.

The way I think about this is a) the most effective padding
can be done in the application layer, but b) that may not be
feasible so lower layer padding (esp in TLS) should also
exist and on the 3rd hand - there may be a few cases where
different protocols are multiplexed in such a way that one
lower layer padding mechanism could help with both, but
that'll be really rare.

> I think we need to get more
> input (possibly from CFRG) about the benefits of padding at each layer.

(With hat:-) CFRG is not the right group for a few reasons. First -
effective use of padding like this isn't a crypto thing - we're not
dealing with a block cipher here. CFRG are also busy enough right now
on stuff they should be getting done.

But we don't actually have a centre of expertise about effective
padding so I can see why you suggest CFRG. Ideas as to how to try
foster/create such a thing would be welcome. Mostly I think the
hard part there will be to attract the few folks who know about
this topic and are willing to work on it openly.

>> - Besides the use to evade size-based message correlation, this could
>> also be useful in other cases, eg. "proof of work" for clients when
>> requesting larger packets (Peter K.)
> 
> This is possibly a bad idea. In the IPsecME WG, we have had an active
> work item on proof-of-work for clients to prevent DDoS, with lots of
> good discussion on how to do it, and we're probably going to only leave
> it as an Experimental document. In summary, adding proof-of-work hurts
> the group you care most about, namely clients on small machines.

I also think separating out proof-of-work ideas is better.

Cheers,
S.


> 
>> - However, the draft should only specify the option itself, and not
>> indulge into the various usage scenarios
> 
> That's exactly the place we are ending up in IPsecME, and it's not where
> we expected.
> 
>> - The EDNS0 assignment policy is Speficiation Required / Expert
>> Review, hence does not necessarily require an RFC
>> - The preferred way forward is individual draft, AD-sponsored.
>> - Discussion can continue on the DPRIVE list
>>
>> Regarding the actual contents of the draft, my takeaway was:
>>
>> - Is "1" the right minimum length for the option? Why not "0"?
>> - Padding must obviously not exceed the announced EDNS0 packet size -
>> some words about that
>> - No consideration is required whether or not a server may pad,
>> because clients are required to ignore unknown options anyways.
>> - The Security considerations section needs more work.
>>
>> Is that in line with the perception of the WG members? Anything I
>> forgot to mention / consider?
> 
> See above. I propose that we not do this at all if it turns out to be
> better done in TLS so that we don't create an attractive nuisance. If
> CFRG says that it is better to do it in the inner protocol, then we
> should proceed, but with the narrow focus of preventing analysis of
> TLS-protected traffic, not for proof-of-work.
> 
> --Paul Hoffman
> 
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
> 
>

v2.23.0 | Report a Bug | By Email