IETF Logo Mail Archive

Re: [dnssd] Stephen Farrell's No Objection on draft-ietf-dnssd-requirements-05: (with COMMENT)

Tom Pusateri <pusateri@bangj.com> Tue, 17 March 2015 20:25 UTC

Return-Path: <pusateri@bangj.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B4461A88E9; Tue, 17 Mar 2015 13:25:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.038
X-Spam-Level:
X-Spam-Status: No, score=-1.038 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1j9YRASeY9HM; Tue, 17 Mar 2015 13:25:16 -0700 (PDT)
Received: from oj.bangj.com (amt0.gin.ntt.net [129.250.11.170]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FAA31A88E7; Tue, 17 Mar 2015 13:25:16 -0700 (PDT)
Received: from [172.16.21.162] (cpe-098-122-037-156.sc.res.rr.com [98.122.37.156]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by oj.bangj.com (Postfix) with ESMTPSA id 1CED6233A; Tue, 17 Mar 2015 16:21:04 -0400 (EDT)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_D4D997EE-6010-4915-BCE1-1AA73904AE4F"; protocol="application/pgp-signature"; micalg="pgp-sha1"
X-Pgp-Agent: GPGMail 2.5b5
From: Tom Pusateri <pusateri@bangj.com>
In-Reply-To: <5508876F.9030904@cs.tcd.ie>
Date: Tue, 17 Mar 2015 16:25:11 -0400
Message-Id: <FD08CA4F-D429-4BCF-A9FE-E0BFFD62A9DD@bangj.com>
References: <20150310230433.13239.32024.idtracker@ietfa.amsl.com> <2C1D6897-BE72-4902-97A6-C5C6943B1EF7@gmail.com> <5508876F.9030904@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/h3dAwUdWyNFZaw5JSFPfhcnXSYc>
Cc: dnssd-chairs@ietf.org, draft-ietf-dnssd-requirements.all@ietf.org, dnssd@ietf.org, Chown Tim <tjc@ecs.soton.ac.uk>, Ralph Droms <rdroms.ietf@gmail.com>, The IESG <iesg@ietf.org>
Subject: Re: [dnssd] Stephen Farrell's No Objection on draft-ietf-dnssd-requirements-05: (with COMMENT)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 20:25:21 -0000

> On Mar 17, 2015, at 3:58 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
> Hi Ralph,
> 
> Those are comments such that I'm fine if you prefer no change.
> 
> One this one...
> 
> On 17/03/15 17:51, Ralph Droms wrote:
>> Kerry pointed out that the difference between the threat from
>> searching for services as opposed to other forms of name resolution
>> in arbitrary zones is unclear.  While it would be possible to edit
>> this text to include searching as well as registration, I think the
>> resulting text would be too restrictive to allow for useful
>> solutions.  Would you be willing to accept the text as it exists or
>> do you have some other new text to suggest?
> 
> I don't have text to suggest sorry. The concern here is that
> client devices will issue searches that, as a result of dnssd,
> will be broadcast further than previously and perhaps further
> than the client device maker expected. That could allow for
> device/user fingerprinting/re-identification in a more
> widespread domain than was previously the case. For example,
> a bad actor could install something on a campus network that'd
> spot and record such details, perhaps in the hope of breaking
> into the client device (if they can fingerprint it as one
> with a specific vulnerability).
> 
> I don't think I saw that noted in the draft but in any case
> what'll eventually matter is that the eventual protocol does
> not make such things worse. Noting them here would probably
> make it more likely we get a good result, but isn't entirely
> needed.
> 
> S.

I'm not sure I understand your scenario.

Clients issue searches in the form of unicast DNS queries to DNS servers (or proxies). This is the same as with wide-area bonjour. Only now, this may cause the proxies to issue their own multicast queries on a local network in order to ensure their cache is current. The original client's searches are never broadcast further than they were before. A bad actor would have to intercept the unicast queries from the client (which may be TLS encoded). To do this, the bad actor must have compromised some network device to do this.

Tom

v2.23.0 | Report a Bug | By Email