Re: [dnssd] Fwd: New Version Notification for draft-huitema-dnssd-tls-privacy-00.txt

Bob Bradley <bradley@apple.com> Mon, 11 March 2019 04:56 UTC

Return-Path: <bradley@apple.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72CEE130F04 for <dnssd@ietfa.amsl.com>; Sun, 10 Mar 2019 21:56:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLDQwFdrSiQx for <dnssd@ietfa.amsl.com>; Sun, 10 Mar 2019 21:55:58 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp03.apple.com (ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D357130EF1 for <dnssd@ietf.org>; Sun, 10 Mar 2019 21:55:58 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp03.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp03.apple.com (8.16.0.27/8.16.0.27) with SMTP id x2B4pg3P058738; Sun, 10 Mar 2019 21:55:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=mime-version : content-type : sender : from : message-id : subject : date : in-reply-to : cc : to : references; s=20180706; bh=1bhMaMCULCkUzSYW99K+5xv8TqLF5L+0aoY2ze9sDrk=; b=KvLGYgnOvauYd3kpM4D7kycjJBKY9/qki4hW4ZwiHPxKuWw2/GlQxb5zMrIm2oIbl34p ZAEiT0QfXNX7R9sGPzeM55jBQZC/tfpZ/Jd0UmsjCEKkeSUUr8BRvudYO125muvuskjs Qw14/qwjewcnAZcqFDyIzIHkBsI3ZsD61Sfdfw2GyjflQs1UdFR3ce/Ul/p1abcw+/GX QPryiSKzmrzy895Om3WARrq2Yvb5bW8cQrXUTWQIwKlfTm0aGzH0IhbBLI8lHu89vy30 8YMHspnVKyLHvWK2WYPRW4mAgKSBpy1YtzKTXCKv6y5NRuQQUcyNeLiW8l3UZ1y7kFHm sw==
Received: from ma1-mtap-s02.corp.apple.com (ma1-mtap-s02.corp.apple.com [17.40.76.6]) by ma1-aaemail-dr-lapp03.apple.com with ESMTP id 2r4dc3dk7d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sun, 10 Mar 2019 21:55:51 -0700
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_308n5QGSILivJlds5c8KhQ)"
Received: from nwk-mmpp-sz09.apple.com (nwk-mmpp-sz09.apple.com [17.128.115.80]) by ma1-mtap-s02.corp.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPS id <0PO600CTTR13X210@ma1-mtap-s02.corp.apple.com>; Sun, 10 Mar 2019 21:55:51 -0700 (PDT)
Received: from process_milters-daemon.nwk-mmpp-sz09.apple.com by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) id <0PO600300Q1FQT00@nwk-mmpp-sz09.apple.com>; Sun, 10 Mar 2019 21:55:51 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 058bbac8ca772bcfc9e38720b87faa94
X-Va-E-CD: 1d0bcb06104f6ef6c8d207c9abde8e01
X-Va-R-CD: 1766e3bf804fb0608209bc33f08e9ab8
X-Va-CD: 0
X-Va-ID: 0b6e0efa-6d48-401c-bc45-efdcc40281b7
X-V-A:
X-V-T-CD: 058bbac8ca772bcfc9e38720b87faa94
X-V-E-CD: 1d0bcb06104f6ef6c8d207c9abde8e01
X-V-R-CD: 1766e3bf804fb0608209bc33f08e9ab8
X-V-CD: 0
X-V-ID: 8029a0e6-dd5e-4384-82f5-e0d5d0aa172d
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-03-11_05:,, signatures=0
Received: from [17.234.9.252] by nwk-mmpp-sz09.apple.com (Oracle Communications Messaging Server 8.0.2.3.20181024 64bit (built Oct 24 2018)) with ESMTPSA id <0PO6003PZR10G370@nwk-mmpp-sz09.apple.com>; Sun, 10 Mar 2019 21:55:49 -0700 (PDT)
Sender: bradley@apple.com
From: Bob Bradley <bradley@apple.com>
Message-id: <C1B9DD22-52B0-4292-AFDE-698E3CE24DAB@apple.com>
Date: Sun, 10 Mar 2019 21:55:47 -0700
In-reply-to: <14d1ad00-61de-af75-8a8f-3e5bcf1fa1ef@huitema.net>
Cc: dnssd <dnssd@ietf.org>
To: Christian Huitema <huitema@huitema.net>
References: <155227670562.31093.3624881391252354593.idtracker@ietfa.amsl.com> <14d1ad00-61de-af75-8a8f-3e5bcf1fa1ef@huitema.net>
X-Mailer: Apple Mail (2.3445.104.2)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-03-11_05:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/dsKemUVJtOBAJ1JOH8tDAQ1DFbo>
Subject: Re: [dnssd] Fwd: New Version Notification for draft-huitema-dnssd-tls-privacy-00.txt
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 04:56:02 -0000

