Re: [dnssd] Any review of Threat model?
Hosnieh Rafiee <ietf@rozanak.com> Sat, 03 September 2016 18:31 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C4DD12B0A8 for <dnssd@ietfa.amsl.com>; Sat, 3 Sep 2016 11:31:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.507
X-Spam-Level:
X-Spam-Status: No, score=-1.507 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-1.508] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id omViACoohWaE for <dnssd@ietfa.amsl.com>; Sat, 3 Sep 2016 11:31:05 -0700 (PDT)
Received: from mail.rozanak.com (mail.rozanak.com [IPv6:2a01:238:42ad:1500:aa19:4238:e48f:61cf]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35922128E18 for <dnssd@ietf.org>; Sat, 3 Sep 2016 11:31:05 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mail.rozanak.com (Postfix) with ESMTP id B045C25CA27E for <dnssd@ietf.org>; Sat, 3 Sep 2016 18:31:02 +0000 (UTC)
X-Virus-Scanned: amavisd-new at rozanak.com
Received: from mail.rozanak.com ([127.0.0.1]) by localhost (mail.iknowlaws.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XFIGHuItdyEF for <dnssd@ietf.org>; Sat, 3 Sep 2016 20:30:32 +0200 (CEST)
Received: from p200300864F147D99A288B4FFFE18E5F0.dip0.t-ipconnect.de (p200300864F147D99F2DEF1FFFE58C5D4.dip0.t-ipconnect.de [IPv6:2003:86:4f14:7d99:f2de:f1ff:fe58:c5d4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.rozanak.com (Postfix) with ESMTPSA id 984B725CA242 for <dnssd@ietf.org>; Sat, 3 Sep 2016 20:30:32 +0200 (CEST)
To: dnssd@ietf.org
References: <56FFE286.9010304@rozanak.com> <20160404191306.GA36990@anvilwalrusden.com> <5702C4D3.5070500@rozanak.com> <20160404200942.GE36990@mx2.yitter.info> <5702D220.2000501@rozanak.com> <20160404215837.GE37449@mx2.yitter.info> <FDB081BB-DF8C-4C25-8766-89CD565AF2DB@jisc.ac.uk>
From: Hosnieh Rafiee <ietf@rozanak.com>
Message-ID: <59eff740-de2c-65b1-26ab-06dba5cc2b09@rozanak.com>
Date: Sat, 03 Sep 2016 20:30:32 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <FDB081BB-DF8C-4C25-8766-89CD565AF2DB@jisc.ac.uk>
Content-Type: multipart/alternative; boundary="------------F6EF2B2FC51783E2CF280B63"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/Opb584Ae_O9tOTz4dB91uMZuL0A>
Subject: Re: [dnssd] Any review of Threat model?
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Sep 2016 18:31:07 -0000
All, Is there anybody who likes to contribute to this draft and help to fininlize it and address the final comments? Thanks, Best, Hosnieh On 07/12/2016 01:07 PM, Tim Chown wrote: > Hi, > > We have some time at the end of the session in Berlin to discuss the future of the DNSSD Threats draft, as per https://tools.ietf.org/html/draft-otis-dnssd-scalable-dns-sd-threats-03 > > At present, there are outstanding unresolved comments at least from Andrew Sullivan, from the thread below, and as archived in the mail list archive at https://mailarchive.ietf.org/arch/search/?email_list=dnssd&gbt=1&index=H-BRUJFcg_aBLMtA3l3Pfh8CYns. > > Doug is currently not available to work on the document, so if it is to be progressed Hosnieh will be looking for additional volunteers. > > Comments in advance of the meeting are welcome. > > Tim > > > >> On 4 Apr 2016, at 22:58, Andrew Sullivan <ajs@anvilwalrusden.com> wrote: >> >> Hi, >> >> On Mon, Apr 04, 2016 at 10:44:16PM +0200, Hosnieh Rafiee wrote: >> >>> The threat is the scope of discovery where causes the services to be >>> available to unwanted domains and most part of this draft emphasis on these >>> kinds of threats. >> So, then, two things: >> >> 1. DNS-SD does not in fact do anything at all to make the >> services available on the Internet. They're already available. >> >> 2. It sounds like your document is better described as, >> "Consequences of exposing previously-unannounced services via >> DNS-SD". If that's what you're trying to do, then making that >> scope crystal clear at the beginning (like for instance, in the >> abstract) would be good. >> >> I still believe the document would benefit from really signficant >> reorganization, but at least making its goal way clearer would help. >> >>> DNS. But I quite disagree with you because when it is exposed on global DNS >>> server, it can go beyond even the wanted scope that might be defined on edge >>> routers because normally the DNS queries are not filtered on the network >>> edge devices because of enabling clients to use DNS services or enabling >>> outsiders to query the names on global DNS servers inside their networks and >>> map names. That means, any external attacker can also query this global DNS >>> server and can retreive the name of services. >> So, DNS-SD is about service discovery. So it's not too surprising >> that services that are already available are easier to discover when >> DNS-SD is in use. That actually does strike me as a potentially >> useful point to make. >> >>> Our most emphasis was on homenet services. that means the global DNS server >>> for homenet is somewhere on ISPs and not inside the enterprise. >> Or in the house, or whatever. AFAIK, HOMENET hasn't even established >> the architecture for this yet. >> >>> all the users of that ISPs can access the services of other users in that >>> ISPs as well as external people. >> That doesn't follow at all. There are _lots_ of named services in my >> home net that you can't access, because if you try I'll drop your >> packets at the edge of my network. Merely knowing the name of >> something does not guarantee access. >> >> Now, knowing the name of something _is_ knowing something that >> previously one might not have known about. And if the thing is >> unsecured, it is of course accessible too. Given that the whole point >> is remote access, however, I can't see how the right answer to that >> is, "Don't permit service discovery." The _whole point_ is service >> discovery. >> >>> In other word, it is not only your fileserver that is available >>> to you over global DNS server but also to anyone else in the world. >> Well, yes. Of course. Presumably this is what authentication and >> authorization is for. >> >>> This is >>> why in draft we clearly said that .home domains (that are on going >>> discussion in homenet groups) should be restricted to use global DNS server. >> This is a completely different issue, unrelated to any of the above. >> (A globally-ambiguous name akin to RFC 1918 addresses is not obviously >> a good idea anyway, but regardless its functioning in the global DNS >> is bound to be obscure.) >> >>> You can, of course, define it as policy. In my understanding, this policy >>> is a part of the protocol >> I think your understanding is quite mistaken. There is nothing in >> IDNA to prevent a single label having in it "a" (U+0061) and "а" >> (U+0430). They're both PVALD. I know of no consumer-grade software >> in the world that doesn't use the very same bits on the screen to >> render those two characters. They're as confusable as can possibly >> be, and there is nothing whatsoever in any protocol to prevent them >> being used in a way that is possibly confusing to users. >> >>> definition of using such capacity for DNSSD protocol. In other word, the >>> possible problems arises on DNSSD services by using variety of look alike >>> names that need to be take into consideration that at the moment it is not. >> So, andrews-laptop.local. and аndrews-laptop.local exhibit this >> problem, I agree. (The second of those has the Cyrillic "a" in it.) >> >> Certainly, anvilwalrusden.com and аnvilwalrusden.com have the same >> problem. (Again, second one is Cyrillic -- >> xn--nvilwalrusden-v1k.com). Fortunately for us, Verisign doesn't >> permit domain names of the second form (because the U-label >> "аnvilwalrusden" is not all in one script). This is a policy that Verisign has. >> >> There is, however, nothing at all in Verisign's policy to prevent me >> from creating аndrews-laptop.anvilwalrusden.com >> (xn--ndrews-laptop-v1k.anvilwalrusden.com). And there's nothing in >> the protocol to prevent it. If you want to say, "Mixed script labels >> are not allowed anywhere in the DNS," I think you're going to have >> some push-back. >> >> Best regards, >> >> A >> >> -- >> Andrew Sullivan >> ajs@anvilwalrusden.com >> >> _______________________________________________ >> dnssd mailing list >> dnssd@ietf.org >> https://www.ietf.org/mailman/listinfo/dnssd > _______________________________________________ > dnssd mailing list > dnssd@ietf.org > https://www.ietf.org/mailman/listinfo/dnssd
- [dnssd] Any review of Threat model? Hosnieh Rafiee
- Re: [dnssd] Any review of Threat model? Andrew Sullivan
- Re: [dnssd] Any review of Threat model? Hosnieh Rafiee
- Re: [dnssd] Any review of Threat model? Andrew Sullivan
- Re: [dnssd] Any review of Threat model? Hosnieh Rafiee
- Re: [dnssd] Any review of Threat model? Andrew Sullivan
- Re: [dnssd] Any review of Threat model? Tim Chown
- Re: [dnssd] Any review of Threat model? Hosnieh Rafiee