Re: [dnssd] Working Group Last Call - draft-ietf-dnsop-session-signal

Ted Lemon <mellon@fugue.com> Wed, 07 February 2018 16:24 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A87A412D7FC for <dnssd@ietfa.amsl.com>; Wed, 7 Feb 2018 08:24:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WEQWP749z5DF for <dnssd@ietfa.amsl.com>; Wed, 7 Feb 2018 08:24:00 -0800 (PST)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39E7512D7FB for <dnssd@ietf.org>; Wed, 7 Feb 2018 08:24:00 -0800 (PST)
Received: by mail-qt0-x22e.google.com with SMTP id d8so2387453qtm.0 for <dnssd@ietf.org>; Wed, 07 Feb 2018 08:24:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=q9FMewqdQx+KfMnYzTh8rqGpFUQkCAz391L6Iio+MmE=; b=DXFZbL6ORZLr0d25Q/DPmcWeT87Vzk1/Gon9VpCetokCsnohDux92ac/QCFszR6/n+ i+Vn4qnyIiTv7yumrPTw7+HQ/hjGbJioW6UgIHwlez15Gc7FPF2pXCQoGRlMf05LR2q7 ao12CJK4YSja2fGnzJfQqTcMHU/t1uF5EbDjHA3OSVKkfuAfWkMxNe9kRM41gwFzz2+x 1oDq6NMEs+as4016H26cEuiPL41oEHTAVwb1mkXcYoJFEbLr6oP5Ke4FMHJnpGVZcf5G JkGlGDVLksbcr3p5o9oUhlPgyTaHSd7ZPvQ5T28NEauwP9f9EVUL5O26hCzoZN9Cqhx7 3HkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=q9FMewqdQx+KfMnYzTh8rqGpFUQkCAz391L6Iio+MmE=; b=OOYOyQzrZmlwqBWL2FB6KwJ3yGXTQnAmraWFgDf33ngtxeJ17teisikLVRHOvZNQSP v12xmvcuYyOYloOvkoHH477DSztzAkoHG+g8xW3AVlMKlLNX0xQ5/3F25wgAjSEd0X5z hMVUHPTBP28WoB8rnuAM3ns7yPlPDgj3VQ062JNN/DYDMp1z1iGLkDNfnoCMCFt4x5wj ncm+7LD+dfTZxKAjuNKCAtmjyTiSWawyUFXm74KdpXGWO4iluR7GEat/Pk0RLfX8K+XR FHc0CbO6CpqbL6/MzGZCY6HF6NiLftzXzHT83NUQNTQXfJ6NcsVcT7OR2b5I/bPPxVcc I54g==
X-Gm-Message-State: APf1xPDIKDMBk3+dV73GsXwWwBiDpjQ5g4TG7R7Ux201CbTo+0AtobO9 DX+PdtIJKKiXsAcO85Bmbayesw==
X-Google-Smtp-Source: AH8x225WJza/O7omwknq0HHwJiqV9HYORrxdiQDZvBpYgYEPnFuvJPm5KkRBI86M6Skna4HKt8wUzQ==
X-Received: by 10.200.49.205 with SMTP id i13mr9633792qte.116.1518020639351; Wed, 07 Feb 2018 08:23:59 -0800 (PST)
Received: from cavall.lan (c-24-60-163-103.hsd1.ma.comcast.net. [24.60.163.103]) by smtp.gmail.com with ESMTPSA id d5sm1306334qtd.91.2018.02.07.08.23.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Feb 2018 08:23:58 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <D8042191-6C45-4AA1-B98F-B85797B9EE51@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0F5470E6-7113-4A8D-8A8B-A299952359E5"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Wed, 7 Feb 2018 11:23:57 -0500
In-Reply-To: <20180207142201.e3mobmoal43wkh3c@nic.fr>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>, doh@ietf.org, dnssd@ietf.org
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
References: <CADyWQ+GsU9dL8D58Eko0w9mVRMMTZ7f9NQKx3a0XS7oUGHjniQ@mail.gmail.com> <20180207142201.e3mobmoal43wkh3c@nic.fr>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/UNY7Sh4cXk2TePz3-qB1U-NOEfw>
Subject: Re: [dnssd] Working Group Last Call - draft-ietf-dnsop-session-signal
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 16:24:03 -0000

On Feb 7, 2018, at 9:22 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
> The intention of this specification is to enable stateful information
> (connection parameters and DNS data) directly related to the DSO
> Session to be transmitted. This creates trackable state and prevents
> queries from coming from successive privacy addresses, as could be the
> case with regular DNS queries, for a privacy-conscious client. Before
> using DSO (or any kind of long-lived DNS sessions), this consequence
> should be taken into account. The risk is partially mitigated by using
> encryption (which protects against sniffing by a third-party, but not
> against logging by the server.)
> 
> The design of new TLV must also avoid adding any information that
> could make this tracking easier.

Thanks for this text.   I am pretty happy with it; the only thing I'd be tempted to change would be the last sentence, which I would state this way instead:

When designing new TLVs, the potential for the TLV to be used as a tracking identifier should be taken into consideration, and should be avoided when not required.

I say this because in some cases it's perfectly fine to know who you're talking to; e.g. in draft-sctl-dnssd-mdns-relay-02, I specified the use of TLS client authentication, because hybrid relays are network infrastructure.   Although this is happening at the TLS layer and not the session signaling layer, it's effectively the same thing.

Your other comments all make sense to me—thanks for the thorough review and particularly for suggesting text and not just saying "you should change this text."   :)