Re: [perpass] DNS confidentiality
"Hosnieh Rafiee" <ietf@rozanak.com> Fri, 27 September 2013 19:22 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C489E21F9F99 for <perpass@ietfa.amsl.com>; Fri, 27 Sep 2013 12:22:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MgZ6kt5GmlGI for <perpass@ietfa.amsl.com>; Fri, 27 Sep 2013 12:22:17 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id 49D4A21F9F86 for <perpass@ietf.org>; Fri, 27 Sep 2013 12:22:10 -0700 (PDT)
Received: from kopoli (g225191041.adsl.alicedsl.de [92.225.191.41]) by mrelay.perfora.net (node=mrus1) with ESMTP (Nemesis) id 0LnQ7a-1W4ivF3Jl8-00hupW; Fri, 27 Sep 2013 15:22:00 -0400
From: Hosnieh Rafiee <ietf@rozanak.com>
To: 'Karl Malbrain' <malbrain@yahoo.com>
References: <524150C7.2020602@cs.tcd.ie> <1380054665.62304.YahooMailNeo@web125505.mail.ne1.yahoo.com> <006a01ceb96a$335c1df0$9a1459d0$@rozanak.com> <1380137874.48631.YahooMailNeo@web125502.mail.ne1.yahoo.com> <005901ceba2a$f854c1a0$e8fe44e0$@rozanak.com> <1380218914.85280.YahooMailNeo@web125502.mail.ne1.yahoo.com> <003901cebba5$b2762c10$17628430$@rozanak.com> <1380307285.91976.YahooMailNeo@web125501.mail.ne1.yahoo.com>
In-Reply-To: <1380307285.91976.YahooMailNeo@web125501.mail.ne1.yahoo.com>
Date: Fri, 27 Sep 2013 21:21:50 +0200
Message-ID: <001b01cebbb6$d5565550$8002fff0$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJOGj5UkWbfuDhxpmMKtaAoIXGv7QHKq7oDAZ0lsZ0CNxrNyAK3hHhTAo3vF0wCd4OykQJLJu5nmF319iA=
Content-Language: en-us
X-Provags-ID: V02:K0:HB6wNrk2Ey3COTr6PZ8eZ40T09vkzhJhzPf9YjXl1GD n8Q0VcpNL/a5600i4O5rHso+J3XhDjsZwyNJvMIEDTDrrl4n9R f+grHCK05reDc4rPCnK2nwvsPOhpXIvhX5JCSMUrdkNYi++qvz oOOtcqj3XIIBdDarZ6fzpvvLkkTQF92UqBKQmobx7XmrR41jmV pGnDnjPVQgpseyjbLbe6qS5s5tCOJ1Uv1saQqsviAPAGGDvNFT 0He2bhVjOPFDUK8l7SSAPv8coYEgxP9nNdMyPqChXK/PkIH2ZS P3CRvzFdgN0EWAG5/KdapQkSUskR5qRyHSkM+Y9JtLbopArQVi Ax5f6KVVvCwWDTdbKYJ4=
Cc: 'perpass' <perpass@ietf.org>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] DNS confidentiality
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2013 19:22:25 -0000
>1. Passive surveillence of traffic going to DNS resolvers yielding meta-data. Again not possible, at least not in IPv6 if your resolvers and recursive resolvers are using cga-tsig. The signature and the CGA/SSAS algorithm prevent it. >2. MITM who inserts himself between a particular DNS client and a particular DNS resolver, and provids false addresses and certificates for use in MITM attacks. Again this is not possible if you are using cga-tsig. > 3. A larger adversary who installs his own DNS resolver for a given geographic area by controlling the traffic at the router level into and out of that area to redirect DNS traffic to his DNS resolver, and then inserts MITM attacks on any connection out of the area he desires by supplying bogus addresses and/or server certificates. If you are using SeND with SSAS or centralized RPKI you can retrieve and verify your router in a local link. RA can include the (http://tools.ietf.org/html/rfc6106) DNS server options. This means that you receive a signed message from a router that was previously authorized via the centralized local RPK1. I am not sure whether or not DHCPv6 also includes security approaches that can be used for authentication. I believe that there was a draft about secure authentication using CGA in DHCPv6 as well. You can also us a scenario, like SSL, to verify your router certificate where the client has already configured the list of CAs. >The client is trying to retrieve the IP address and public key for an arbitrary server from the DNS resolver. This is subject to MITM attack. I guess that you did not quite understand the reasoning behind CGA and that is why you are asking a question about an issue that I have already explained. Your client retrieves this IP address from the RA message that is generated by the use of SeND with the DNS RA option (. Since this RA message is already signed and we assume that this client has already verified this router (centralized local RPKI that is explained in SSAS or other RPKI approaches) the attacker has no way of spoofing this message as it cannot spoof the content (due to the signature) and it cannot spoof the public key due to the binding between the public key and the source IP address >How does this prevent MITM from inserting himself between the client and the resolver on the first connection to the resolver? Your node already knows the IP address of your resolver. > This is actually a capability of CGA (RFC 3972) or SSAS >(http://tools.ietf.org/html/draft-rafiee-6man-ssas ), which also provides >for the proof of address ownership. So, the client stores the public key of >the resolver in its cache. It will subsequently not accept any messages from >attackers. > What if the public key being stored belongs to MITM and not the resolver? All client traffic is going to MITM. As I explained, you retrieve the IP address of your DNS server using a safe means after having authorized your router in the local link. Now if your MITM node is somewhere in the other network and tries to intercept the connection between your node and the resolver, since you node already knows the IP address of the resolver, it will reject the connection because the CGA/SSAS verification process fails. >Whom does the client "ask for the public key of the DNS server" from? This is the step that is subject to MITM attack. I guess I have already responded this. Hosnieh
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Andy Wilson
- [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Paul Wouters
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Ben Laurie
- Re: [perpass] DNS confidentiality Mark Handley
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Joseph Lorenzo Hall
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Paul Wouters
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality manning bill
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Christian Huitema
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Ted Hardie
- Re: [perpass] DNS confidentiality Martin Thomson
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Ted Lemon
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Yoav Nir
- Re: [perpass] DNS confidentiality Christian Huitema
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Ondřej Surý
- Re: [perpass] DNS confidentiality Michael Richardson
- Re: [perpass] DNS confidentiality Ted Lemon
- Re: [perpass] DNS confidentiality Dan York
- Re: [perpass] DNS confidentiality Ted Hardie
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephen Farrell