Re: [dnssd] Fwd: New Version Notification for draft-huitema-dnssd-tls-privacy-00.txt
Christian Huitema <huitema@huitema.net> Mon, 11 March 2019 07:14 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id BE298131115
for <dnssd@ietfa.amsl.com>; Mon, 11 Mar 2019 00:14:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id L6D3qO-eMGn0 for <dnssd@ietfa.amsl.com>;
Mon, 11 Mar 2019 00:14:29 -0700 (PDT)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com
[209.126.121.30])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id CF48313104F
for <dnssd@ietf.org>; Mon, 11 Mar 2019 00:14:28 -0700 (PDT)
Received: from xsmtp31.mail2web.com ([168.144.250.234]
helo=xsmtp11.mail2web.com)
by mx12.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.89) (envelope-from <huitema@huitema.net>) id 1h3F8b-0007fD-OE
for dnssd@ietf.org; Mon, 11 Mar 2019 08:14:23 +0100
Received: from [10.5.2.13] (helo=xmail03.myhosting.com)
by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32)
(Exim 4.63) (envelope-from <huitema@huitema.net>) id 1h3F8T-000403-3X
for dnssd@ietf.org; Mon, 11 Mar 2019 03:14:10 -0400
Received: (qmail 25161 invoked from network); 11 Mar 2019 07:14:07 -0000
Received: from unknown (HELO [192.168.1.103])
(Authenticated-user:_huitema@huitema.net@[172.56.42.166])
(envelope-sender <huitema@huitema.net>)
by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA
for <dnssd@ietf.org>; 11 Mar 2019 07:14:06 -0000
To: Bob Bradley <bradley@apple.com>
Cc: dnssd <dnssd@ietf.org>
References: <155227670562.31093.3624881391252354593.idtracker@ietfa.amsl.com>
<14d1ad00-61de-af75-8a8f-3e5bcf1fa1ef@huitema.net>
<C1B9DD22-52B0-4292-AFDE-698E3CE24DAB@apple.com>
<2f106571-676b-8852-5c3e-38601306f2f1@huitema.net>
<D2A9DCCA-C61C-42BD-BDAD-D18EFBAE9C3C@apple.com>
From: Christian Huitema <huitema@huitema.net>
Openpgp: preference=signencrypt
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata=
mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS
HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO
I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy
IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ
olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB
AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC
UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m
VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf
wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3
6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0
D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd
6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV
CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG
5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ
bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o
G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y
wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb
LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c
YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az
tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w
uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq
4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz
BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT
u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST
Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7
jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw
Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY
1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <179f5539-d336-6497-c027-c03686bef08c@huitema.net>
Date: Mon, 11 Mar 2019 00:14:07 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <D2A9DCCA-C61C-42BD-BDAD-D18EFBAE9C3C@apple.com>
Content-Type: multipart/alternative;
boundary="------------C6070D02B6C410B164959525"
Content-Language: en-US
X-Originating-IP: 168.144.250.234
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass
smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.19)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5oYmgFk0lva2xGNaaAkb4MN602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx
q3u0UDjvOzXMPpKBnlzcICbdbWbUSKtVjyn5UrUp4n4yKOOaq9AxxSu5A18p74AZnBvdZAHiClDj
fzzJ6O8jiVhZi+WiYeCsScX6I9Dl5i6VrUM1b/j56H4LNdLx5R4LmAS6U2pDgU5EpHPznVavQp4h
1cyzxbQFXqQgkkYk8mNUb0+uxPxhwZ+JqwRq4dm7gx9VmMD3oQl+86MkQJ6nrl0gGH3bP6cMPaBP
aKeQW+/QlaOdv8isl/qMm08Zpim2AHUKEWvQ6G/bWfgucjnNmABpGhD9TTttrFCuZ0NkwnSz2Luu
o1u9uevuNfM1HjkNEFwape+IgNezYqxGMqsKjARq8PBC4qjMauXIUif1JzGdiG0o4ggCmdySlZou
9qHIGOZDEEo7Oyc1nq0gsY582CWqKjiRB3ukywmZtiDkyd4mEBjJGGEJE2d52fY0d/1mkgffWkdO
4QEiRQv+PVjjwa+Z5RFCOMRUrRLEbmN2hOWkm+jjl7mqPwUimsNGvJJilSn4u6QSZA729fga3ljs
oXrqCrRpoows95DGoDQyh90npG6wuAU16Y3oZJdQ0WXQEIKhyt8GANo5bn0tFTz4SVUdCy2MVE6+
P+NMWgh0hdHFCOgNkMJ392PNDpgLsd6Ddd/s7VM53qJ/6IMS6dQ3kd+UR7sHsZfAMgFPp7+h3kLe
NmBV53UGTisBPLbohtX2hZnkB0oJXf6/HT74iwXzqpsaxpIMGzhRXxKF5tPxTxfD0dMN+t5ZP6zO
upSxHMPsAHfGhZAC/H/F9n7vBiJVyH1aslqSF4coR+PypV5Z5Sfz/IlJBgJ68rMgFGxC0xSok+fi
i+Mknt40eTXlWiUAYdLmsJdAoPJHNvQfAjIDptXbNSradnS0Zqm0mOdPl1LeUTNmkYtBTuxv0/1e
/nzlq13wYTxncOSJHdsd+cwIgRT6euCWiMrA+4FHNKsiy9wMVtQ6ai8zTQ==
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/fK0Q1HR2QFGLC5CMvt8JQwy6W5k>
Subject: Re: [dnssd] Fwd: New Version Notification for
draft-huitema-dnssd-tls-privacy-00.txt
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed
networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>,
<mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>,
<mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 07:14:31 -0000
On 3/11/2019 12:03 AM, Bob Bradley wrote: >> As designed, the answer is yes, the client would send 20 packets. I >> understand very well that there is an alternative design in which the >> server sends a packet announcing its arrival, and then every interested >> client discovers the server and contacts it. I believe that the scaling >> is actually equivalent: >> >> 1) In my design's worst case, the client sends N packets, and P servers >> who are present perform O(N) trial decryptions. Total O(P.N2). >> >> 2) In the server announce design, P arriving servers send P packets upon >> arrival on the network, and O(N) clients perform N trial decryptions. >> Total O(P.N2) as well. > In (1), there are N multicast packets per client and P unicast responses from paired servers. In (2), there is 1 multicast request per client and P unicast from paired servers. Many devices act as both client and server. Multicast vs unicast can make a big difference in the number of packets processed by each device. > > As an example, my device has 40 paired devices and the network has about 300 devices browsing for and offering services (by looking at mDNS). If we assume other devices have a similar number of paired devices then: > > Approach 1: 12000 multicast requests (and trial decryptions) and 40 unicast responses. > Approach 2: 300 multicast requests (and trial decryptions) and 40 unicast responses. Using your numbers, there would be 12000 trial decryptions in approach 2 as well. Each client has to try 40 different server keys to see which one would work. But I am not convinced at all that this 40/300 split is something we will see in privacy oriented applications. If we are looking at application pairing rather than device pairing, then the server and client role are very flexible, the ratio of client and server will be close to parity, and the number of pairing per application could be very small. -- Christian Huitema
- [dnssd] Fwd: New Version Notification for draft-h… Christian Huitema
- Re: [dnssd] Fwd: New Version Notification for dra… Bob Bradley
- Re: [dnssd] Fwd: New Version Notification for dra… Christian Huitema
- Re: [dnssd] Fwd: New Version Notification for dra… Bob Bradley
- Re: [dnssd] Fwd: New Version Notification for dra… Christian Huitema
- Re: [dnssd] New Version Notification for draft-hu… Bob Bradley
- Re: [dnssd] New Version Notification for draft-hu… Christian Huitema