IETF Logo Mail Archive

Re: [dnssd] Stephen Farrell's No Objection on draft-ietf-dnssd-requirements-05: (with COMMENT)

Ralph Droms <rdroms.ietf@gmail.com> Tue, 17 March 2015 17:51 UTC

Return-Path: <rdroms.ietf@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2A201A8852; Tue, 17 Mar 2015 10:51:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAhJOfDTEHIq; Tue, 17 Mar 2015 10:51:30 -0700 (PDT)
Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3D491A883F; Tue, 17 Mar 2015 10:51:29 -0700 (PDT)
Received: by qgf3 with SMTP id 3so15236746qgf.3; Tue, 17 Mar 2015 10:51:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wWZjg5dGa9kOQIQ/JErsuHun89o1di42RdnY/ja5/4M=; b=WvvOiovB5UjcwgH5W+tPurA4qoTWlQ0iXZKBQmOEdgBmP8QLr6VGeCXRY1FwD/3qN7 u1n3ooZwNNuU1Cw5SCatVAEvETAfX88cEdcPQFavjKTvcJ63nnB8Ai1i1kD5rG6chBjy ce/seqtlZEPof8NMK8Ml7mkXm8GwaCsiatOZeM/AFR9u8VYwRaL/aJmgoHRpOQCcgfEy aIuPyrcU5Ev3gHfBBejsgjkehvMF7Eqt1V885wUNoLjd20I9l+5hSEI0Z+EOHHR3OEVu W/G/L5qooB01UZmVvkMjBW+zcZGC3R3kywUiJXExniMZeDFmfQyBc+z5q1jgMJZUlG/C KTaQ==
X-Received: by 10.140.149.4 with SMTP id 4mr49236205qhv.10.1426614689137; Tue, 17 Mar 2015 10:51:29 -0700 (PDT)
Received: from ?IPv6:2001:420:2c8b:1300:18e6:dc2d:e21b:8558? ([2001:420:2c8b:1300:18e6:dc2d:e21b:8558]) by mx.google.com with ESMTPSA id t102sm10095320qgt.45.2015.03.17.10.51.27 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 17 Mar 2015 10:51:28 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Ralph Droms <rdroms.ietf@gmail.com>
In-Reply-To: <20150310230433.13239.32024.idtracker@ietfa.amsl.com>
Date: Tue, 17 Mar 2015 13:51:25 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <2C1D6897-BE72-4902-97A6-C5C6943B1EF7@gmail.com>
References: <20150310230433.13239.32024.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/GUlTAOdmIjKH0hAZ3M2_RoPAaCs>
Cc: draft-ietf-dnssd-requirements.all@ietf.org, dnssd@ietf.org, dnssd-chairs@ietf.org, The IESG <iesg@ietf.org>, Chown Tim <tjc@ecs.soton.ac.uk>
Subject: Re: [dnssd] Stephen Farrell's No Objection on draft-ietf-dnssd-requirements-05: (with COMMENT)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 17:51:33 -0000

Stephen - let me summarize the responses to your comments; please let us know if these responses will be sufficient to address your comments...

> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> 
> - section 6 intro: I'm not sure I buy that the set of relevant
> threats is only a union as stated. There are often new threats
> in new environments.

As Kerry wrote, the text is "the security issues are likely to include the union of those discussed in the Multicast DNS [mDNS] and DNS-Based Service Discovery [DNS-SD] specifications."  Given that this text allows for other issues, and the rest of section 6 raises other issues, are you OK with the text as it exists in draft-ietf-dnssd-requirements-05?

> - 6.6: I think one can also leak private information by
> searching in too broad a scope, e.g. if the client can be
> fingerprinted allowing re-identification. I think that's
> different from the example given, and maybe worth noting too.

Kerry pointed out that the difference between the threat from searching for services as opposed to other forms of name resolution in arbitrary zones is unclear.  While it would be possible to edit this text to include searching as well as registration, I think the resulting text would be too restrictive to allow for useful solutions.  Would you be willing to accept the text as it exists or do you have some other new text to suggest?

- Ralph

v2.23.0 | Report a Bug | By Email