Re: [dnssd] dnssd privacy draft

Martin Thomson <martin.thomson@gmail.com> Mon, 27 June 2016 04:59 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF217128E18 for <dnssd@ietfa.amsl.com>; Sun, 26 Jun 2016 21:59:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lQ9zI8ysfpEB for <dnssd@ietfa.amsl.com>; Sun, 26 Jun 2016 21:58:59 -0700 (PDT)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A214127078 for <dnssd@ietf.org>; Sun, 26 Jun 2016 21:58:59 -0700 (PDT)
Received: by mail-qk0-x234.google.com with SMTP id p10so195510244qke.3 for <dnssd@ietf.org>; Sun, 26 Jun 2016 21:58:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=PMj3Y7d3CHIiUNErKDddsFLDAJ+Xcokl/EAr2XMtdFw=; b=ANJiwZ2V8oM8hIO3FHM0W2OPSNFfnqrjWC1akuw8r8UbeVIBSQjw4/40pOyz8mS/tS Wo5Q0O7qc9sf6JX3Lv1ur2fu9+VHSen6K3t3LCq35r27DCaLouN24vj7QwPJ9TszJpJb a6r3fNB90HbJ5v65Tb5y5jlXjcbfywL3fO+f1/y+6thWT6mjJ8DFAKp6EKG5pWfGm6AS H/q+yUCYn7IR9rN2QKV6F1s1sMZtKeno+XSe257HwGLzq6KqWti6NLtBiL5vFBoahHh+ AcVjbwd6qgtaohFbs6UY/+5HkoADc1vCYsa7q1Dv28pvO/OcG/OCh1H9CDf/N6s1GxMZ huEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=PMj3Y7d3CHIiUNErKDddsFLDAJ+Xcokl/EAr2XMtdFw=; b=az6jgB3EpzS5WlpeEmznTdNf1TPTwrOfAMO0dvGat9SUGEM5okrgcekSb2Fl00FhHy +8VHDufXa4iolO7U9ubd82NKW6x34ecfpNkRm4vaYfgMYgMUJRUi/Nr/8Qbj9flab2p9 sa3jybF7JvC43n4gFtrLJoEADmyqJ7bLcbCBSDJD3E6xspcmAWytQTxW/e7KZyTEpl2a WwtgTse4Oa6i9XCp2UejSHY0J9G7fR5jkFEDLqvmRqU6g5kcH1vdG0TtBABsWrZEfH3J u2o/8d16WiNcwEnIOaKK3ZyM2+rhASMkA7F0w6t/LTOW+wJurMl3Avrn4Lo1MiqPIXC1 WX5w==
X-Gm-Message-State: ALyK8tIVeczCEt0w8s86ZU5UhrfxcVVnMvZqgUtbPbaQjBx9yW6Mxn+fC0aGK/baaMTy2OEpk1eRHhRZcp8lmQ==
X-Received: by 10.55.18.194 with SMTP id 63mr19924733qks.199.1467003538591; Sun, 26 Jun 2016 21:58:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.38 with HTTP; Sun, 26 Jun 2016 21:58:58 -0700 (PDT)
In-Reply-To: <04c601d1d02b$cdd78600$69869200$@huitema.net>
References: <CABkgnnU68Rwsy7Hn5jwCP7ytXh3MmGw_h4a_E8hjri0X_P3kWw@mail.gmail.com> <04a901d1ce4e$52e056e0$f8a104a0$@huitema.net> <CABkgnnXrEW8tDvOzzyMPZT0KrUDvTX2MdNB7w5712ZbPNNOcUQ@mail.gmail.com> <04c601d1d02b$cdd78600$69869200$@huitema.net>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 27 Jun 2016 14:58:58 +1000
Message-ID: <CABkgnnUVBnGz_9+h4UreoKGfzJMuFMopnSkjpKHdP9EVQcYFFA@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/jamwAcCPsQjO3l6tGxs_C1gNttg>
Cc: Christian Huitema <huitema@microsoft.com>, dnssd@ietf.org
Subject: Re: [dnssd] dnssd privacy draft
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jun 2016 04:59:01 -0000

On 27 June 2016 at 14:24, Christian Huitema <huitema@huitema.net> wrote:
> I am concerned with the privacy issue. Suppose I contact a server and send a
> Client-Hello with a PSK Identity. If the identity is valid, the servers
> replies with Server-Hello. If the identity is incorrect, server will reject
> the connection, maybe sending an Alert. Suppose now that the Client hello is
> a Replay from some exchange I monitored previously. If I see a Server Hello
> coming back, I know this is the same server that I observed before. Hence,
> linkability.

I see.

You could include some material from the instance name in the
calculation of the MAC that you are using for psk_identity.  Then if
the server moves, it's name will change, as will what it considers to
be a valid handshake.