IETF Logo Mail Archive

Re: [perpass] DNS confidentiality

"Hosnieh Rafiee" <ietf@rozanak.com> Sat, 28 September 2013 15:53 UTC

Return-Path: <ietf@rozanak.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC22221F9F8E for <perpass@ietfa.amsl.com>; Sat, 28 Sep 2013 08:53:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6W+DOPPqMZBA for <perpass@ietfa.amsl.com>; Sat, 28 Sep 2013 08:53:36 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id DB92621E80E4 for <perpass@ietf.org>; Sat, 28 Sep 2013 08:53:35 -0700 (PDT)
Received: from kopoli (g231251251.adsl.alicedsl.de [92.231.251.251]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0MhR5W-1VC6uF3ITS-00MAoM; Sat, 28 Sep 2013 11:53:28 -0400
From: Hosnieh Rafiee <ietf@rozanak.com>
To: 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
References: <524150C7.2020602@cs.tcd.ie> <1380054665.62304.YahooMailNeo@web125505.mail.ne1.yahoo.com> <006a01ceb96a$335c1df0$9a1459d0$@rozanak.com> <1380137874.48631.YahooMailNeo@web125502.mail.ne1.yahoo.com> <005901ceba2a$f854c1a0$e8fe44e0$@rozanak.com> <1380218914.85280.YahooMailNeo@web125502.mail.ne1.yahoo.com> <003901cebba5$b2762c10$17628430$@rozanak.com> <1380307285.91976.YahooMailNeo@web125501.mail.ne1.yahoo.com> <001b01cebbb6$d5565550$8002fff0$@rozanak.com> <C25E0D41-CDCB-4E53-8661-53E5F0E2B47E@isi.edu> <1380382072.12590.YahooMailNeo@web125504.mail.ne1.yahoo.com> <5246F653.2040300@cs.tcd.ie>
In-Reply-To: <5246F653.2040300@cs.tcd.ie>
Date: Sat, 28 Sep 2013 17:53:19 +0200
Message-ID: <002101cebc62$dda15dc0$98e41940$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJOGj5UkWbfuDhxpmMKtaAoIXGv7QHKq7oDAZ0lsZ0CNxrNyAK3hHhTAo3vF0wCd4OykQJLJu5nARfcMlYBQCaxogJirkqZAWoTwMuYLi7QUA==
Content-Language: en-us
X-Provags-ID: V02:K0:49lTA9zB09dyporWZuANFf0fYzc/TTjwNB7fU7KAPCU GjWQfEPcYJXnjv3Vz3p1XfAlVPW+Zm+FW7IBD2KhWwL3jb0Hyn lZPM+z2VicPDSFb9BM0foLBOS71COPiAgeRmCrXTpv952T2WvN JsrWZq/oDQoGpUQ0us0jOGoNd31Cxt3uQqd3qQe8K30UHlEB0/ xPAMzsmKLW4wKzF54eOdWakdzEwtUpbdutVyYvkKxxRhYNrOZC Ymrv+dv1u4ztP+4iiaG36g8EhLjp29b2zL5roKNqMqX2EjSV6Y Cb7bs+lTHdIlXyu/ofH+dD2N4AYp3HFU+8lvuH/B4Tuljs3ZcX 8KXvJWlzjacF0pq8GGvk=
Cc: 'perpass' <perpass@ietf.org>
Subject: Re: [perpass] DNS confidentiality
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Sep 2013 15:53:41 -0000

Confidentiality is not possible unless all the queries are encrypted. Using
asymmetric cryptography for a small message is possible, but for a zone
transfer it will have an effect on the DNS performance. So one needs to use
symmetric approaches. (something like what was done in the paper that I sent
the link to in my last message)
Using one way hashing as DNSSEC does with NSEC3 does not completely provide
the zone file with data confidentiality. We tested this procedure and it was
possible to retrieve thousands of records within 2 hours using a standard
computer. The dictionary attack and brute force attack are also possible
which leads to zone walking.

Hosnieh

v2.23.0 | Report a Bug | By Email