A different way to look at the problem
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 19 February 2015 15:24 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C2EF1A90D1 for <ietf@ietfa.amsl.com>; Thu, 19 Feb 2015 07:24:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lp6ksAaE32hc for <ietf@ietfa.amsl.com>; Thu, 19 Feb 2015 07:24:24 -0800 (PST)
Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B7FD1A90ED for <ietf@ietf.org>; Thu, 19 Feb 2015 07:20:24 -0800 (PST)
Received: by lbvp9 with SMTP id p9so468726lbv.0 for <ietf@ietf.org>; Thu, 19 Feb 2015 07:20:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=Jj/lk/Euwq5RhSkven/4aiX4UCNmg9Ze3/wu1yINg6Q=; b=u/rfX9ACD3+uZYv2Eu4ouQ3Xv/vXh1m0PgHziHLXkBdmteGI24S72iVo5EyzRySR8e IThnYujOf+LAUfwdL9lbkkB0XMKhbqOOpIZzuXvUOwIVflXa5L8owBNsOHkRPtDYWFf0 ClC+OyPjIzlPVOLNz615zQlDWx3ojI+Q28lsKYSepNBgulF1lQUVQPdgwnWUeiL26DzM nUpPFP0gdOWXsEi0ORxY8nJ7vJafecPjYNVGNDBAq+5Z5K4K5BXNTKGoYs9a24p+aoZq afroAuaM5dsSgKldf3DnXbVsfQM4sSGde8HRBE79OIBXW0DMI09aOzo8OwZ+INX2xDi1 xiDA==
MIME-Version: 1.0
X-Received: by 10.152.4.136 with SMTP id k8mr4306954lak.103.1424359222717; Thu, 19 Feb 2015 07:20:22 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.113.3.165 with HTTP; Thu, 19 Feb 2015 07:20:22 -0800 (PST)
Date: Thu, 19 Feb 2015 10:20:22 -0500
X-Google-Sender-Auth: swYmkoO9rm6SO0ySlfQJeXjJkeg
Message-ID: <CAMm+LwgxnY-3aVr=xP8YfGh8pe+ujphB2F1Up=uHQH_X8E9Z=w@mail.gmail.com>
Subject: A different way to look at the problem
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="089e013d119a80b3c8050f7279ee"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/NDer4fw2-ULG2Ys_HanouFAOmPU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2015 15:24:26 -0000
DNS privacy requires us to make two changes to the DNS protocol. 1) The resolver is acknowledged as being a trusted service 2) Some form of crypto is added between the transport and application layer in the client-resolver protocol. So far we seem to have focused on the second issue. But that is the easy one. There is really nothing at all special or interesting in the way TLS or DTLS or my proposal add crypto to packets. That part of the spec can be implemented in an afternoon. The hard part is the consequences of the first issue. Whether or not we want to trust the resolver to give us the right data (integrity), privacy demands that we trust the resolver not to disclose the data (confidentiality). Question: Is anyone proposing that we can achieve DNS privacy while maintaining the current practice of the client defaulting to the DNS server advertised in DHCP? I don't think that is the case. But I thought best to check. Once we decide that the client is going to have a persistent relationship with a specific DNS service we face the problem of how to establish and secure that relationship. The main difference between my proposal and the VeriSign/USC proposal is how we go about achieving that. We are both proposing to use TLS as a basis for this interaction. The difference being that I am proposing to use the TLS infrastructure and PKI path math once to establish a long term credential and the VeriSign proposal is to use TLS on each client-resolver interaction. Now before making a choice between one approach or the other, I strongly recommend people look at what is being proposed in ACME. While this looks like a completely different problem (PKI credential provisioning versus service discovery), it actually isn't. In both cases we have a hard problem and an easy problem. The easy part being the bit that is different and the hard part being how to establish and maintain the binding between the client and a trusted service. I think that if we could factor that part out and make it a reusable component, we would be doing the IETF a big favor. The reason I don't want to use TLS for this is that neither TLS not PKIX is a good tool for this particular job. PKIX
- A different way to look at the problem Phillip Hallam-Baker
- Re: A different way to look at the problem Phillip Hallam-Baker
- Re: A different way to look at the problem Ted Hardie