It looks like this is intended to find a specific server on the network using that server's discovery key to encrypt the request. If the client doesn't know which servers might be on the network, would it need to send a multicast packet for each server it has a key for? For example, if I'm paired with 20 devices then when discovery starts, would I send 20 multicast packets?

Are there plans for a mechanism to announce the availability of a server? For example, if I start discovery (which sends an initial batch of multicast packets) and then a few seconds later a server becomes available, will server have a way to notify the client of its availability?

> On Mar 10, 2019, at 9:01 PM, Christian Huitema <huitema@huitema.net> wrote:
> 
> This is my prototype design of private discovery using TLS/ESNI. I will try having an actual prototype in place before Prague.
> 
> -- Christian Huitema
> 
> 
> 
> -------- Forwarded Message --------
> Subject:	New Version Notification for draft-huitema-dnssd-tls-privacy-00.txt
> Date:	Sun, 10 Mar 2019 20:58:25 -0700
> From:	internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>
> To:	Daniel Kaiser <daniel.kaiser@uni-konstanz.de> <mailto:daniel.kaiser@uni-konstanz.de>, Christian Huitema <huitema@huitema.net> <mailto:huitema@huitema.net>
> 
> 
> A new version of I-D, draft-huitema-dnssd-tls-privacy-00.txt
> has been successfully submitted by Christian Huitema and posted to the
> IETF repository.
> 
> Name: draft-huitema-dnssd-tls-privacy
> Revision: 00
> Title: Private Discovery with TLS-ESNI
> Document date: 2019-03-10
> Group: Individual Submission
> Pages: 12
> URL: https://www.ietf.org/internet-drafts/draft-huitema-dnssd-tls-privacy-00.txt <https://www.ietf.org/internet-drafts/draft-huitema-dnssd-tls-privacy-00.txt>
> Status: https://datatracker.ietf.org/doc/draft-huitema-dnssd-tls-privacy/ <https://datatracker.ietf.org/doc/draft-huitema-dnssd-tls-privacy/>
> Htmlized: https://tools.ietf.org/html/draft-huitema-dnssd-tls-privacy-00 <https://tools.ietf.org/html/draft-huitema-dnssd-tls-privacy-00>
> Htmlized: https://datatracker.ietf.org/doc/html/draft-huitema-dnssd-tls-privacy <https://datatracker.ietf.org/doc/html/draft-huitema-dnssd-tls-privacy>
> 
> 
> Abstract:
> DNS-SD (DNS Service Discovery) normally discloses information about
> both the devices offering services and the devices requesting
> services. This information includes host names, network parameters,
> and possibly a further description of the corresponding service
> instance. Especially when mobile devices engage in DNS Service
> Discovery over Multicast DNS at a public hotspot, a serious privacy
> problem arises.
> 
> We propose to solve this problem by developing a private discovery
> profile for UDP based transports using TLS, such as DTLS and QUIC.
> The profile is based on using the Encrypted SNI extension. We also
> define a standalone private discovery service, that can be combined
> with arbitrary applications in the same way as DNS-SD.
> 
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat
> 
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd