Re: [dnssd] I-D Action: draft-huitema-dnssd-privacy-00.txt
Alf Watt <alf@istumbler.net> Wed, 23 March 2016 23:54 UTC
Return-Path: <alf@istumbler.net>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B492512D62E for <dnssd@ietfa.amsl.com>; Wed, 23 Mar 2016 16:54:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4XithE2-_4D for <dnssd@ietfa.amsl.com>; Wed, 23 Mar 2016 16:54:08 -0700 (PDT)
Received: from octans.istumbler.net (octans.istumbler.net [45.79.75.197]) by ietfa.amsl.com (Postfix) with ESMTP id 177D912D5BE for <dnssd@ietf.org>; Wed, 23 Mar 2016 16:54:08 -0700 (PDT)
Received: from [192.168.29.219] (c-24-5-43-153.hsd1.ca.comcast.net [24.5.43.153]) by octans.istumbler.net (Postfix) with ESMTPSA id 68E3627CF8; Wed, 23 Mar 2016 23:54:05 +0000 (UTC)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.98.7 at octans.istumbler.net
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Alf Watt <alf@istumbler.net>
X-Mailer: iPhone Mail (13E234)
In-Reply-To: <055301d184bc$11a0e450$34e2acf0$@huitema.net>
Date: Wed, 23 Mar 2016 16:54:04 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <620719BD-01B1-426C-8FAC-09C615DFBF7C@istumbler.net>
References: <20160310013909.9336.65458.idtracker@ietfa.amsl.com> <7E27ED38-3858-4080-A31E-2116EA2DD436@ecs.soton.ac.uk> <EMEW3|53a64596503ce821209d6d873fee625as2GNBl03tjc|ecs.soton.ac.uk|7E27ED38-3858-4080-A31E-2116EA2DD436@ecs.soton.ac.uk> <055301d184bc$11a0e450$34e2acf0$@huitema.net>
To: Christian Huitema <huitema@huitema.net>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/rtUszU4Ut4rak1rnRO5V1WuQLyA>
Cc: dnssd@ietf.org
Subject: Re: [dnssd] I-D Action: draft-huitema-dnssd-privacy-00.txt
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2016 23:54:10 -0000
Just looking over the paper titles for DPRIV it seems like the solution is going to be TLS or DTLS of the DNS server to client connection, which should encapsulate the unicast DNS-SD as well as the usual A and AAAA lookups. Is the concern about information disclosure from devices using DNS-SD and mDNS for multicast advertising and discovery? Best, Alf > On Mar 22, 2016, at 9:25 PM, Christian Huitema <huitema@huitema.net> wrote: > >> On Thursday, March 17, 2016 4:12 PM, Tim Chown wrote: >> >> Hi, >> >> Ralph and I would welcome comments to the list on this draft. >> >> Tim > > Yep. Me too. This draft > (https://datatracker.ietf.org/doc/draft-huitema-dnssd-privacy/) is the > continuation of the work to minimize metadata disclosure went moving to > random locations, and in particular when connecting to Wi-Fi hot spots. > > The first big disclosure comes with the MAC address, and can be addressed > with MAC address randomization. The next big disclosure are the DHCP > messages, which use to disclose things like DNS name of the node, and the > DNS traffic, which would happily pass a full log of visited URL to the DNS > server chosen by the hot spot manager. The IETF has been working on that > with the DHCP anonymity profile, and with the DNS Privacy work in DPRIVE. > Which means we have to look at the next big disclosure source, which happens > to be DNS-SD. > > The draft proposes essentially to obfuscate the names used in DNS-SD so that > cooperating parties understand them, but they look like gibberish to casual > observers. I am sure that DNS-SD WG members have opinions about that. > > -- Christian Huitema > > > > _______________________________________________ > dnssd mailing list > dnssd@ietf.org > https://www.ietf.org/mailman/listinfo/dnssd
- [dnssd] Fwd: I-D Action: draft-huitema-dnssd-priv… Tim Chown
- Re: [dnssd] I-D Action: draft-huitema-dnssd-priva… Christian Huitema
- Re: [dnssd] I-D Action: draft-huitema-dnssd-priva… Alf Watt
- Re: [dnssd] I-D Action: draft-huitema-dnssd-priva… Tom Pusateri
- Re: [dnssd] I-D Action: draft-huitema-dnssd-priva… Alf Watt
- Re: [dnssd] I-D Action: draft-huitema-dnssd-priva… Christian Huitema
- Re: [dnssd] I-D Action: draft-huitema-dnssd-priva… Alf Watt