[dnssd] dnssd privacy draft
Martin Thomson <martin.thomson@gmail.com> Fri, 24 June 2016 00:23 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D76412D5CC for <dnssd@ietfa.amsl.com>; Thu, 23 Jun 2016 17:23:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i3nDxznDILP3 for <dnssd@ietfa.amsl.com>; Thu, 23 Jun 2016 17:23:11 -0700 (PDT)
Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C526012B042 for <dnssd@ietf.org>; Thu, 23 Jun 2016 17:23:10 -0700 (PDT)
Received: by mail-qk0-x231.google.com with SMTP id p10so128016384qke.3 for <dnssd@ietf.org>; Thu, 23 Jun 2016 17:23:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=nr3F034GZFW4PhxGZzeJ8EzU6KPM+zZ7PHV9fVmii8E=; b=IWveOJ2pbBYfrieitf7Sg0qFagJ714fZRVx/EsZ2ehiD7PaXioTHR5CHUj05KGY+J2 CABCgoB7BLdGVOER/0/lVyU9wFGoGWR9oweu7l+vM4/FMQoAPp0EfuW5aQk8oqy7Hi2o xLKf3fDBXu17/eZ1T/qNh6bOkzf+j/C3DUJbDMcstGunQ4uMeclUXwq7AggDSrMZlLqQ P/snDcevoLq8lDLrO+xPO81YuSiFZ/mtgJTuIhTHAOScEMYlBqw8JnKDjLvNQvO17zP2 HDTbL+exCB3pLCLocjLneGO9kRZLtuUYJRusBV7QhSLRMvkGU4da054OqwHS/Ih8BCLz Vdfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=nr3F034GZFW4PhxGZzeJ8EzU6KPM+zZ7PHV9fVmii8E=; b=lUNXN2aKPIwGtc2jgOaoK455dmcGu94SofEporfnQAVa0VjuBxXtuI3AF5mO4acfOp Z8mr0InCcgDqixdQ4QhDjkW5Ri6BqelUWnaHE5U8Chtd4jdTfOi7s0H90TxmpjRylzZI 4LoVo6iB7LduQvUO78wJ4okQ2I7CvmJYniGeef73uMV1RI7gCf1Dkz3u5VQvVxdEdDu1 OireRXEsBqWQrAwtIGwxvtLw/s2v6rSRHR8QPJ+74Djes4bNx3H/6PA8X8BsGcROCOoM zHiOOzHnwmnsvZdoDzUsEUOPpu2P2Z+L5i50Py1Rg/oS25Msd0eqwvt+b+6lRWaeto2u kKYg==
X-Gm-Message-State: ALyK8tJTChc6jONsCnmGDGeEqQCv0oDoZssgBJWJE0gTY/9LZta2iS1YMJ/A1REuNty8PpdjtDFbbt7K8YxF+g==
X-Received: by 10.55.118.196 with SMTP id r187mr1478188qkc.32.1466727789984; Thu, 23 Jun 2016 17:23:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.38 with HTTP; Thu, 23 Jun 2016 17:23:09 -0700 (PDT)
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 24 Jun 2016 10:23:09 +1000
Message-ID: <CABkgnnU68Rwsy7Hn5jwCP7ytXh3MmGw_h4a_E8hjri0X_P3kWw@mail.gmail.com>
To: Christian Huitema <huitema@microsoft.com>, dnssd@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/ZCGJTZMEPUuIFK8MpL-sIGm--Io>
Subject: [dnssd] dnssd privacy draft
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2016 00:23:13 -0000
Interesting work. I think that a lot of this comes down to the design of the pairing protocol. The requirement to use base64 isn't going to work very well with DNS. Or do you expect this to work anyway? I guess that it could if you use the URL and filename safe variant without padding, but I wouldn't have been that bold. Using base32 reduces the number of pairings you can advertise at once to 5; which isn't great, but I guess that you can use the mitigation you already have. But it begs the question: does this really need to be in the name? Did you consider retrieving the proofs using TXT records that are provisioned against the nonce? Do you need to include the time in the nonce? We decided against leaking clock information in TLS 1.3 for a range of reasons, primarily privacy. I believe that lots of entropy would be OK. It's not like we need to be very careful with space, and 96 bits seems like plenty. Also, you don't have to base64 the psk_identity, it's just octets, which allows you to reclaim some of that space. Did you consider using SNI to carry the name? Or did you plan to forbid SNI? You probably don't need to correlate the DNSSD parts with the TLS parts for passive observers. Regarding this: "Implementers MAY eventually replace SHA256 with a stronger algorithm", I think that you need a better replacement plan. Maybe you can use an attribute in the TXT record that identifies the hash. Or you could identify the scheme in the psk_identity itself. Or you could prefix names with a protocol version identifier. You could even use a different service type name if it came to that.
- Re: [dnssd] dnssd privacy draft Daniel Kaiser
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Alf Watt
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Christian Huitema
- [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Tim Chown
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Christian Huitema