Re: [dnssd] dnssd privacy draft
Tim Chown <Tim.Chown@jisc.ac.uk> Tue, 12 July 2016 08:41 UTC
Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5756C12D0EA for <dnssd@ietfa.amsl.com>; Tue, 12 Jul 2016 01:41:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.111
X-Spam-Level:
X-Spam-Status: No, score=-4.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=jisc365.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gj1dJ7g9VGCC for <dnssd@ietfa.amsl.com>; Tue, 12 Jul 2016 01:41:02 -0700 (PDT)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [207.82.80.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7523B12D0C2 for <dnssd@ietf.org>; Tue, 12 Jul 2016 01:41:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc365.onmicrosoft.com; s=selector1-jisc-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=i9da5Mn+vhBIDqVXbqVyAulXsHbNuuHVqHeT25DUFQY=; b=UbTIMjygHJcibxTlqvtkaTDXEWFNT4WXD6vnSqFl7xyfnzhLcEsnpNPDKjP+DVs6ihvTSQJtVSF9YykX+Z3XXdwUF0blI5kaJwVokgO5VR5WzGLRZRbQSUjkWWpQebco0rbwYLsTCoOXcMmZ+xEdxO4L1Uyea7cbRbNCCf00JEI=
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03lp0119.outbound.protection.outlook.com [213.199.154.119]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-4-8xlG4I5cOb2dty5-aVSH7g-1; Tue, 12 Jul 2016 09:40:53 +0100
Received: from AMSPR07MB455.eurprd07.prod.outlook.com (10.242.106.148) by AMSPR07MB455.eurprd07.prod.outlook.com (10.242.106.148) with Microsoft SMTP Server (TLS) id 15.1.539.14; Tue, 12 Jul 2016 08:40:52 +0000
Received: from AMSPR07MB455.eurprd07.prod.outlook.com ([10.242.106.148]) by AMSPR07MB455.eurprd07.prod.outlook.com ([10.242.106.148]) with mapi id 15.01.0539.018; Tue, 12 Jul 2016 08:40:52 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Christian Huitema <huitema@huitema.net>
Thread-Topic: [dnssd] dnssd privacy draft
Thread-Index: AQHRza6eF/NmO1yR/UaW0hEx/WMy1Z/5AUUAgBuVyAA=
Date: Tue, 12 Jul 2016 08:40:51 +0000
Message-ID: <4CC0A3C2-AF06-41E2-9764-59BE77AAA414@jisc.ac.uk>
References: <CABkgnnU68Rwsy7Hn5jwCP7ytXh3MmGw_h4a_E8hjri0X_P3kWw@mail.gmail.com> <04a901d1ce4e$52e056e0$f8a104a0$@huitema.net>
In-Reply-To: <04a901d1ce4e$52e056e0$f8a104a0$@huitema.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3124)
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [2001:630:50:d019:505:4049:22d7:a27b]
x-ms-office365-filtering-correlation-id: 2397d424-8194-40c6-9327-08d3aa303b5f
x-microsoft-exchange-diagnostics: 1; AMSPR07MB455; 20:HJwUJgTWfi6mikHGSA0nJg63FQs6gUiUejnN6Dg6wMk3a+sD7L1Mky2HonG2TsMLp0wNG3PGEdha7OZabveKJ6i+1kZugKoTYkzTYolq2bEb5tP7tMnDRL+c5NAv5MInGKqxN3/VKEXYPul2h1W9nVKSUMO5VMte9yLeqFKuOLY=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:AMSPR07MB455;
x-microsoft-antispam-prvs: <AMSPR07MB4551CDCC156619AE4552067D6300@AMSPR07MB455.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(788757137089);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:AMSPR07MB455; BCL:0; PCL:0; RULEID:; SRVR:AMSPR07MB455;
x-forefront-prvs: 0001227049
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(199003)(51444003)(189002)(24454002)(377454003)(81156014)(81166006)(68736007)(50986999)(19580405001)(102836003)(92566002)(4326007)(8666005)(189998001)(2950100001)(2900100001)(97736004)(6116002)(586003)(15975445007)(76176999)(82746002)(8676002)(57306001)(106356001)(50226002)(101416001)(7736002)(105586002)(106116001)(2906002)(33656002)(87936001)(10400500002)(11100500001)(74482002)(5002640100001)(122556002)(8936002)(19580395003)(36756003)(86362001)(83716003)(77096005)(3280700002)(305945005)(7846002)(3660700001)(110136002)(3826002)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:AMSPR07MB455; H:AMSPR07MB455.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-ID: <72DD5611CC7785409C58FE234AC97E95@eurprd07.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2016 08:40:51.8501 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AMSPR07MB455
X-MC-Unique: 8xlG4I5cOb2dty5-aVSH7g-1
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/wpI-0XzOwOb0z5KA16o-Z2pITlM>
Cc: Christian Huitema <huitema@microsoft.com>, "dnssd@ietf.org" <dnssd@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
Subject: Re: [dnssd] dnssd privacy draft
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2016 08:41:05 -0000
