IETF Logo Mail Archive

Re: [Doh] security goals

nusenu <nusenu-lists@riseup.net> Mon, 18 March 2019 23:24 UTC

Return-Path: <nusenu-lists@riseup.net>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E56F1286CD for <doh@ietfa.amsl.com>; Mon, 18 Mar 2019 16:24:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MLRLMAMTJr-2 for <doh@ietfa.amsl.com>; Mon, 18 Mar 2019 16:24:27 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 521321279A3 for <doh@ietf.org>; Mon, 18 Mar 2019 16:24:27 -0700 (PDT)
Received: from capuchin.riseup.net (capuchin-pn.riseup.net [10.0.1.176]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id 73C601A0CAE; Mon, 18 Mar 2019 16:24:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1552951466; bh=Qav/PwG+P+83gqyTQFz31EFXVFAW8QP0F6+PpatspXg=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=bMNa4p2fTouM/QvqexoKu+eAbNwtvYa+k8JElBsEMKclHyC/2y3hkQazoi10KxT2M jr2t1pg9YMhLxSsoOeZiTyAUl58qQHCkApFGt9TNgWIzKg4519ZcUQn3Muw/pKyKDo hLya+Nbcyp44XCGnx9YSIdvIAQCt1s1rexAyc1X4=
X-Riseup-User-ID: CE75AE65C0097258FFFAA764760B4B7CCD4974B80573586EC17D6272EA20F3FB
Received: from [127.0.0.1] (localhost [127.0.0.1]) by capuchin.riseup.net (Postfix) with ESMTPSA id 42280120469; Mon, 18 Mar 2019 16:24:24 -0700 (PDT)
To: Ben Schwartz <bemasc@google.com>
Cc: DoH WG <doh@ietf.org>
References: <CAHbrMsCNyeabhk0sVexOHVedVkgG2dvV9T8wWL++om5juAUvEw@mail.gmail.com> <b3c252eb-f8de-42f7-bedd-ef23375b5325@www.fastmail.com> <4de48a75-955d-89e3-7da3-4a1876edc53a@riseup.net> <bc485de8-0fa9-44a9-96ff-2a694e45f7b3@www.fastmail.com> <72a7be2c-918a-c2ab-0df8-dab6253532e5@riseup.net> <CAHbrMsCJz8s=B9pvvKmXhe+iGUUDPhW067JabyLnXsJNMUJT8w@mail.gmail.com>
From: nusenu <nusenu-lists@riseup.net>
Openpgp: preference=signencrypt
Autocrypt: addr=nusenu-lists@riseup.net; prefer-encrypt=mutual; keydata= xsFNBFj53gUBEADYKwT0pW1yiqt6UReZW8T2nXVCyeVT2G6z7AvW69afp82uthRH237pQ7Qs 5vq91DivN6fGN6cVksp0N9Yv+5HEQAwUxpLfcNDcGzmHMd0JMItEtozGv3a4FuiUoHAqeGXM 6Kzi3v5F2PZGF+U4QaGKEZq6u50gO/ZFy4GfC9z9tsO6Cm7s7KldVHMGx/a0MEGMwh6ZI9x2 hGXSSAKu58KRUkEpHzDiQTj+/j58ndNfZRQv6P5BLppHADRPqwEOm4RQcQYskyM0FdKXbJ8E 5GW268meflfv2BASsl3X/Xqxp+LNrstXIbFZ+38hVlQDDmdvaASpPTzIAxf8FxMYZqI+K1UE kP5nU45q84KiZoXwT6YYJDKToLSDnYkKlsrCSnLkE3Nb/IexgNoYO4nE6lT9BDV3athQCWw1 FwB5idRYWnIqbVgUFgYZDUdZBJmeTEeI+Wn5hFz6HvFVc/+haMVTcoEKSkG/tsSGsKOc2mp6 z+71io9JWrVQGmw7OeZeE4TvkF9GhwS8jrKO4E0crfcT/zT6368PZCO6Wpir8+po/ZfOWbbh 1hi3MxmXn4Fki55Zrvhy3sf28U+H/nByQV4CssYv/xVhIZsN/wNQLcDLgVs4JTBUik8eQR0Y Qrq9lG3ZVtbpEi7ZTJ6BOGIn2TKHsVIVGSQA0PdKpKYV45Lc4QARAQABzSBudXNlbnUgPG51 c2VudS1saXN0c0ByaXNldXAubmV0PsLBfQQTAQgAJwUCWPneBQIbAwUJBaOagAULCQgHAgYV