Re: [dnssd] dnssd privacy draft
Daniel Kaiser <daniel.kaiser@uni-konstanz.de> Tue, 05 July 2016 04:53 UTC
Return-Path: <daniel.kaiser@uni-konstanz.de>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2C5512D091 for <dnssd@ietfa.amsl.com>; Mon, 4 Jul 2016 21:53:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.626
X-Spam-Level:
X-Spam-Status: No, score=-5.626 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HLRPD86qX218 for <dnssd@ietfa.amsl.com>; Mon, 4 Jul 2016 21:53:25 -0700 (PDT)
Received: from purin.rz.uni-konstanz.de (purin.rz.uni-konstanz.de [134.34.240.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3551126B6D for <dnssd@ietf.org>; Mon, 4 Jul 2016 21:53:24 -0700 (PDT)
Received: from nkongsamba.rz.uni-konstanz.de (HELO smtp.uni-konstanz.de) ([134.34.240.62]) by viribus.rz.uni-konstanz.de with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Jul 2016 04:53:22 +0000
Received: from [10.51.2.34] (unknown [133.25.247.201]) (Authenticated sender: daniel.kaiser) by smtp.uni-konstanz.de (Postfix) with ESMTPSA id 760C534; Tue, 5 Jul 2016 06:53:21 +0200 (CEST)
To: Alf Watt <alf@istumbler.net>
References: <CABkgnnU68Rwsy7Hn5jwCP7ytXh3MmGw_h4a_E8hjri0X_P3kWw@mail.gmail.com> <04a901d1ce4e$52e056e0$f8a104a0$@huitema.net> <CABkgnnXrEW8tDvOzzyMPZT0KrUDvTX2MdNB7w5712ZbPNNOcUQ@mail.gmail.com> <1674621C-3632-4F32-8552-8625D0BCE1DE@istumbler.net>
From: Daniel Kaiser <daniel.kaiser@uni-konstanz.de>
Message-ID: <c20b47f4-11fd-0873-8a09-aa141c0d45b1@uni-konstanz.de>
Date: Tue, 05 Jul 2016 06:58:38 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <1674621C-3632-4F32-8552-8625D0BCE1DE@istumbler.net>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms020200020700060906060800"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/Gn1VG1lbylPzgKgucM-vFclKv_k>
Cc: Christian Huitema <huitema@microsoft.com>, dnssd@ietf.org, Martin Thomson <martin.thomson@gmail.com>
Subject: Re: [dnssd] dnssd privacy draft
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2016 04:53:28 -0000
We already took the SIGMA-protocols, which IKE is based on, into consideration. The method proposed in rfc4322 depends on keys retrievable via DNS and on DNSSEC; I think configuring this would pose to much overhead. Further, rfc4322 proposes means for opportunistic encryption which is not what we want as a means for establishing a pairing. For a pairing, the users should authenticate each other. As of yet, we have mainly discussed means of pairing for users meeting in person; in this scenario, authentication can be easily performed by verifying a fingerprint. Users are already used to this workflow when using chat applications like "Signal". To offer the possibility of zero configuration pairing, we discussed using a pairing service announced via mDNS in trusted networks (e.g. at home). kind regards Daniel On 06/27/2016 06:17 AM, Alf Watt wrote: > Opportunistic Encryption using the Internet Key Exchange (IKE) might be suitable for the purposes proposed here. > > https://tools.ietf.org/html/rfc4322 > > Best, > Alf > >> On Jun 26, 2016, at 5:32 PM, Martin Thomson <martin.thomson@gmail.com> wrote: >> >> On 25 June 2016 at 05:26, Christian Huitema <huitema@huitema.net> wrote: >>> Yes. The point is, do we have the appetite to design a pairing protocol in >>> this group? If we do, my preference would be to describe this pairing >>> protocol in a separate draft. >> >> Sounds like hard work :) Might be worth doing though. > > _______________________________________________ > dnssd mailing list > dnssd@ietf.org > https://www.ietf.org/mailman/listinfo/dnssd >
- Re: [dnssd] dnssd privacy draft Daniel Kaiser
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Alf Watt
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Christian Huitema
- [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Tim Chown
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Christian Huitema