Re: [dnssd] Any review of Threat model?
Andrew Sullivan <ajs@anvilwalrusden.com> Mon, 04 April 2016 20:10 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10E6312D86F for <dnssd@ietfa.amsl.com>; Mon, 4 Apr 2016 13:10:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ruXISQhX-5qK for <dnssd@ietfa.amsl.com>; Mon, 4 Apr 2016 13:10:21 -0700 (PDT)
Received: from mx2.yitter.info (mx2.yitter.info [IPv6:2600:3c03::f03c:91ff:fedf:cfab]) by ietfa.amsl.com (Postfix) with ESMTP id 41FF012D88C for <dnssd@ietf.org>; Mon, 4 Apr 2016 13:09:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx2.yitter.info (Postfix) with ESMTP id E526B10B21 for <dnssd@ietf.org>; Mon, 4 Apr 2016 20:09:46 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx2.yitter.info ([127.0.0.1]) by localhost (mx2.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ACuv97DQkXGq for <dnssd@ietf.org>; Mon, 4 Apr 2016 20:09:46 +0000 (UTC)
Received: from mx2.yitter.info (dhcp-b2a2.meeting.ietf.org [31.133.178.162]) by mx2.yitter.info (Postfix) with ESMTPSA id 9E6BD10AB6 for <dnssd@ietf.org>; Mon, 4 Apr 2016 20:09:45 +0000 (UTC)
Date: Mon, 04 Apr 2016 16:09:42 -0400
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnssd@ietf.org
Message-ID: <20160404200942.GE36990@mx2.yitter.info>
References: <56FFE286.9010304@rozanak.com> <20160404191306.GA36990@anvilwalrusden.com> <5702C4D3.5070500@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5702C4D3.5070500@rozanak.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/eObDoGrv0d-0pH4FVAqE8LR9f7c>
Subject: Re: [dnssd] Any review of Threat model?
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 20:10:24 -0000
Hi, On Mon, Apr 04, 2016 at 09:47:31PM +0200, Hosnieh Rafiee wrote: > >Different issues all seem to be treated as "threats" without any way > >of telling who is threatened, how, or how severely. > I am a bit confused with your sentence. I might be wrong, but usually we > only specify what are the possible problems or threats but we do not care > who is the attacker. we just identify the holes in the protocol but not who > will use this hole to attack the system... so I am not sure what or who you > wanted to see. I'm trying to understand what the threat is from a practical point of view. For instance, there is a claim in the draft about exfiltration. The truth is that, if you're running split-horizon DNS, you _already_ have this problem. Therefore, the risk is at worst that there are more queries that contain such leaks. I don't know whether that's worse, but I confess I'm pretty sceptical; but those kinds of considerations need to be laid out. It simply isn't true that we just list the threats. We try to lay out the threats, their severity, the liklihood that they'll happen, and so on. Listing all the threats in the world would not be useful. > 2.1.2.1 threat relates to defining a critical service when look-alike name > detection becomes problematic. > Unlike DNS, mDNS assumes visual selection IDNA and/or raw UTF-8 allows for > many possible representations of the same visual representation. By > allowing all the different representations allowed, this allows look alike > names. this is why IDNA should be limited for mDNS because there might be > different services with look alike names that cannot be easily determined. I'm sorry, but this is just false. First, the problem already exists with plain LDH, because of l and 1. Second, you can trivially recreate these problems in IDNA2008 -- Latin-A and Cyrillic-A are the usual example, but there are many such cases all of which are legal in IDNA. "Look alike names" are a problem now, with the existing DNS-SD specification and with other cases (like following links). All of the rules to solve that -- using mDNS or DNS or YourNewResolutionProtocol -- need to have these things handled by policy. If the only point is, "Some policy controls are needed here," say that. But either this is no more of an issue than any other i18n issue on the Internet, or else there is something peculiar about this case that makes it more of an issue. There's been no effort AFAICT to show that the "more of an issue" case is what is going on here. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com
- [dnssd] Any review of Threat model? Hosnieh Rafiee
- Re: [dnssd] Any review of Threat model? Andrew Sullivan
- Re: [dnssd] Any review of Threat model? Hosnieh Rafiee
- Re: [dnssd] Any review of Threat model? Andrew Sullivan
- Re: [dnssd] Any review of Threat model? Hosnieh Rafiee
- Re: [dnssd] Any review of Threat model? Andrew Sullivan
- Re: [dnssd] Any review of Threat model? Tim Chown
- Re: [dnssd] Any review of Threat model? Hosnieh Rafiee