CAkKCwIEFgIDAQIeAQIXgAAKCRCtYTjCRc1Cfq/kD/sHx+mnL6OLwJvBj1rVTyoHJYJARajz Go0yRlbrZSH6Z05OD3SDR9UVpWOZeY8JyFoTyCFQjAbIVjKifj0uSmi0j1iahrAgGGfik0cN XUkCxrW6jcJQ37EbvYWu4PryqLuC7IeQW1wCcB1ioyGYKkm2K6LZ9rzZPVYSmPohJ+gVI0Jt EdlNZl4JuZot9eA5w/22uvcStQHzXDsUxfqK8OAJpU8E3iBBdNpLPMDWpFz4g2yw5PD6jZ+K Q39PYMUFULaKe4YCw1O+0MFhZJI4KEcRYHuVy1b3cJjxzgVfEyFctLDsO1sh07vBhoVKUi8W e00pvGtv8QYxxMYIA3iACbsjGEr69GvvZ2pAnu9vT9OUCaES4riDCxbkMxK/Cbwk8F6mo0eq HDQ7sOZWQv81ncdG9ovlA7Pj96cEXgdtbbllF1aUZ8sAmT14YjGzhArGv7kyJ1imH5tX3OXk hBGA9JTk2mDNjEpFaTEajSvDiKyeEhWNTLm15siWkpg1124yjUkhQ3OCkw7aUDMiVn8+DQHo J2pP/84uUvngbhm1jV7nk8mxTUFgppUePkb5hhnRRzeK72QY00EwRdn7qnpNgijMJ3Fpjfy2 EeCEl3nNdcB7U0F+0ijA6P/+DROldxNr4eiP50RvV8XiW/yi2IkKBk50GNB87yYnDETxxx/c 2i00AM7BTQRY+d4FARAAwJZ6U7UT8uB1WCfLK3AOR1Wa9bzOAghlTR4WXbHB4ajQKG7/Fzud 99bnwD0V3/AOVz/SbGDyHe+7HMvd1A0Ll4NgyH6OpxY7wOwCXAYTAbcXLpM7eKTjjsb9A9XG 3FcIGvjcy76OkaewqhiABaShlStEYcPkRusHZuecXtCnfCjJKihU/kinWpBO9gY6SrF2KFCw aeS4r37brXQ9y8uy3gZ168QFuIa5AKfL0r5YN3k4StNSA2p5Z/pufWXMN3B03QC+3fireiz3 dinlHK6XjUW8oWSdNxJhexT/lUw+episNuWTQruy7PD+HeohYGXqjggmPUiWc171Sewb2f8H CHViHMee8QXqo/LSRkYVrtsx0HUSMKsVQOma/u2By03ucroIkQJQQfqX3YpK1i3EpUO2L0/m E8UpBvUm1vrst54EFym4tYNJTj9reVffFKh2cczmPVN5o8v3RrdTF96mGtcb9EJbGV4277ZE LqUspviEBXynqU3yZ48JhIWHj22/ha6TeBpapYZDOJ8lePed8E34J/GYE2YXl65LhpXAKvWz O3KiByGMysb9Li6zqZ9/BYQtg5CA6Q8Oo7pBxK4iiDH3GX2WvymmLoaOBpOaIYdvKr39fajE mzfbg7TdZKXxqp2KDrbw7vUJLDyrmPWpxHyhKHItzoi1Y59wzYSq3h0AEQEAAcLBZQQYAQgA DwUCWPneBQIbDAUJBaOagAAKCRCtYTjCRc1CfpfgEAC3tXZzhgKbF6fx5gMNDp/9MBpialvu k69UaGL3HUqM0/ytiT4FjYUmOK2mk37iop46GivsOC50PykG9gjbg9/QKUqgsZzJ8LJ+ldY4 /GKtiP5JoO59Obj8MJJ5Ta8yPfZiiNx/I8ydqd18E4PmQUCPlEKhett81t3+8R/mGwG72TaA hHwDjZAEjiXdnXh+z0AKpflCnYQafq0V73ofzuw4KovpJWMk/WPs5oSHhuV4TZ8nRkF6BR4y rEvs1kq8Y6DuNqQGwY3yilpnmqfMzzlWo7MlY657domU54bhGOsvNuZZsFDlcBczQo6h9OKq ckkVHUMAw38pX+EghzEfhYVWYmLNv5G9TA/M2s3frO3aN7ukNDq7CKIwfVz71/VfPaLQMY7/ jirzp9yIBZEi4E+PwP38FAGiD+nxzuUJv1rvxf6koqUGoHRvdppju2JLrC2nKW0La7RX7uZJ esCVkamT/XaXPROBTrZZqwbIXh2uSMzgXkC2mE1dsBf2rdsJ4y73+0DYq7YE52OV9MNoCYLH vpkapmD00svsP4sskRsrquPHkBBVCJa22lTaS8Oow9hGQe7BDjEhsVoPol889F0mbTRb3klv mGQ6/B/HA0pGWR9wISY8a7D40/qz6eE6+Yg22mtN1T8FFlNbyVmtBj0R/2HfJYhGBElLPefH jhF0TA==
Message-ID: <dbd3b19e-69c6-160d-4e43-be5a947cd516@riseup.net>
Date: Mon, 18 Mar 2019 23:24:00 +0000
MIME-Version: 1.0
In-Reply-To: <CAHbrMsCJz8s=B9pvvKmXhe+iGUUDPhW067JabyLnXsJNMUJT8w@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="DvmpkZjJ8WCKWvbEUus2Fib71BW2JAAXF"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/DZoSjqA5NDpzlnJkB3XOt13Ncqk>
Subject: Re: [Doh] security goals
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 23:24:29 -0000

