IETF Logo Mail Archive

Re: [dnssd] Confirming consensus from DNSSD Privacy discussion in Bangkok

Christian Huitema <huitema@huitema.net> Wed, 27 February 2019 18:35 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A3201310D2 for <dnssd@ietfa.amsl.com>; Wed, 27 Feb 2019 10:35:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VzbZddbg3DBn for <dnssd@ietfa.amsl.com>; Wed, 27 Feb 2019 10:35:15 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 696151310E4 for <dnssd@ietf.org>; Wed, 27 Feb 2019 10:35:14 -0800 (PST)
Received: from xsmtp06.mail2web.com ([168.144.250.232]) by mx114.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1gz42r-0006Cp-Ee for dnssd@ietf.org; Wed, 27 Feb 2019 19:35:12 +0100
Received: from [10.5.2.49] (helo=xmail11.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1gz42k-0007Ft-Ry for dnssd@ietf.org; Wed, 27 Feb 2019 13:35:02 -0500
Received: (qmail 6418 invoked from network); 27 Feb 2019 18:34:57 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.56.42.202]) (envelope-sender <huitema@huitema.net>) by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA for <dnssd@ietf.org>; 27 Feb 2019 18:34:57 -0000
To: David Schinazi <dschinazi.ietf@gmail.com>, Christopher Wood <christopherwood07@gmail.com>, Bob Bradley <bradley@apple.com>
Cc: DNSSD <dnssd@ietf.org>
References: <CAPDSy+6YyW_G7uwfwGPv1KLtJqL96dZ87R-5pnmmffEEniTigg@mail.gmail.com> <47A82E32-32B9-476F-AB79-76C8D182624F@apple.com> <CAO8oSXkGAErtKQgMGGT+88PY4Y+wJ_6Rz493exaymZ_L8F4FNg@mail.gmail.com> <CAPDSy+68V=rx8cAbVq6rKxNbb9yHisCCPURwHoLKsA179NooLw@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Openpgp: preference=signencrypt
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <e9b4900d-94e3-c79a-2a72-e2f996663b9d@huitema.net>
Date: Wed, 27 Feb 2019 10:34:47 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <CAPDSy+68V=rx8cAbVq6rKxNbb9yHisCCPURwHoLKsA179NooLw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------5A58524AA7FB6C22B43F9633"
Content-Language: en-US
X-Originating-IP: 168.144.250.232
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.25)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5tvyvbqM2+rlZGFYE8Ll8Dt602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvOzXMPpKBnlzcICbdbWbUSKtVjyn5UrUp4n4yKOOaq9AxflDpvuMKifL0Ot10Fq6b7VDj fzzJ6O8jiVhZi+WiYeCsScX6I9Dl5i6VrUM1b/j5+lC8ScYqqrIKKgZkuEMYGaXe0Of4jddu9xC8 8+iQ5nb6BRFVjXUbiREH8mlR1JtPfYZ1V10x8j0kNETJD+nyXtcV2Hz37FuQUlYMDMlHwjIJ0464 etNXHOU+5Kb0QuG3bATPP9eeLWC5kDweN7crsXBXvrLBlKCVRjjdPbjQ4HmidG0pg2HLuLsP3mPp isElTs5Ex5aNZlcgVQFtAhrEij3dKxLhoxcmaInYbR5vlqETd+klAX+KFYkIxu6zxdn+1QmdZsu6 kxo/qWEj6Z1d7VIcMSgqtcKbU9La+AHiCFB9vuYMeDoXsMJDD9CZFW2DHXeua4usuyudZl7ZJWmg 5a0jiD6XqsJZtjQxlyCdseytLy0an6SuH9Dnc48fGLIT5nvmah7oAQX1Q8bvqOef6zFxIBG4U6zc ejwwDTzWEHhqJvBXd7I82n0qpCzrPWiSwKPXNKNk2RVY2K5nyLgw1RWkNIWnHjoiI9QIik6sV5hq 8RGminksXtFq8ejOBuf1PiUt8a2Lj9MmCjDfgJI6+elpXlXsYEKiOTsiESb6idaDg5/bq7ChmPMN Ycw1QSmROOi1GrcaCpWZj2qYWnERja9VIPtUUhELGDVKeDd2fFFm4zuNRcgRKiGg7nXFaZTxCXRq rnqpvNj9xYi9OgZhiimxcJ9s1w9uxbJROTdpUdu+NTKQHNkjJg8xvPcdYB8X9H4DectLaqn7kLkt Zo9lq/27lItOpPwlvQ6ktwDuRituj6ZEfB9v4x8THVh0rVtlyOZYRaCjaXhrY3nerbmurCmoQsay Zkd2YakTHWoyevr4xM5tUrEfL92iWzfzWX2vc1ctxv2vDEIpeWV/lG6Wmg==
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/IRmqaW7To-mYmkeDJzozTq6CYY8>
Subject: Re: [dnssd] Confirming consensus from DNSSD Privacy discussion in Bangkok
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 18:35:18 -0000

I think we understand the envelope of the solutions, but we have to
stabilize three design choices first:

1) Is the server mode important for the scenarios that we are thinking
about?

2) Do we care about compatibility with the existing DNS-SD formats?

3) Do we want private discovery to work as a system component, or as an
app library? (a.k.a. per device or per app.)

We can easily write a spec that works without server mode, using binary
formats, and runs as an app library. That's basically Bob's design, with
an optional tweak to add an hint and minimize the CPU cost of trial
decryption. We could also tweak the same spec and make it somehow fit in
DNS formats, with a liberal usage of TXT records, but I don't know
whether that's justified. We do not have a consensus on a server based
solution, let alone on a server based solution that would reuse DNS
servers. 

