Re: [perpass] DNS Integrity vs DNS confidentiality
"Hosnieh Rafiee" <ietf@rozanak.com> Sun, 29 September 2013 14:26 UTC
Return-Path: <ietf@rozanak.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5B1F21F9F96 for <perpass@ietfa.amsl.com>; Sun, 29 Sep 2013 07:26:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6bXWZSX-69gf for <perpass@ietfa.amsl.com>; Sun, 29 Sep 2013 07:25:59 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) by ietfa.amsl.com (Postfix) with ESMTP id F09A921F9654 for <perpass@ietf.org>; Sun, 29 Sep 2013 07:25:58 -0700 (PDT)
Received: from kopoli (g225037057.adsl.alicedsl.de [92.225.37.57]) by mrelay.perfora.net (node=mrus3) with ESMTP (Nemesis) id 0MePod-1VCrfC3wMx-00POXs; Sun, 29 Sep 2013 10:25:42 -0400
From: Hosnieh Rafiee <ietf@rozanak.com>
To: 'Christian Huitema' <huitema@huitema.net>
Date: Sun, 29 Sep 2013 16:25:35 +0200
Message-ID: <000601cebd1f$c70e1db0$552a5910$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-us
Thread-Index: Ac6861+2FEn/plBtTI2klPMulvUmxQ==
X-Provags-ID: V02:K0:ihz5foLopybIf7TYigN2AJh9R6qSj8TgRHiiDTz5nnC 7+l6V9DmZns6ANUW+ae1v7pN8oMmRxf+L3tu9Dubqn+8YUCE2S HhnIG3bZ5QUbQ2pE0n1xYjIn6TFBnbOX7hXdMD5rPbzOG/gvHd 7juZaL8Jsw+VPHJrd1A5DOQlBK4LLnLrhQpHUfqqaslwiefwnm CKm4J8X7v0wqf3awkv7ZDYmP8wvp4DprP0lOKTQqObvwEFMhS9 VLKnaHGSBAep3/W/B+8FcvSgCbMMpB23FJmUML5eIWvZjw0KQ0 QLR9jZPjIoOtdcNFI1bwWIOUBEGec5LEooO8MnV4iFnUVPkxpf Kf6rK1tpodrSz0Qp/BN0=
Cc: 'perpass' <perpass@ietf.org>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] DNS Integrity vs DNS confidentiality
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Sep 2013 14:26:05 -0000
Hi Christian, Let me first say that I have altered the subject line because, as I explained earlier, our approach does not provide for data confidentiality (one can eavesdrop on the data but one cannot modify and spoof the sender or message content) but does provide for data integrity. If one wants both confidentiality and data integrity then one can use the approach I introduced in the first message I sent. This approach is called CGA-TSIGe (encrypted CGA-TSIG). > > CGA only protect against MITM attacks if the addresses are exchanged > securely. Otherwise, you get the following situation: May I ask you to first read the draft cga-tsig? I guess your assumption is that CGA is valid only in the local link so any other nodes are capable of playing in between, like playing MITM or like Proxy NDP, etc. To answer your concern, I confirm that CGA-TSIG is an application layer protocol, dissimilar to the original CGA, and that the node directly makes use of TCP or UDP to send messages to the DNS server or other nodes. This means that CGA-TSIG options constitute a payload within the TCP message which is signed by the originator. There is thus a binding between the originator IP address and the public key of the signer so this approach works and avoids MITM attacks by providing data integrity. > * A wants to connect with B; > * The evil E convinces A that the address of B is X, a CGA address composed by How does the evil E convince A? This is the question because A already knows the IP address of B and only accepts the messages from B. It will not open any channel with any intermediate nodes as it expects an end to end channel with B whose IP address it knows and the routers in between only route the packets. What I want to tell you here is that we assume that A receives the IP address of B from a resolver that again knows its IP address or obtained it using a secure manner. Your scenario, by the use of cga-tsig, changes to the following: A asks R(resolver) what is the IP address of B. Evil E says that it is X. A checks the signature and proceeds with the CGA verification. It fails. A rejects the answer from E. A receives a response from R. A proceeds using the verification process that is explained in cga-tsig. A accepts R and accepts the message content. R says the IP address is Y. A establishes the connection with B using Y. E fails so E couldn't play the MITM. > E; > * Using CGA, A establishes a secure channel to X; > * Using CGA, E establishes a secure channel from X to B; > > Voila, the connections are properly secured with CGA, yet E is in the middle. I think the data confidentiality doesn't need to use the resolver scenario. Because the resolver responds to anonymous queries it doesn't make sense to decrease the DNS performance the the use of something that is not needed. What I want to explain here is that data confidentiality is good for DNS query updates (zone transfer, FQDN update) in order to avoid leaking zone information. Hosnieh
- Re: [perpass] DNS Integrity vs DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS Integrity vs DNS confidentiality Christian Huitema
- Re: [perpass] DNS Integrity vs DNS confidentiality Stephen Farrell