Re: [dnssd] dnssd privacy draft
Martin Thomson <martin.thomson@gmail.com> Mon, 27 June 2016 00:32 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 254C212D1AE for <dnssd@ietfa.amsl.com>; Sun, 26 Jun 2016 17:32:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sR8NM-qgUUMa for <dnssd@ietfa.amsl.com>; Sun, 26 Jun 2016 17:32:28 -0700 (PDT)
Received: from mail-qt0-x22a.google.com (mail-qt0-x22a.google.com [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70DEC12D1A5 for <dnssd@ietf.org>; Sun, 26 Jun 2016 17:32:28 -0700 (PDT)
Received: by mail-qt0-x22a.google.com with SMTP id w59so15615224qtd.3 for <dnssd@ietf.org>; Sun, 26 Jun 2016 17:32:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NjywjnYwN6DwHWm/VVu4WVbbAyenRSzi+hpdcaRyI0M=; b=FCpzHJbjrWHuLQTZkSJF6r14YCeBmlhbcBNZxw9Y0pLhxLN4e7CSXBqvIpSZMlm+AW 6D5CfDtWwobxYkcbStNfRj9/pAY54bTk7xTkLZhqhbNKp4GTBhdNzAv7Edy6X3BikK2I txmSPz0rSzb6Zqy4a0hNF14q8BMuc5+CS/j3RtbW2gxEkcNxuLYoxCAojXUamxp5eul6 leFKD5LAGoGrOWvPgLwV7ERTCnKoxoNqntaCX7dXTGuFjmy8og+4Ntak31V8dsLeK1z8 cM6zoRCdgsWvG2+J7Ij0z81qL6U1RQMxabU0Wn7vsUmuQKf/5AtK5GoWaUyrRNNb+JHm LdcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NjywjnYwN6DwHWm/VVu4WVbbAyenRSzi+hpdcaRyI0M=; b=KyO+Zdem1m98bZq+uZqKnvmEZs+8eJswo/BuOQrUvFYIQwGdKlFqoqvrBdgrus+cMx t+s7vktfKq58FlNQTivgjkuZCc9RBuLe4SJEqxMJXqItTNM7FX4QJUR9BSfzlcz12SGA hbLqTbN8KGkrJaAyQrW4d5kmm9xdFFzFRK6kxXNd4xVi4ERw8SSXH0lIAntN8aqOWt73 4rjWYu+12e61pL99tbMDYpwR2XuUbHQ1lJewLm4/XrgT0LXTFfN3W4MVc0vBuAMprul0 EiTO+2mPZsCrmrfJH1SUuR08wN5T262QwFEUJ7dUMz4ucW8PZXM/tzH0ofMgypGmC2m8 ediA==
X-Gm-Message-State: ALyK8tKpmdIyhwGBGmBMb8zASiioPV//nRXIB6TbVKYpOKsW8PMjw6Yk5dZFOmmKjSrhSi9iKQTMF+qS4+a2Dg==
X-Received: by 10.200.42.161 with SMTP id b30mr19761819qta.94.1466987547445; Sun, 26 Jun 2016 17:32:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.38 with HTTP; Sun, 26 Jun 2016 17:32:26 -0700 (PDT)
In-Reply-To: <04a901d1ce4e$52e056e0$f8a104a0$@huitema.net>
References: <CABkgnnU68Rwsy7Hn5jwCP7ytXh3MmGw_h4a_E8hjri0X_P3kWw@mail.gmail.com> <04a901d1ce4e$52e056e0$f8a104a0$@huitema.net>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 27 Jun 2016 10:32:26 +1000
Message-ID: <CABkgnnXrEW8tDvOzzyMPZT0KrUDvTX2MdNB7w5712ZbPNNOcUQ@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/W5ffmvVTqWWm2hhxa-f2ziobqRY>
Cc: Christian Huitema <huitema@microsoft.com>, dnssd@ietf.org
Subject: Re: [dnssd] dnssd privacy draft
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2016 00:32:30 -0000
On 25 June 2016 at 05:26, Christian Huitema <huitema@huitema.net> wrote: > Yes. The point is, do we have the appetite to design a pairing protocol in > this group? If we do, my preference would be to describe this pairing > protocol in a separate draft. Sounds like hard work :) Might be worth doing though. >> The requirement to use base64 isn't going to work very well with DNS. >> Or do you expect this to work anyway? I guess that it could if you use > the URL >> and filename safe variant without padding, but I wouldn't have been that > bold. > > It is already a requirement for DNS SD. OK, my fault for assuming that PTR meant that there was a domain name in the response. >> space, and 96 bits seems like plenty. > > Are you saying that specifically for the PSK identity encoding? The use of > time stamp there provides some level of protection against replay attacks, > described in section 6.5. Otherwise, servers will have to rely on extended > memory of previously used PSK identifiers. What sort of replay are you concerned about? An attacker can replay the ClientHello, and maybe the 0-RTT data that is included, but that's all. The simplest mitigation for that is to not permit 0-RTT; well, on the first attempt anyway. At that point, there is fresh entropy from the server every time. (I assume here that you aren't looking to aggressively shave every last RTT from the protocol; you just added a bunch with the indirection step.) (That point on resumption makes me think: you might want to add a fixed octet at the start of psk_identity so that a server can distinguish between nonces and its own resumption psk_identity values. It could distinguish based on length, I suppose, but that is a little inconvenient.) >> Also, you don't have to base64 the psk_identity, it's just octets, which > allows >> you to reclaim some of that space. > > Well, section 5.1. of RFC4279 says: "The PSK identity MUST be first > converted to a character string, and then encoded to octets using UTF-8 > [UTF8]." And I see the character string requirement enforced in some of the > TLS API. So base64 is just a way of being cautious. Damn you 4279 for adding useless constraints! TLS 1.3 says nothing of the sort about the field. Nonetheless, I understand the caution now.
- Re: [dnssd] dnssd privacy draft Daniel Kaiser
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Alf Watt
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Christian Huitema
- [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Tim Chown
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Christian Huitema