Hi, > On 24 Jun 2016, at 20:26, Christian Huitema <huitema@huitema.net> wrote: > > On Thursday, June 23, 2016 5:23 PM, Martin Thomson wrote: >> >> Interesting work. > > Thanks. > >> I think that a lot of this comes down to the design of the pairing > protocol. > > Yes. The point is, do we have the appetite to design a pairing protocol in > this group? If we do, my preference would be to describe this pairing > protocol in a separate draft. On this, that’s a question to ask of the WG, but also of our AD. I think it’s very important that we tackle privacy issues as and when they arise, and thus this work is very welcome. I hope that we can attract enough interest to progress it; the initial signs are encouraging. Our AD is very happy that we have identified and started this work. It’s possible he may feel there is a more appropriate WG to work on the problem. This is something we can discuss in Berlin, but for now let’s continue the discussion. I sent a pointer to the work to the ietf-privacy list, which Stephen Farrell pointed me to - see https://www.ietf.org/mailman/listinfo/ietf-privacy. I encouraged people there to join dnssd to discuss the draft further. BTW I noticed another draft that treads in similar space: draft-winfaa-intarea-broadcast-consider-02; I have emailed the authors to alert them to our work in dnssd, as it was not cited in their draft. Tim >> The requirement to use base64 isn't going to work very well with DNS. >> Or do you expect this to work anyway? I guess that it could if you use > the URL >> and filename safe variant without padding, but I wouldn't have been that > bold. > > It is already a requirement for DNS SD. There is a long discussion of that > in RFC 6763: > > The <Instance> portion of the Service Instance Name is a user- > friendly name consisting of arbitrary Net-Unicode text [RFC5198]. It > MUST NOT contain ASCII control characters (byte values 0x00-0x1F and > 0x7F) [RFC20] but otherwise is allowed to contain any characters, > without restriction, including spaces, uppercase, lowercase, > punctuation -- including dots -- accented characters, non-Roman text, > and anything else that may be represented using Net-Unicode. For > discussion of why the <Instance> name should be a user-visible, user- > friendly name rather than an invisible machine-generated opaque > identifier, see Appendix C, "What You See Is What You Get". > > Base64 guarantees that we will not be using control characters. I actually > checked whether we could get something more compact using a wider range of > Unicode character, but those require more bits on the wire and end up not > very efficient. > >> Using base32 reduces the number of pairings you can advertise at once to > 5; >> which isn't great, but I guess that you can use the mitigation you already > have. >> But it begs the question: does this really need to be in the name? Did > you >> consider retrieving the proofs using TXT records that are provisioned > against >> the nonce? > > Yes, that's a possibility. But the instance name is obtained directly from > the PTR record. Putting the information in the TXT record implies a longer > query process: first get the PTR records, then retrieve the TXT record for > each name in the PTR record. > >> Do you need to include the time in the nonce? We decided against leaking >> clock information in TLS 1.3 for a range of reasons, primarily privacy. I > believe >> that lots of entropy would be OK. It's not like we need to be very > careful with >> space, and 96 bits seems like plenty. > > Are you saying that specifically for the PSK identity encoding? The use of > time stamp there provides some level of protection against replay attacks, > described in section 6.5. Otherwise, servers will have to rely on extended > memory of previously used PSK identifiers. > >> Also, you don't have to base64 the psk_identity, it's just octets, which > allows >> you to reclaim some of that space. > > Well, section 5.1. of RFC4279 says: "The PSK identity MUST be first > converted to a character string, and then encoded to octets using UTF-8 > [UTF8]." And I see the character string requirement enforced in some of the > TLS API. So base64 is just a way of being cautious. > >> Did you consider using SNI to carry the name? Or did you plan to forbid > SNI? >> You probably don't need to correlate the DNSSD parts with the TLS parts > for >> passive observers. > > Good point. We should probably specify some fixed SNI value, so the SNI does > not leak server identity. > >> Regarding this: "Implementers MAY eventually replace SHA256 with a > stronger >> algorithm", I think that you need a better replacement plan. >> Maybe you can use an attribute in the TXT record that identifies the hash. > Or >> you could identify the scheme in the psk_identity itself. >> Or you could prefix names with a protocol version identifier. You could > even >> use a different service type name if it came to that. > > Yes, we need to think about versioning. The simplest solution is probably to > encode a version number in the service type used by DNS SD. But better > suggestions are welcome. > > -- Christian Huitema > > > > _______________________________________________ > dnssd mailing list > dnssd@ietf.org > https://www.ietf.org/mailman/listinfo/dnssd >
- Re: [dnssd] dnssd privacy draft Daniel Kaiser
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Alf Watt
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Christian Huitema
- [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Tim Chown
- Re: [dnssd] dnssd privacy draft Martin Thomson
- Re: [dnssd] dnssd privacy draft Christian Huitema