Re: [dnssd] Confirming consensus from DNSSD Privacy discussion in Bangkok
Christopher Wood <christopherwood07@gmail.com> Thu, 28 February 2019 01:40 UTC
Return-Path: <christopherwood07@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73D20130F13 for <dnssd@ietfa.amsl.com>; Wed, 27 Feb 2019 17:40:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L_07zoOTZ2s0 for <dnssd@ietfa.amsl.com>; Wed, 27 Feb 2019 17:40:25 -0800 (PST)
Received: from mail-yw1-xc33.google.com (mail-yw1-xc33.google.com [IPv6:2607:f8b0:4864:20::c33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1694130EF7 for <dnssd@ietf.org>; Wed, 27 Feb 2019 17:40:24 -0800 (PST)
Received: by mail-yw1-xc33.google.com with SMTP id 189so9819299ywi.3 for <dnssd@ietf.org>; Wed, 27 Feb 2019 17:40:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=KnEK9gMm4Y9MrMOyUrGwsI4PAnhrJCFPovF7zX+s8EE=; b=n+4yX8Uq6NSmlX67l4DyKnktRJv2fi9hKejhZo8fKyQ4pcWAebCA0pzmIYdBuz5AwE HJlWfZ4d0N6mLnnEnZKqu4Rtj+A9qoxkxvP00JBvfStw0KVczzZmKLVnDjm+YeAC/Dva J4oAoC+4LgDbb4Z5djvweHZL+kfX/1v2ffw69g32kWUU5gAhPpU8QdTIjiJoVG+W4AxR 6Wln71QfkGIfy1M6TcogWvXeCi9YRdissDzF3U24fP+xr0azfeqxXxV6PHVLlI+snIOv RQxKiFZOkZR9QZ57gmsDUcdHYD1vQh4YsZyzlTNB3n4vERjTpWgFBEBXAYc4ZhuGfRu+ C6kQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=KnEK9gMm4Y9MrMOyUrGwsI4PAnhrJCFPovF7zX+s8EE=; b=V0tEozE6ndPmPZfnyU63a8BYt6Te/VtXc3tAvvGrzG3TscRb4fqUpqQYTUW2Uafljp a3PxckqS/ZIzDDl2INxOXE+2ZjqM7SmrM3wXtLnBGLSis417qZnTXEdCUBih4aA4XnN0 lgWMz8ZydnapwP7zL/xyg/0bdP9irm4KFDIqrP64yP3CcR0IvbMMQVENZ0QQKzTKAInt O8hF8e4yIF8Q2KJiX2LwOG7/R1fknf93YZ/BKyk/dMcHZLLxRmud4l3gwVshqMJN7VwB RZSOc5ai+GgjMKQnmWVFP0/xY/ZBpJzyJoCIMgUwmY2TXE/e4Wwer+imfOJd+RiMwZi3 mOVw==
X-Gm-Message-State: AHQUAub9jl895LwVVRkHgy4r0RK3/toZ/TN6E2EJkj6yrqZxW4I3ywA0 j/1Xs07t2MzR0xqVilsbENYNqa5gAB9vwybcxsY=
X-Google-Smtp-Source: AHgI3IZqfU7P9auGPFmUr2A9XoO0RKn3QxwxjsvRrqcRVLZmhKmpbaBVRosFUwz5tKH0a4EYxxT3I697vkKqJON9NCY=
X-Received: by 2002:a81:49d4:: with SMTP id w203mr3606287ywa.208.1551318023862; Wed, 27 Feb 2019 17:40:23 -0800 (PST)
MIME-Version: 1.0
References: <CAPDSy+6YyW_G7uwfwGPv1KLtJqL96dZ87R-5pnmmffEEniTigg@mail.gmail.com> <47A82E32-32B9-476F-AB79-76C8D182624F@apple.com> <CAO8oSXkGAErtKQgMGGT+88PY4Y+wJ_6Rz493exaymZ_L8F4FNg@mail.gmail.com> <CAPDSy+68V=rx8cAbVq6rKxNbb9yHisCCPURwHoLKsA179NooLw@mail.gmail.com> <e9b4900d-94e3-c79a-2a72-e2f996663b9d@huitema.net> <CAPDSy+4d27SQCStGzPpzzv=pjGiCM+0df988BesRGHdV_vvteA@mail.gmail.com> <CAO8oSXnXre29hjbNCZ1N7b8VBRMubS1yO5_XXr7VY2yxzNAWGw@mail.gmail.com> <1fc0ba86-2619-6efb-5e89-aa0a025c998e@huitema.net> <CAO8oSX=rWYxkKq0H5dEJDKq_Hs3tH2gqSxQ-Cr_SaHDPkrvvCA@mail.gmail.com> <CAO8oSXkfszNXUT6gr1G2OEWgJXe-cX_S4yAJmLm5sUqN0SQ54w@mail.gmail.com> <CAPDSy+7UvYdNOeYZg-R2b+eXuvGNMguXDWtkKgotVpLP5YPk4g@mail.gmail.com> <3d4d353e-5cb5-e35f-fc31-db819b4b2506@huitema.net>
In-Reply-To: <3d4d353e-5cb5-e35f-fc31-db819b4b2506@huitema.net>
From: Christopher Wood <christopherwood07@gmail.com>
Date: Wed, 27 Feb 2019 17:40:12 -0800
Message-ID: <CAO8oSX=9Fi60GigVWgCRkLXxwgF8aD1BveVNicz6_m5S-MQnYg@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, DNSSD <dnssd@ietf.org>, Bob Bradley <bradley@apple.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/7nltAfwi5iixDjxGMu-zg2-4Nz0>
Subject: Re: [dnssd] Confirming consensus from DNSSD Privacy discussion in Bangkok
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 01:40:30 -0000
On Wed, Feb 27, 2019 at 5:37 PM Christian Huitema <huitema@huitema.net> wrote: > > > On 2/27/2019 4:48 PM, David Schinazi wrote: > > <chair hat off> > Given that our main target is local networks, I personally believe spending an extra round trip to prevent dictionary attacks sounds worth it. > > I am thinking of using the ESNI extension, or developing a very similar extension specifically for the purpose of private discovery. The ESNI extension format is defined in https://datatracker.ietf.org/doc/draft-ietf-tls-esni/?include_text=1 as: > > struct { > CipherSuite suite; > KeyShareEntry key_share; > opaque record_digest<0..2^16-1>; > opaque encrypted_sni<0..2^16-1>; > } ClientEncryptedSNI; > > The service name is encrypted, but we would have to do something to not reveal the hash of the key in the "record digest". This seems to highlight my main reservation about the 1-RTT approach. I think we ought not to complicate things and just pay the round trip. Best, Chris
- [dnssd] Confirming consensus from DNSSD Privacy d… David Schinazi
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Bob Bradley
- Re: [dnssd] Confirming consensus from DNSSD Priva… Ted Lemon
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Bob Bradley
- Re: [dnssd] Confirming consensus from DNSSD Priva… Ted Lemon
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… David Schinazi
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… David Schinazi
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… David Schinazi
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… Bob Bradley
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christopher Wood
- Re: [dnssd] Confirming consensus from DNSSD Priva… Michael Richardson
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Martin Thomson
- Re: [dnssd] Confirming consensus from DNSSD Priva… Christian Huitema
- Re: [dnssd] Confirming consensus from DNSSD Priva… Daniel KAISER