IETF Logo Mail Archive

Re: [dnssd] Reviewing DNS-SD privacy issues

Martin Thomson <martin.thomson@gmail.com> Tue, 02 January 2018 00:11 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF1B127286 for <dnssd@ietfa.amsl.com>; Mon, 1 Jan 2018 16:11:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNzHbFUG18BE for <dnssd@ietfa.amsl.com>; Mon, 1 Jan 2018 16:11:13 -0800 (PST)
Received: from mail-ot0-x22e.google.com (mail-ot0-x22e.google.com [IPv6:2607:f8b0:4003:c0f::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 130DB127241 for <dnssd@ietf.org>; Mon, 1 Jan 2018 16:11:11 -0800 (PST)
Received: by mail-ot0-x22e.google.com with SMTP id x15so2287345ote.0 for <dnssd@ietf.org>; Mon, 01 Jan 2018 16:11:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jbGGQ71ie+2ymp0Ji/S4mAkuhpkL5Jq2LcwKPE3tpt0=; b=hc8lnTkTdJzm+u7IEvsgCDsr/bLwX/49kcmfzYBgpH5JDFBDcAziWyIe1YMBS0pzI4 ctUExvkAO47KiJz9s7fR9Cyu5igIXTj9rHVhgI5NWL3Rgrd5dEon91wmRFaZ+jA5uWhZ NN4rCzN5LtxZ0LbbmfYUdbBBnfBRTUDOeLqr0cjk7DlxeIdYAKlQk3hxjcFvf/IekVj2 yg3Hmn4XSCwSIiesifKcoiFGu6m6rreIcCkcQYUfI5jRni+2qUgCRWp0i9ITMc3tl+jX E7MseLqt8fHzhIAiDycIkJsur6Ue+0fSg9EVl7KmvBXGjKbFIcg1hf5ENFgs8uh5gcVM h81g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jbGGQ71ie+2ymp0Ji/S4mAkuhpkL5Jq2LcwKPE3tpt0=; b=LHFNkeln823uhIsSsTTQyWqYu4UmyFDD+T4zJwEkM+B0V1Pcn0en9qTe/9s1JTYmpy nTBNe1Sj5TJNZ1UcXzP89gxuQRxc6WIB1g141HQgmBnIfGms2C8QCx1E2wvfPTDiFtpQ gzkQ5Nww7SQGNCKIowCO/iiITOSRTrTuz74mUMZfbMPl96W9RXEadvu4DBaWYdVe2h64 UnHwnHH5A0Mp4IKDXbQ6dtXMCvCjv8APA5M4TUPRNccHoPMSWgwnTX+B2onxySZ72EtY x7Zh/MEyNzjFRb15APLsqJm7KH2vfRIwnLuRVUN0OLA2he7C8s1k8zyFPlRb+IQtEsUN d4cA==
X-Gm-Message-State: AKGB3mKr+XE7g+ivz+NE4nvf36GSfOVJsTyC8ykhqr6MNQEnsrGFArK+ hS0wt8ZIQI9r3U/QV7YAbA5krJuZGwGdYngYq6qCdQ==
X-Google-Smtp-Source: ACJfBouW2a9Oz4vFQXdtRwMo4EYblGKmR4JHX4JTO3WDokExcjSGgrxyfvthJfMtfoGd8OOjO/rTE8dTPYw0e8kT3fU=
X-Received: by 10.157.88.42 with SMTP id r42mr40213254oth.71.1514851870219; Mon, 01 Jan 2018 16:11:10 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.46.182 with HTTP; Mon, 1 Jan 2018 16:11:09 -0800 (PST)
In-Reply-To: <4b8fad55-b283-e0fc-4af1-7fcfa4603193@huitema.net>
References: <4b8fad55-b283-e0fc-4af1-7fcfa4603193@huitema.net>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 02 Jan 2018 11:11:09 +1100
Message-ID: <CABkgnnVLiYy1Rv3DTMHn0xsVLyU8s1KfZwa_YLz7a-BWY_r2=Q@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: dnssd@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/sQMv0wLnWbUwibuinqTGi_2PhsQ>
Subject: Re: [dnssd] Reviewing DNS-SD privacy issues
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jan 2018 00:11:16 -0000

I agree with your analysis regarding granularity.  Particularly on
mobile platforms, mutual distrust between applications is the
benchmark we want to apply.  Browsers are already there.

On Sun, Dec 31, 2017 at 5:45 AM, Christian Huitema <huitema@huitema.net> wrote:
> I have been reviewing the DNS-SD privacy issues in light of Stuart's
> draft (draft-cheshire-dnssd-privacy-considerations-01) and his
> presentation at IETF 100
> (https://datatracker.ietf.org/meeting/100/materials/slides-100-dnssd-04-stuart-privacy/).
> Draft and presentation reflect uneasiness with several of the design
> choices that we made in draft-ietf-dnssd-privacy-03,
> draft-ietf-dnssd-pairing-03, and draft-ietf-dnssd-pairing-info-00. I
> believe this boils down to three big issues: granularity of trust, type
> of secret, and type of pairing agreement.
>
> Stuart provides a convincing illustration of the granularity issue with
> the "implanted insulin monitor" example. In this example, the trust
> relation is obviously between the device and the medical application on
> the phone, and certainly not with "any gaming application on the phone",
> let alone "any device owned by the user". Enforcing this granularity
> leads to an "application-centered" design, in contrast with the
> device-centered design chosen in draft-ietf-dnssd-privacy. Our two-phase
> design is to "privately discover a device, then ask that device for
> available services". An application centered device would be just one
> phase, "privately discover an application".
>
> There is little doubt that maintaining privacy requires some type of
> trust establishment. In our drafts, we chose to base that trust on
> pairwise shared secrets, established through a pairing operation.
> Pairwise secrets have the advantage of being easy to understand and
> manage, since the secret is shared between just two entities. But
> pairwise operation scales at best as O(N), possibly O(N**2). The
> alternative may be to use public key technology. This would scale better
> when entities have to manage a large number of pairings, such as for
> example a printer that can be used by a whole group of people, but it is
> pretty hard to establish trust using public keys without disclosing at
> least one of the public keys to third parties. This may be OK when one
> of the parties does not have privacy concerns. For example, in the group
> printer example, it may be OK to disclose the identity of the printer as
> long as the identity of the users is kept private.
>
> The pairing agreement proposed in draft-ietf-dnssd-pairing-03 relies on
> a final authentication step, in which a "short authentication string" is
> verified. The problem there is not the correctness of the protocol, but
> the weakness of the human user. Pairing processes can be long and
> convoluted. After the user has finally mastered the UI on two devices
> and gone through all the process, it is very tempting to press the "OK"
> button without looking too closely to the strings on the displays.
> Designs that require to enter a PIN or a password before proceeding with
> the pairing do not have that weakness, and technology exist that make
> them secure.
>
> These three arguments have pretty drastic consequences on the design of
> "private discovery". They did surface quite late in the process, but I
> agree with Stuart that the priority is to get the right standard
> published. Our goal should be a standard that is widely deployed and
> used. Of the three main issues above, the pairing technology is probably
> the easiest to tackle -- moving from SAS to JPAKE and documenting why
> would be straightforward. But the other two points deserve extended
> discussion. What are the implications of moving from a device focus to
> an application focus? Is this just a privacy issue, or does it affect
> other aspects of DNS-SD? Can we really provide symmetric privacy with
> asymmetric keys? Do we have examples of public-key based algorithms? I
> would really like to see a discussion on this list!
>
> -- Christian Huitema
>
>
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd

v2.23.0 | Report a Bug | By Email