Re: [openpgp] [dane] The DANE draft

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 05 August 2015 15:25 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62B481A00E0; Wed, 5 Aug 2015 08:25:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OVo4AgLdUA11; Wed, 5 Aug 2015 08:25:13 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 974BD1B2A28; Wed, 5 Aug 2015 08:25:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CADE9BE88; Wed, 5 Aug 2015 16:25:08 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vh6GFjukIvpH; Wed, 5 Aug 2015 16:25:08 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 9FFDCBE55; Wed, 5 Aug 2015 16:25:08 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1438788308; bh=G52SpfXnuuM9Qv9Myg5CU3LY2Y63olLshp+tGLF7oTY=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=MH4SaHgyeU3S4VXoCgxCUSZSZRB4D5ryFGcAabaHoV0qB5msPXjElCzp5llZxikDA iNwVe+U8/nOVyP6zWE9JeO5Vdb8K72FQ2KUeaWmPRhIULMXKg8nYgwtOG0Qv8AP6oM S5i7AyxrtyaAVMTmU4AnAFwzQm2Zb9UvDo7/lXkE=
Message-ID: <55C22AD4.5010709@cs.tcd.ie>
Date: Wed, 05 Aug 2015 16:25:08 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <CAMm+LwhYdBLXM8Td8q8SCnzgwywRgMx3wNKeS_Q0JSN4Lh7rZQ@mail.gmail.com> <87bnf1hair.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1507250832510.854@bofh.nohats.ca> <87bnem2xjq.fsf@alice.fifthhorseman.net> <alpine.LFD.2.11.1508050331340.1451@bofh.nohats.ca> <55C1F35A.5070904@cs.tcd.ie> <B7419740-25C9-4F8D-85AE-FC6E11BCC038@vpnc.org>
In-Reply-To: <B7419740-25C9-4F8D-85AE-FC6E11BCC038@vpnc.org>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/UCN25q-S38NaUNyovt0K-jRwwK8>
Cc: Paul Wouters <paul@nohats.ca>, dane WG list <dane@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] [dane] The DANE draft
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2015 15:25:18 -0000


On 05/08/15 16:12, Paul Hoffman wrote:
> Wearing my author hat: I don't care between b32 and hashing. Both are
> equally easy to document. However:
> 
> On 5 Aug 2015, at 4:28, Stephen Farrell wrote:
> 
>> So sorry to continue an argument but shouldn't this experiment be
>> a more conservative about privacy just in case it ends up wildly
>> successful?
> 
> How is using the hash more conservative about privacy, except in zones
> that are signed with NSEC instead of the more common NSEC3? If you
> assume zones signed with NSEC3, both options are equally susceptible to
> dictionary-based guessing attacks, given that the effort to create
> search dictionaries for the billion of common LHS names is pretty low
> even for hashes.

Tempora. That on-path attacker has a far easier time reversing the
b32 than anything based on the hash. Even with DPRIVE, we don't know
how to handle the recursive to authoritative part.

So a "putative other protocol that copies this" could well do a great
job on hiding identifiers only to be caught out by following this b32
convention.

I do accept that hashing doesn't make much difference for PGP or SMIME
since the DNS answer in the success case almost certainly gives the
game away, but I don't think that has to be true in general.

The failure case may also be of interest though, with hashing, that DNS
answer doesn't immediately tell the attacker to whom I'd like to send
email. And I guess if some MUA adopts this there'll be quite a few
negative answers for quite some time, so there's a privacy difference
there I think. (Not sure if that was raised before - apologies if so.)

S.


> 
> --Paul Hoffman
> 
>