Re: [DNSOP] Stephen Farrell's Discuss on draft-ietf-dnsop-5966bis-05: (with DISCUSS)
Allison Mankin <allison.mankin@gmail.com> Thu, 07 January 2016 12:40 UTC
Return-Path: <allison.mankin@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 576CE1A8957; Thu, 7 Jan 2016 04:40:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P-0UY6aKp-z9; Thu, 7 Jan 2016 04:40:38 -0800 (PST)
Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 731431A8952; Thu, 7 Jan 2016 04:40:38 -0800 (PST)
Received: by mail-ob0-x233.google.com with SMTP id wp13so190149559obc.1; Thu, 07 Jan 2016 04:40:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=oJWGzWLSjwFC2jFmTiiN6Yz3sGMHwEGf+W9mAkRBXHg=; b=GZbZiLS9OzIKrgLIhw/Rf4bITbaAMaT8dfZJcophvrK8zxNJ4b1q55pbsSN3SeRkz1 z18Uxx+H0a61Kcvr9n/PCy28rWOdTzwoS5p9xLx+PbSznAGIqrWXBxgy4c4WmsnOUt5x S4VeD4QVOLwZzWps+XL83CPNrdmIwqwo1qZI9dYmkNrel2vl2ofLEeZjnPi/OolaWCqD P16pk1FbK5nJGv5jJjNUSy5ZaUjXCiuwR7Fu1feuRiQS1KrFmUWcobRykMvF9QZgyv5O dhD8LsCI5pvwfac/0f5NpNbad/+S1VaePX/ggDm6PUGLAy3sR6UiLrcm5FVoOhovkjn/ Da2w==
MIME-Version: 1.0
X-Received: by 10.182.53.233 with SMTP id e9mr27670033obp.46.1452170437878; Thu, 07 Jan 2016 04:40:37 -0800 (PST)
Received: by 10.202.242.136 with HTTP; Thu, 7 Jan 2016 04:40:37 -0800 (PST)
Received: by 10.202.242.136 with HTTP; Thu, 7 Jan 2016 04:40:37 -0800 (PST)
In-Reply-To: <20160107000918.2664.4578.idtracker@ietfa.amsl.com>
References: <20160107000918.2664.4578.idtracker@ietfa.amsl.com>
Date: Thu, 07 Jan 2016 07:40:37 -0500
Message-ID: <CAP8yD=uLFTuvgAFOTkXffNcOumjet+stgr3gXe2XZOtGqMn7Sw@mail.gmail.com>
From: Allison Mankin <allison.mankin@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="001a11c1d5961a6b970528bdc712"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/mN2opMX1OBOkgrP4b_l_XkNgYJY>
Cc: tjw.ietf@gmail.com, dnsop@ietf.org, draft-ietf-dnsop-5966bis@ietf.org, dnsop-chairs@ietf.org, IESG <iesg@ietf.org>
Subject: Re: [DNSOP] Stephen Farrell's Discuss on draft-ietf-dnsop-5966bis-05: (with DISCUSS)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jan 2016 12:40:40 -0000
Hi Stephen, We're glad you drew this important point to our attention, but it appears to be needed for draft-ietf-dprive-dns-over-tls rather than this draft. In this draft we don't touch on the privacy/TLS motivation for TCP at all, leaving all that for the dprive draft. The dprive draft has just completed WGLC. Some of us are authors on both drafts and we'll propose text on TFO privacy leakage risks to dprive and our dprive AD and you. Thanks, Allison On Jan 6, 2016 7:09 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote: > Stephen Farrell has entered the following ballot position for > draft-ietf-dnsop-5966bis-05: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-5966bis/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > Don't we need text warning that TFO is likely problematic > with DNS privacy and that attacks that try to prepend > information (via TFO) to otherwise secured sessions could > occur? While that might sound a bit far-fetched we have > seen exactly that kind of issue with HTTPS that had > practical impact on Webdav. (The TLS renego and then > triple handshake attacks.) So while using TFO may not > enable a slam-dunk CVE level 10 attack, I think you do > need to consider and talk about it. (Or maybe you did and > figured out no attack can work, but then I'd guess you'd > be so happy, you'd say that too:-) > > I'm not sure how this'd best be resolved, but one thing > might be to talk to the folks thinking about TCPINC as > they have at least hit this as a potential issue for > tcpcrypt and for tcp-use-tls. > > Otherwise, this is a fine document on which I'll ballot > yes when the above is sorted. > > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] Stephen Farrell's Discuss on draft-ietf-d… Stephen Farrell
- Re: [DNSOP] Stephen Farrell's Discuss on draft-ie… Allison Mankin
- Re: [DNSOP] Stephen Farrell's Discuss on draft-ie… Stephen Farrell
- Re: [DNSOP] Stephen Farrell's Discuss on draft-ie… Mankin, Allison