Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt
"Christian Huitema" <huitema@huitema.net> Tue, 01 September 2015 17:25 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9801A1B4A2D for <secdir@ietfa.amsl.com>; Tue, 1 Sep 2015 10:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_75=0.6, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQ-_SY12OtpV for <secdir@ietfa.amsl.com>; Tue, 1 Sep 2015 10:25:31 -0700 (PDT)
Received: from xsmtp05.mail2web.com (xsmtp05.mail2web.com [168.144.250.245]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0B671B5679 for <secdir@ietf.org>; Tue, 1 Sep 2015 10:25:07 -0700 (PDT)
Received: from [10.5.2.11] (helo=xmail01.myhosting.com) by xsmtp05.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1ZWpIv-0005hj-KL for secdir@ietf.org; Tue, 01 Sep 2015 13:25:06 -0400
Received: (qmail 17575 invoked from network); 1 Sep 2015 17:25:04 -0000
Received: from unknown (HELO huitema1) (Authenticated-user:_huitema@huitema.net@[131.107.192.88]) (envelope-sender <huitema@huitema.net>) by xmail01.myhosting.com (qmail-ldap-1.03) with ESMTPA for <alecm@fb.com>; 1 Sep 2015 17:25:03 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Kathleen Moriarty' <kathleen.moriarty.ietf@gmail.com>, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
References: <007601d0c2c3$7615b610$62412230$@huitema.net> <CAHbuEH7RSdDmJK3i0e0W+kW0TSsbCNqQx7S+ZKp1Zx+7-uRjhw@mail.gmail.com> <841F8AF6-D800-4232-A900-7FB3872DE1D7@fb.com> <CAHbuEH66yK9JqnnK4UnoC1wtkL1d6S-JeL5twx6izM9o-R_BNg@mail.gmail.com> <CALaySJLD7WQG_2Zj2bU1_1TvTOVtVnw+YdirupFX5eAYu4CVOA@mail.gmail.com> <E178C22F-11F1-4FD7-89CC-5B2F8D1F3C44@mnot.net> <55E22119.9080106@bogus.com> <E8D38479-5B77-4D60-9D19-5F697A2DFC89@mnot.net> <55E414D7.3070600@cs.tcd.ie> <371BFDC3-19C6-4B5F-AA49-525DBA26EA67@mnot.net> <55E570E6.4090603@cs.tcd.ie> <05AC4751-6317-4EB6-BFF7-1C822B8D44BB@gmail.com> <00be01d0e4be$50fcac40$f2f604c0$@huitema.net>
In-Reply-To: <00be01d0e4be$50fcac40$f2f604c0$@huitema.net>
Date: Tue, 01 Sep 2015 10:25:07 -0700
Message-ID: <00f601d0e4db$26c4b220$744e1660$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQI50R8PuDN5FgYzzyJG3m5SgMEMYAJVzMtaAgL9VGEBO6r6yQGDmJGEAalbUnsCAexJawG5pZLqAhMpnEQCU8+F4QJR/RDBAqv/AJ0CWLLcdJyUOwNw
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/5IDd5oM-Ekps9y7eUusO_yX3zd8>
Cc: 'secdir' <secdir@ietf.org>, 'Alec Muffett' <alecm@fb.com>, 'joel jaeggli' <joelja@bogus.com>, 'Mark Nottingham' <mnot@mnot.net>, draft-ietf-dnsop-onion-tld.all@tools.ietf.org, 'Brad Hill' <hillbrad@fb.com>, 'The IESG' <iesg@ietf.org>, 'Barry Leiba' <barryleiba@computer.org>
Subject: Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 17:25:32 -0000
On Tuesday, September 1, 2015 6:59 AM, Christian Huitema wrote: > > On Tuesday, September 1, 2015 4:37 AM, Kathleen Moriarty wrote: > > > > I still have the outstanding question on security properties that may be > buried > > in this thread. > > The question was, how could malicious DNS agents trick TOR clients into > disclosing their presence. The recent exchange with Mark was about such > agents passively listening for clients' mistakes. Is there a way to actively > trigger such mistakes? > > Such attacks would require actively sending information to clients, such as "if > you have a request for example.onion, send it to me." The way to do that in > the DNS is through NS records. Malicious agents