Re: [openpgp] [dane] The DANE draft

"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 05 August 2015 15:56 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D39D1A07BD; Wed, 5 Aug 2015 08:56:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vewqDLmK45ga; Wed, 5 Aug 2015 08:56:14 -0700 (PDT)
Received: from hoffman.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C6E11B30CA; Wed, 5 Aug 2015 08:56:09 -0700 (PDT)
Received: from [10.32.60.120] (142-254-17-100.dsl.dynamic.fusionbroadband.com [142.254.17.100]) (authenticated bits=0) by hoffman.proper.com (8.15.1/8.14.9) with ESMTPSA id t75Fu0KI073394 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 5 Aug 2015 08:56:03 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 142-254-17-100.dsl.dynamic.fusionbroadband.com [142.254.17.100] claimed to be [10.32.60.120]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Wed, 05 Aug 2015 08:55:58 -0700
Message-ID: <DB1E53C6-11DF-4194-852D-776B670E2409@vpnc.org>
In-Reply-To: <55C22AD4.5010709@cs.tcd.ie>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <87bnem2xjq.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1508050331340.1451@bofh.nohats.ca> <55C1F35A.5070904@cs.tcd.ie> <B7419740-25C9-4F8D-85AE-FC6E11BCC038@vpnc.org> <55C22AD4.5010709@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.1r5084)
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/3pZxtSI5zksKujNrjagU24vR1bQ>
X-Mailman-Approved-At: Wed, 05 Aug 2015 10:43:13 -0700
Cc: Paul Wouters <paul@nohats.ca>, dane WG list <dane@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] [dane] The DANE draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2015 15:56:15 -0000

On 5 Aug 2015, at 8:25, Stephen Farrell wrote:

> On 05/08/15 16:12, Paul Hoffman wrote:
>> Wearing my author hat: I don't care between b32 and hashing. Both are
>> equally easy to document. However:
>>
>> On 5 Aug 2015, at 4:28, Stephen Farrell wrote:
>>
>>> So sorry to continue an argument but shouldn't this experiment be
>>> a more conservative about privacy just in case it ends up wildly
>>> successful?
>>
>> How is using the hash more conservative about privacy, except in 
>> zones
>> that are signed with NSEC instead of the more common NSEC3? If you
>> assume zones signed with NSEC3, both options are equally susceptible 
>> to
>> dictionary-based guessing attacks, given that the effort to create
>> search dictionaries for the billion of common LHS names is pretty low
>> even for hashes.
>
> Tempora. That on-path attacker has a far easier time reversing the
> b32 than anything based on the hash. Even with DPRIVE, we don't know
> how to handle the recursive to authoritative part.

Thanks, I was only thinking of off-path attackers.

I agree that, if we are concerned with on-path watchers, hashes would 
preserve much more privacy than Base32 encodings.

--Paul Hoffman