Re: [perpass] DNS confidentiality
"Hosnieh Rafiee" <ietf@rozanak.com> Sat, 28 September 2013 15:53 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC22221F9F8E for <perpass@ietfa.amsl.com>; Sat, 28 Sep 2013 08:53:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6W+DOPPqMZBA for <perpass@ietfa.amsl.com>; Sat, 28 Sep 2013 08:53:36 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id DB92621E80E4 for <perpass@ietf.org>; Sat, 28 Sep 2013 08:53:35 -0700 (PDT)
Received: from kopoli (g231251251.adsl.alicedsl.de [92.231.251.251]) by mrelay.perfora.net (node=mrus4) with ESMTP (Nemesis) id 0MhR5W-1VC6uF3ITS-00MAoM; Sat, 28 Sep 2013 11:53:28 -0400
From: Hosnieh Rafiee <ietf@rozanak.com>
To: 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
References: <524150C7.2020602@cs.tcd.ie> <1380054665.62304.YahooMailNeo@web125505.mail.ne1.yahoo.com> <006a01ceb96a$335c1df0$9a1459d0$@rozanak.com> <1380137874.48631.YahooMailNeo@web125502.mail.ne1.yahoo.com> <005901ceba2a$f854c1a0$e8fe44e0$@rozanak.com> <1380218914.85280.YahooMailNeo@web125502.mail.ne1.yahoo.com> <003901cebba5$b2762c10$17628430$@rozanak.com> <1380307285.91976.YahooMailNeo@web125501.mail.ne1.yahoo.com> <001b01cebbb6$d5565550$8002fff0$@rozanak.com> <C25E0D41-CDCB-4E53-8661-53E5F0E2B47E@isi.edu> <1380382072.12590.YahooMailNeo@web125504.mail.ne1.yahoo.com> <5246F653.2040300@cs.tcd.ie>
In-Reply-To: <5246F653.2040300@cs.tcd.ie>
Date: Sat, 28 Sep 2013 17:53:19 +0200
Message-ID: <002101cebc62$dda15dc0$98e41940$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJOGj5UkWbfuDhxpmMKtaAoIXGv7QHKq7oDAZ0lsZ0CNxrNyAK3hHhTAo3vF0wCd4OykQJLJu5nARfcMlYBQCaxogJirkqZAWoTwMuYLi7QUA==
Content-Language: en-us
X-Provags-ID: V02:K0:49lTA9zB09dyporWZuANFf0fYzc/TTjwNB7fU7KAPCU GjWQfEPcYJXnjv3Vz3p1XfAlVPW+Zm+FW7IBD2KhWwL3jb0Hyn lZPM+z2VicPDSFb9BM0foLBOS71COPiAgeRmCrXTpv952T2WvN JsrWZq/oDQoGpUQ0us0jOGoNd31Cxt3uQqd3qQe8K30UHlEB0/ xPAMzsmKLW4wKzF54eOdWakdzEwtUpbdutVyYvkKxxRhYNrOZC Ymrv+dv1u4ztP+4iiaG36g8EhLjp29b2zL5roKNqMqX2EjSV6Y Cb7bs+lTHdIlXyu/ofH+dD2N4AYp3HFU+8lvuH/B4Tuljs3ZcX 8KXvJWlzjacF0pq8GGvk=
Cc: 'perpass' <perpass@ietf.org>
Subject: Re: [perpass] DNS confidentiality
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Sep 2013 15:53:41 -0000
Confidentiality is not possible unless all the queries are encrypted. Using asymmetric cryptography for a small message is possible, but for a zone transfer it will have an effect on the DNS performance. So one needs to use symmetric approaches. (something like what was done in the paper that I sent the link to in my last message) Using one way hashing as DNSSEC does with NSEC3 does not completely provide the zone file with data confidentiality. We tested this procedure and it was possible to retrieve thousands of records within 2 hours using a standard computer. The dictionary attack and brute force attack are also possible which leads to zone walking. Hosnieh
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Andy Wilson
- [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Paul Wouters
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Ben Laurie
- Re: [perpass] DNS confidentiality Mark Handley
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Joseph Lorenzo Hall
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Paul Wouters
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality manning bill
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Christian Huitema
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Ted Hardie
- Re: [perpass] DNS confidentiality Martin Thomson
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Ted Lemon
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Yoav Nir
- Re: [perpass] DNS confidentiality Christian Huitema
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Ondřej Surý
- Re: [perpass] DNS confidentiality Michael Richardson
- Re: [perpass] DNS confidentiality Ted Lemon
- Re: [perpass] DNS confidentiality Dan York
- Re: [perpass] DNS confidentiality Ted Hardie
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephen Farrell