Ben Schwartz:
> DoT is currently discovered by probing port 853 on the resolver's IP
> address.  Is this sufficient for your use case?

that is the current status quo with no specification that defines
DoT discovery mechanisms (or is it?). In an I-D I'd include:

- a mechanism that does not force the operator to use the same IP for Do53 and DoT 
(other than just for the initial discovery mechanism)
- allows multiple DoT endpoints for increased redundancy
- allows the Do53 resolver operator to support DoT without running DoT
servers themselves
- running DoT on non-853 ports (i.e. 443)
 
>> What security properties are we aiming for?
>>
>> I'd like to see a protocol that is not vulnerable to man-in-the-middle
>> and downgrade attacks, even if that means that use-cases that can't
>> detect the IP address of the currently used resolver can not be covered.
>>
> 
> An active adversary "in the middle" can fully substitute itself for a Do53
> resolver without alerting the user.  Do you see an achievable defense
> against downgrade attacks, or is this not part of your threat model?

Good point, lets define a threat model first:

Consider an adversary that has the following capabilities:

- can manipulate and read any network traffic from the user (including DHCP)

- the adversary's capabilities are limited to some networks
(i.e. public wifis) but he has no global capabilities

- the attacker can _not_ issue trusted certificates for arbitrary IP addresses
- the adversary has _no_ access to the client system
 
security goals:
if the victim uses DHCP for Do53 discovery:
 - prevent attacks that impact the victim's DoH server URI
beyond the visit in an adversary-controlled network (i.e. public wifis)

if the client is configured to use a static Do53 server (no DHCP for DNS server discovery used):
 - prevent the adversary from feeding the victim with his DoH URI
 - prevent a silent downgrade attack that makes the victim believe
a previously discovered DoH server does no longer speak DoH (to force the victim to plain Do53)

As outlined in [1] I believe these goals are currently not met yet and an adversary can feed a victim
his DoH server URI even beyond the victim's visit in the adversary controlled network.
It would be great if we could improve this (I think we can).

kind regards,
nusenu


[1] https://mailarchive.ietf.org/arch/msg/doh/295yrI72xt0eSnYueiOuqVpSj4s


-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu

v2.23.0 | Report a Bug | By Email