Re: [dnssd] WGLC on draft-ietf-dnssd-privacy-01

Christian Huitema <huitema@huitema.net> Mon, 26 June 2017 23:07 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0EFA129A9C for <dnssd@ietfa.amsl.com>; Mon, 26 Jun 2017 16:07:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Odx9fx-D0wNJ for <dnssd@ietfa.amsl.com>; Mon, 26 Jun 2017 16:07:27 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6E85124D68 for <dnssd@ietf.org>; Mon, 26 Jun 2017 16:07:27 -0700 (PDT)
Received: from xsmtp02.mail2web.com ([168.144.250.215]) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1dPd6L-0001bx-DV for dnssd@ietf.org; Tue, 27 Jun 2017 01:07:25 +0200
Received: from [10.5.2.16] (helo=xmail06.myhosting.com) by xsmtp02.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1dPd6F-0001HZ-95 for dnssd@ietf.org; Mon, 26 Jun 2017 19:07:23 -0400
Received: (qmail 23848 invoked from network); 26 Jun 2017 23:07:18 -0000
Received: from unknown (HELO [192.168.1.106]) (Authenticated-user:_huitema@huitema.net@[172.56.42.244]) (envelope-sender <huitema@huitema.net>) by xmail06.myhosting.com (qmail-ldap-1.03) with ESMTPA for <dnssd@ietf.org>; 26 Jun 2017 23:07:18 -0000
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
References: <CF1BAEAE-41C7-4E69-AD6F-9F31E7C7B2A3@jisc.ac.uk> <20170625210709.GA829@sources.org> <28c0ad99-2905-64b6-52c2-a357e7fa6d12@huitema.net> <20170626184107.GA8291@sources.org>
Cc: dnssd@ietf.org
From: Christian Huitema <huitema@huitema.net>
Message-ID: <f43abe80-780d-8ae6-26f6-068539d943c4@huitema.net>
Date: Mon, 26 Jun 2017 16:07:22 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170626184107.GA8291@sources.org>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: 168.144.250.215
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.22)
X-Recommended-Action: accept
X-Filter-ID: PqwsvolAWURa0gwxuN3S5YEa3T7JuZT23fGO2rGt3ZgTCGhDnudOJ80D1c8rffxrus7BTv7Ss8cH d2IQQuvdbtM+m4WpRRDP6YzwkAPgQJYWwktM+UPDyXniaU9ttNgkND46yZLY9QyX+cRXmooQ3hum JwiT+2brWmQlzkLIcXivpIH4ag6BM/+u9ym+BA23BdAuMWhZ/OFvp7gvcRlmS4mMxyMLYYiVMNBk bvYtOqT84KDBVOBEb5OKowBRafOFYOEkjsX7F8KmpUaZQHV+SZbCEQkE+Ttak7yNVmHZUfi2G5Pj 7iQJEmtNUzH3idZ6uMF2OhyCCCV83x+RZrKIj0QqMGQOSwmEPwP4wBzM77N8GvkYGGDFjg9NrmGY yNnXsSjdYwfRhjHqxQXDsBKLpPLwHqwRykc1ByOUA6hOga/6lO4FGen962xgCFRckncKfg1XSK9P 1z/R6plfrFWGyS3qs81QX8Xiqm7xFYXFK+feNHk15VolAGHS5rCXQKDym+Gab6cuAPzLi/SdAxlO dgkraHgbbAuZgv0Q6mJ3vUcipz1IT62ZEk6+MmovaufbiR3bHfnMCIEU+nrglojKwMr3vOY18GvB wSXAfWcj234Kahp30YSTh5OL3yMqjF0jNdSMuNhZC3X/nGdDKYyg+1Fotn1TGspRGWfHjmaruO0b XpkevaElTi+sCWwmqxHi+BUHXGjp0J8FpT+J6AFTxiSsoNTiR/GmpPv4QzJ0uLs078I0y+3uS4dN KiUgYTBUlbxCUrr8bNBXfqd+W29lOIAbiteDwjw8P7mx/NBHSRWxZaHLvUGmD7PXY2RS8idsz7fr MHsNPRylYAkPvY1HttQOF909qtkcRbvucYBIc/SWdEVhFWVNeXUVBER+dDF8MLn6MURQGfriekzS 9Ga3AA==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/iqMBAv3GtFkrvRX65THv6d7XivE>
Subject: Re: [dnssd] WGLC on draft-ietf-dnssd-privacy-01
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 23:07:30 -0000

On 6/26/2017 11:41 AM, Stephane Bortzmeyer wrote:

> On Mon, Jun 26, 2017 at 07:18:19AM -0700,
>  Christian Huitema <huitema@huitema.net> wrote 
>  a message of 58 lines which said:
>
>> The solution requires that the participating devices have "good
>> enough" clocks
> Which, IMHO, should be written in the RFC.
>
>> -- to the minute, in practice.
> It is not sufficient. The current text says "We will thus use this 24
> bit number as nonce, represented as 3 octets." If two machines have
> almost perfectly synched clocks, one being at 20:35:44 today, and the
> other at 20:35:43, the values won't have the same first 24 bits
> (1011001010100010101010000000000 vs. 1011001010100010101001111111111).
>
> There is no obvious solution. We cannot have "fuzzy" comparisons with
> nonces.
In fact there is a solution, which I implemented in my tests. Given a
clock precision X, the device knows that its real clock could be
somewhere between T-X and T+X. There are a finite number of time stamps
in that interval, and it should be ready to accept them all. Or query
them all, if it is doing polling.

-- Christian Huitema