Basically, the best way for the chairs and the working group to help is
to focus the work on a key scenario, and answer the three questions above.

-- Christian Huitema


On 2/26/2019 9:35 AM, David Schinazi wrote:
> Thanks for kicking this discussion off again, Chris!
>
> Bob, Christian, is there anything the chairs can do to facilitate
> making progress towards a joint proposal before Prague?
>
> Thanks,
> David
>
> On Mon, Feb 25, 2019 at 7:56 PM Christopher Wood
> <christopherwood07@gmail.com <mailto:christopherwood07@gmail.com>> wrote:
>
>     (Paging back in discussions from the meeting...)
>
>     On Wed, Nov 14, 2018 at 9:36 PM Bob Bradley <bradley@apple.com
>     <mailto:bradley@apple.com>> wrote:
>     >
>     > I'm a little unclear what is being considered single-stage vs
>     two-stage. How is single-stage able to send encrypted without
>     knowing the destination? Is it encrypting a query with an
>     asymmetric private key and multicasting? Or does single-stage
>     refer to the predictable nonce approach? I was considering
>     predictable nonce's two-stage because it has to first discover
>     known peer service instances (stage 1) then perform encrypted
>     queries/responses (stage 2).
>
>     If I understand and remember correctly, the single stage approach
>     would encrypt the service ID in the first query using the recipient's
>     public key, along with the predictable nonce generated using the
>     sender's public key. The response would contain the address of the
>     service in question. If we are concerned with the dictionary attack
>     mentioned earlier, a second round is required.
>
>     I assume the joint design with you, Christian, and Daniel will attempt
>     to find an appropriate balance here.
>
>     Best,
>     Chris
>
>     > Regarding the discussion:
>     >
>     > 1. Server mode. My proposal doesn't have a good way to support
>     it. Normal server mode wasn't an important use case for me, but
>     sleep proxy support would be nice. I just don't know how to do it
>     yet, at least not without giving the sleep proxy your keys.
>     >
>     > 2. Multicast traffic. One problem I saw with
>     draft-ietf-dnssd-privacy is each device advertising a service
>     instance for each pairing. The network I'm on now has 300+ devices
>     and if each one has 50 friends, that's 15000 service instances on
>     the network, which seems very high.
>     >
>     > I tried to reduce this by each device only advertising itself
>     via multicast and then everything else is unicast. The first part
>     of key exchange was also rolled into the advertisement packet to
>     allow a single query packet and single response packet while still
>     maintaining forward secrecy and per-pairing confidentiality.
>     >
>     > 3. CPU cost. This seems to be a comparison between more packets,
>     but lower per-packet cost (in the per-pairing service instance
>     model where predictable nonce hashes are precomputed) vs fewer
>     packets, but more expensive per-packet signature verification. The
>     two main use cases I was considering were home networks (where
>     neither traffic nor CPU is likely to be an issue due to the small
>     number of devices) and busy enterprise networks (office, dorm,
>     coffee shop), which I assumed would be more powerful devices
>     (laptops, phones, servers) where reducing traffic would be more
>     important than the CPU usage for checking multicast probes.
>     >
>     > 4. One privacy concern regarding predictable nonces is that it
>     would allow spoofing. Anyone with your public key could generate
>     your predictable nonce. It could also enable friend relationships
>     to be recovered. Maybe not a huge concern, but something to
>     consider. Even the signature approach has a replay vulnerability,
>     but it's time bounded.
>     >
>     > On Nov 14, 2018, at 5:37 PM, David Schinazi
>     <dschinazi.ietf@gmail.com <mailto:dschinazi.ietf@gmail.com>> wrote:
>     >
>     > Hello everyone,
>     >
>     > It the room at IETF 103, there was a very productive discussion
>     about DNSSD privacy:
>     > https://www.youtube.com/watch?v=hPuTD19R-uQ&t=28m43s
>     >
>     > During that discussion, the room reached consensus on the
>     following items:
>     >
>     > 1) single-stage approach -- Up until now, we were considering
>     two approaches: single-stage (send encrypted and authenticated
>     service identifier, receive encrypted and authenticated service
>     response) and two-stage (send encryption and authenticated
>     identifier, receive encrypted and authenticated response, derive
>     secrets, send and receive subsequent queries encrypted using
>     derived secrets). There was consensus in the room to go with the
>     single-stage approach.
>     >
>     > 2) Use of TLS -- The single-stage approach no longer requires a
>     key exchange mechanism such as TLS. There was consensus in the
>     room that we do not need TLS as part of this protocol.
>     >
>     > 3) Evolution of documents -- It was proposed that we would take
>     all input and compound it into a single document and only advance
>     that one. We will use draft-ietf-dnssd-privacy since that document
>     has already been adopted by the working group. Christian Huitema
>     has offered for Bob Bradley to join as co-author if Bob would like.
>     >
>     > If you disagree with any of these points, please say so before
>     2018-12-02.
>     >
>     > Thanks,
>     > David
>     > _______________________________________________
>     > dnssd mailing list
>     > dnssd@ietf.org <mailto:dnssd@ietf.org>
>     > https://www.ietf.org/mailman/listinfo/dnssd
>     >
>     >
>     > _______________________________________________
>     > dnssd mailing list
>     > dnssd@ietf.org <mailto:dnssd@ietf.org>
>     > https://www.ietf.org/mailman/listinfo/dnssd
>
>     _______________________________________________
>     dnssd mailing list
>     dnssd@ietf.org <mailto:dnssd@ietf.org>
>     https://www.ietf.org/mailman/listinfo/dnssd
>
>
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd

v2.23.0 | Report a Bug | By Email