IETF Logo Mail Archive

Re: [dnssd] Stephen Farrell's No Objection on draft-ietf-dnssd-requirements-05: (with COMMENT)

Kerry Lynn <kerlyn@ieee.org> Fri, 13 March 2015 20:41 UTC

Return-Path: <kerlyn2001@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E653D1A7003; Fri, 13 Mar 2015 13:41:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Level:
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nrKP8NsQ2Koy; Fri, 13 Mar 2015 13:41:17 -0700 (PDT)
Received: from mail-ob0-x232.google.com (mail-ob0-x232.google.com [IPv6:2607:f8b0:4003:c01::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C4381A7007; Fri, 13 Mar 2015 13:41:17 -0700 (PDT)
Received: by obcvb8 with SMTP id vb8so22195450obc.10; Fri, 13 Mar 2015 13:41:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=kB1PHIR8oIWWSBvXyB0rON/xW4YGJsfAZrwErOq1FUE=; b=IoyzSk1GGZi1JuSmVbdXHRfd5W4pLlfJTougdFGsyYutYVDw3BdrD+D555/unT8HNL sZGfOYVtXcUEZZTYl9iCERi5R+UNpocScDAPU8m5Eb97vAB8ZLktAObB4SS6QAlE/buO BbVM32VCcFnZ0S8U0rTBMBEM/r+q9/yuJc5+CeIiPD0tt9kKZhtFcv1C7D3gNc5AT9iH cFX2p0KpUmncFzLMpoS2rMcu2mXdzlld/tuJAQyIG+LqGmRDahJ3JblIOp3EhXSa+kcQ N36xWWT+XLKHOiCzgD31UQd9QQygScwKqdNVyciHKAXUFJipIOmFVrhR7+cYmg8Xo9B+ PExg==
MIME-Version: 1.0
X-Received: by 10.182.119.232 with SMTP id kx8mr5969obb.37.1426279276963; Fri, 13 Mar 2015 13:41:16 -0700 (PDT)
Sender: kerlyn2001@gmail.com
Received: by 10.60.11.136 with HTTP; Fri, 13 Mar 2015 13:41:16 -0700 (PDT)
In-Reply-To: <83452A4F-D738-43D5-85FD-316B0DC8509F@gmail.com>
References: <20150310230433.13239.32024.idtracker@ietfa.amsl.com> <83452A4F-D738-43D5-85FD-316B0DC8509F@gmail.com>
Date: Fri, 13 Mar 2015 16:41:16 -0400
X-Google-Sender-Auth: S_Wmd9aEg4j1l_RUF5hk8YyKqIE
Message-ID: <CABOxzu1Fq=O_4xtWUXFB82=fudhTE2Qd0FyD1wSRntsLaEiJiQ@mail.gmail.com>
From: Kerry Lynn <kerlyn@ieee.org>
To: Douglas Otis <doug.mtview@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c2f43aa76eaa051131859c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/aVrvLyFKpZ1Rf3JFqDzeBDmrQ0s>
Cc: dnssd-chairs@ietf.org, draft-ietf-dnssd-requirements.all@ietf.org, dnssd@ietf.org, Tim Chown <tjc@ecs.soton.ac.uk>, The IESG <iesg@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [dnssd] Stephen Farrell's No Objection on draft-ietf-dnssd-requirements-05: (with COMMENT)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 20:41:20 -0000

On Thu, Mar 12, 2015 at 2:24 PM, Douglas Otis <doug.mtview@gmail.com> wrote:

>
> > On Mar 10, 2015, at 4:04 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
> >
> > Stephen Farrell has entered the following ballot position for
> > draft-ietf-dnssd-requirements-05: No Objection
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > http://datatracker.ietf.org/doc/draft-ietf-dnssd-requirements/
> >
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> >
> > - section 6 intro: I'm not sure I buy that the set of relevant
> > threats is only a union as stated. There are often new threats
> > in new environments.
> >
>
<KEL> The current text reads "likely to include the union...", not "only
the union..."

> - 6.6: I think one can also leak private information by
> > searching in too broad a scope, e.g. if the client can be
> > fingerprinted allowing re-identification. I think that's
> > different from the example given, and maybe worth noting too.
>
> <KEL> The current plan is to produce a separate security threats document;
see
https://tools.ietf.org/id/draft-rafiee-dnssd-mdns-threatmodel-01.txt.  We
will make
sure to include this issue (although I'm not sure at this point if/how a
DNS-SD
query would differ significantly from a DNS query in that respect).

I feel that the current Requirements draft represents a consensus of the WG
(but
not unanimity, as can be seen below):

 Dear Stephen,
>
> I agree with your statement and, based on our tests, these concerns are
> very real!
>
> IPv6 can not be defended in the same manner as with IPv4.  With Homenet, an
> effort was made to ensure address selection preferences critical when
> publishing addresses within DNS but omitted from the requirements
> documents.
>
> <KEL> Doug, can your concern be addressed by specifically stating a
requirement
that advertising a service in the global internet should be an opt-in
decision of the
user, as suggested by Benoit?

>
> The statement made in Section 6.1 is poorly considered.
> ,--
> Section 6.1
>  ...
>  Note that discovery of a service does not necessarily imply that the
>  service is reachable by, or can be connected to, or can be used by, a
>  given client.  Specific access control mechanisms are out of scope of
>  this document.
> '---
>
> <KEL> Let's take these "poorly considered" assertions one-by-one:
  - reachable (a route may not exist to the advertised address)
  - connected to (the device may be offline)
  - used by (the user of the service may lack authorization)
  - access control is out of scope (not in our charter)
Which of these do you specifically have an issue with?

Or the false statement:
> ,--
> 6.5.  Access Control
>  ...
>  While controlling access to an advertised service is outside the
>  scope of DNS-SD, we note that access control today often is provided
>  by existing site infrastructure (e.g., router access control lists,
>  firewalls) and/or by service-specific mechanisms (e.g., user
>  authentication to the service).  For example, networked printers can
>  control access via a user-id and password.  Apple's software supports
>  such access control for USB printers shared via Mac OS X Printer
>  Sharing, as do many networked printers themselves.  So the reliance
>  on existing service-specific security mechanisms (i.e. outside the
>  scope of DNS-SD) does not create new security considerations.
> '---
>
> Most printers DO NOT offer user-id/password access mechanisms and often
> IPv6 support removes access control lists.  Homenet and Apples BTMM
> make use of an important overlay approach being ignored both here and with
> the the insecure UPnP. For this protocol to safely interoperate, an
> overlay approach must be supported.  This approach might use ULAs, for
> example. For this to work properly, locally defined addresses must be
> preferred when publishing in DNS.
>
> As previously presented, it is minor fix to correct this oversight.
>
> <KEL> Doug, you have had ample opportunity to argue your position before
the WG and again during WGLC.  Your concern has been duly noted, but it
is not the consensus of the WG to mandate a particular solution in an
*informative* requirements draft.

To your point about specific devices lacking access control mechanisms, my
personal response would be to a) mitigate that problem with an appliance
(such
as described in
http://spectrum.ieee.org/telecom/security/how-to-build-a-safer-internet-of-things
),
b) put it behind a device that implements access control (e.g. a Mac- or
PC-to-
USB print server), c) get a printer that supports access control (yes, they
do exist),
or d) don't advertise the service beyond the local link.

Note that in the topologies we're specifically targeting (enterprise,
higher ed)
implementing an overlay is no guarantee that an adversary with access to the
network won't be able to use your consumables (ink & paper).

Regards, Kerry Lynn

Regards,
> Douglas Otis
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd
>

v2.23.0 | Report a Bug | By Email