could send an NS record for > ".onion" as additional record in a response, asking resolvers to send them such > traffic. This might trick legacy clients. Maybe. Thinking about this a bit more -- this is the general problem of cache poisoning. The additional section could also include A or AAAA records for .onion domains. This could fool a caching resolver -- receive a request for a name, check first if there is an exact match in the cache, and only attempt to forward the request if there is no hit in the cache. The checks in the draft are only considering request forwarding, not cache operation. What about adding this text to cover the malicious server attack -- coming after the paragraph on leaks by the legacy clients: >>> Malicious DNS agents could insert records for ".onion" names in the additional section of DNS responses, with the intent of poisoning the cache of DNS resolvers. These resolvers could then be tricked into serving the record from their cache, bypassing the checks described in section 2. To mitigate such attacks, it is important that caching resolvers prevent the insertion in their caches of records for ".onion" names. <<< You may actually want to add part of that text in section 2. -- Christian Huitema
- [secdir] Security review of draft-ietf-dnsop-onio… Christian Huitema
- Re: [secdir] Security review of draft-ietf-dnsop-… Kathleen Moriarty
- Re: [secdir] Security review of draft-ietf-dnsop-… Alec Muffett
- Re: [secdir] Security review of draft-ietf-dnsop-… Kathleen Moriarty
- Re: [secdir] Security review of draft-ietf-dnsop-… Barry Leiba
- Re: [secdir] Security review of draft-ietf-dnsop-… Alec Muffett
- Re: [secdir] Security review of draft-ietf-dnsop-… Mark Nottingham
- Re: [secdir] Security review of draft-ietf-dnsop-… Kathleen Moriarty
- Re: [secdir] Security review of draft-ietf-dnsop-… Barry Leiba
- Re: [secdir] Security review of draft-ietf-dnsop-… joel jaeggli
- Re: [secdir] Security review of draft-ietf-dnsop-… Kathleen Moriarty
- Re: [secdir] Security review of draft-ietf-dnsop-… Mark Nottingham
- Re: [secdir] Security review of draft-ietf-dnsop-… Stephen Farrell
- Re: [secdir] Security review of draft-ietf-dnsop-… Christian Huitema
- Re: [secdir] Security review of draft-ietf-dnsop-… Mark Nottingham
- Re: [secdir] Security review of draft-ietf-dnsop-… Christian Huitema
- Re: [secdir] Security review of draft-ietf-dnsop-… Mark Nottingham
- Re: [secdir] Security review of draft-ietf-dnsop-… Mark Nottingham
- Re: [secdir] Security review of draft-ietf-dnsop-… Stephen Farrell
- Re: [secdir] Security review of draft-ietf-dnsop-… Kathleen Moriarty
- Re: [secdir] Security review of draft-ietf-dnsop-… Christian Huitema
- Re: [secdir] Security review of draft-ietf-dnsop-… Kathleen Moriarty
- Re: [secdir] Security review of draft-ietf-dnsop-… Christian Huitema
- Re: [secdir] Security review of draft-ietf-dnsop-… Mark Nottingham
- Re: [secdir] Security review of draft-ietf-dnsop-… Mark Nottingham
- Re: [secdir] Security review of draft-ietf-dnsop-… Alec Muffett
- Re: [secdir] Security review of draft-ietf-dnsop-… Alec Muffett
- Re: [secdir] Security review of draft-ietf-dnsop-… Alec Muffett
- Re: [secdir] Security review of draft-ietf-dnsop-… Alvaro Retana (aretana)
- Re: [secdir] Security review of draft-ietf-dnsop-… Alec Muffett
- Re: [secdir] Security review of draft-ietf-dnsop-… Kathleen Moriarty