IETF Logo Mail Archive

Re: [dnssd] Confirming consensus from DNSSD Privacy discussion in Bangkok

Ted Lemon <mellon@fugue.com> Thu, 15 November 2018 15:23 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5A00130DCF for <dnssd@ietfa.amsl.com>; Thu, 15 Nov 2018 07:23:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fQqsDQrhAZcP for <dnssd@ietfa.amsl.com>; Thu, 15 Nov 2018 07:23:55 -0800 (PST)
Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B75A5130DCE for <dnssd@ietf.org>; Thu, 15 Nov 2018 07:23:54 -0800 (PST)
Received: by mail-qk1-x72b.google.com with SMTP id n12so32306551qkh.11 for <dnssd@ietf.org>; Thu, 15 Nov 2018 07:23:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fuAIRAjehBHtZVuESiLyGD5MNK+751Bty0BaBEGDZ8Q=; b=Ff7c+AuQyBV7iBYBlNp4YdI4aaJ2Nw7pkk9zdPoTXyQM3bm5jb9QyPYiK1igdn5I0B A0Pm1/eX/wKFtKMm9iJv1JTn5qmDH0D+BycNkFS3x7ZQzl2yyvz+V3oVbW6aBFgcKof4 yPOpvcSprWLtXr3p9+p+K9HZKZAPCaLtn6nzOM+sm7pSB77qNA2uvOKRsMPOmHdYKGqo NawTKzGQhBUVZVAp6vLB8QhkB84P++/EEBLEqebzK0ZGsu5JOOp587NBaTbU6Psara/e j/pn19Jk7WsBFAs0B2BPWtpiq93JOoWwlWjajsC52pzQXj7D4j8azn50UCa18LkqW5K+ srEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fuAIRAjehBHtZVuESiLyGD5MNK+751Bty0BaBEGDZ8Q=; b=h9C0JpVn8+f5ZdH4j7PV8jDHuT6OKmxONkDVrMGacmGGJJkuwMc/xD4nQURKNob+fH sD/EkNij9nNT8lwvppN47nxmhfZvB0MvnPOP38e992GoF4TrhwrlvUYtpEKAGMy8tCK2 MM0nTx0V/wjRinu3XE8OCKlnqhqApNYW6jluqPo1LR4XAslKQzLX9suw2dRXB092Ma/X byvXgF3H7LHj6bX4LO69VOSAvI+egVF7X0W33NmZStQMcs+wEKDUXznKg9MwN9WTn+Y+ Xo7AINImF0THX1BhksQMCQJ54mkYbZqy23c+xuduyAf4NOEfJt8nVhLXE6QO+VXqNSWi pKlg==
X-Gm-Message-State: AGRZ1gKIuJdelWx/Km4IdMOX4j8fjkW5kXxXOa0hgdW7+K8xVC34/MhG ZPkWYaZbyRoYX3B/6hLYoog2oR14nzZomD2pgc5Rqg==
X-Google-Smtp-Source: AJdET5eoOMOgqYOvi0DYyoJ+wNIhxAsbIMsj8xV51VZpSbPF2ex3oGhr4KdbuMYn57xRp4EYzRT7RUOQ//ZP3lxo0yY=
X-Received: by 2002:a0c:c966:: with SMTP id v35mr6625744qvj.45.1542295433498; Thu, 15 Nov 2018 07:23:53 -0800 (PST)
MIME-Version: 1.0
References: <CAPDSy+6YyW_G7uwfwGPv1KLtJqL96dZ87R-5pnmmffEEniTigg@mail.gmail.com> <47A82E32-32B9-476F-AB79-76C8D182624F@apple.com>
In-Reply-To: <47A82E32-32B9-476F-AB79-76C8D182624F@apple.com>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 15 Nov 2018 10:23:17 -0500
Message-ID: <CAPt1N1nzbyMVDofO-FWmL3hxjZykE=5BWaL_+DkCCdcH4oPOEQ@mail.gmail.com>
To: bradley@apple.com
Cc: dnssd <dnssd@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000073f5a5057ab5a345"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/1-kVfJ6Dw2zEuamFxwhSzLwDpyo>
Subject: Re: [dnssd] Confirming consensus from DNSSD Privacy discussion in Bangkok
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Nov 2018 15:23:57 -0000

Hm.  To your point #4, I guess the question is, how easy is it for the
public key to leak?   If you ever share your public key with anyone, they
can definitely spoof you, but what do they get out of that?

On Thu, Nov 15, 2018 at 12:36 AM Bob Bradley <bradley@apple.com> wrote:

> I'm a little unclear what is being considered single-stage vs two-stage.
> How is single-stage able to send encrypted without knowing the destination?
> Is it encrypting a query with an asymmetric private key and multicasting?
> Or does single-stage refer to the predictable nonce approach? I was
> considering predictable nonce's two-stage because it has to first discover
> known peer service instances (stage 1) then perform encrypted
> queries/responses (stage 2).
>
> Regarding the discussion:
>
> 1. Server mode. My proposal doesn't have a good way to support it. Normal
> server mode wasn't an important use case for me, but sleep proxy support
> would be nice. I just don't know how to do it yet, at least not without
> giving the sleep proxy your keys.
>
> 2. Multicast traffic. One problem I saw with draft-ietf-dnssd-privacy is
> each device advertising a service instance for each pairing. The network
> I'm on now has 300+ devices and if each one has 50 friends, that's 15000
> service instances on the network, which seems very high.
>
> I tried to reduce this by each device only advertising itself via
> multicast and then everything else is unicast. The first part of key
> exchange was also rolled into the advertisement packet to allow a single
> query packet and single response packet while still maintaining forward
> secrecy and per-pairing confidentiality.
>
> 3. CPU cost. This seems to be a comparison between more packets, but lower
> per-packet cost (in the per-pairing service instance model where
> predictable nonce hashes are precomputed) vs fewer packets, but more
> expensive per-packet signature verification. The two main use cases I was
> considering were home networks (where neither traffic nor CPU is likely to
> be an issue due to the small number of devices) and busy enterprise
> networks (office, dorm, coffee shop), which I assumed would be more
> powerful devices (laptops, phones, servers) where reducing traffic would be
> more important than the CPU usage for checking multicast probes.
>
> 4. One privacy concern regarding predictable nonces is that it would allow
> spoofing. Anyone with your public key could generate your predictable
> nonce. It could also enable friend relationships to be recovered. Maybe not
> a huge concern, but something to consider. Even the signature approach has
> a replay vulnerability, but it's time bounded.
>
> On Nov 14, 2018, at 5:37 PM, David Schinazi <dschinazi.ietf@gmail.com>
> wrote:
>
> Hello everyone,
>
> It the room at IETF 103, there was a very productive discussion about
> DNSSD privacy:
> https://www.youtube.com/watch?v=hPuTD19R-uQ&t=28m43s
>
> During that discussion, the room reached consensus on the following items:
>
> 1) single-stage approach -- Up until now, we were considering two
> approaches: single-stage (send encrypted and authenticated service
> identifier, receive encrypted and authenticated service response) and
> two-stage (send encryption and authenticated identifier, receive encrypted
> and authenticated response, derive secrets, send and receive subsequent
> queries encrypted using derived secrets). There was consensus in the room
> to go with the single-stage approach.
>
> 2) Use of TLS -- The single-stage approach no longer requires a key
> exchange mechanism such as TLS. There was consensus in the room that we do
> not need TLS as part of this protocol.
>
> 3) Evolution of documents -- It was proposed that we would take all input
> and compound it into a single document and only advance that one. We will
> use draft-ietf-dnssd-privacy since that document has already been adopted
> by the working group. Christian Huitema has offered for Bob Bradley to join
> as co-author if Bob would like.
>
> If you disagree with any of these points, please say so before 2018-12-02.
>
> Thanks,
> David
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd
>
>
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd
>

v2.23.0 | Report a Bug | By Email