Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt

"Christian Huitema" <huitema@huitema.net> Tue, 01 September 2015 13:58 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 257E51B57F4 for <secdir@ietfa.amsl.com>; Tue, 1 Sep 2015 06:58:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_75=0.6, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EDFujUNNsR8n for <secdir@ietfa.amsl.com>; Tue, 1 Sep 2015 06:58:45 -0700 (PDT)
Received: from xsmtp06.mail2web.com (xsmtp26.mail2web.com [168.144.250.193]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45A751B31F2 for <secdir@ietf.org>; Tue, 1 Sep 2015 06:58:45 -0700 (PDT)
Received: from [10.5.2.35] (helo=xmail10.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1ZWm5A-0003SQ-GJ for secdir@ietf.org; Tue, 01 Sep 2015 09:58:44 -0400
Received: (qmail 18284 invoked from network); 1 Sep 2015 13:58:39 -0000
Received: from unknown (HELO huitema1) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail10.myhosting.com (qmail-ldap-1.03) with ESMTPA for <alecm@fb.com>; 1 Sep 2015 13:58:38 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: "'Kathleen Moriarty'" <kathleen.moriarty.ietf@gmail.com>, "'Stephen Farrell'" <stephen.farrell@cs.tcd.ie>
References: <007601d0c2c3$7615b610$62412230$@huitema.net> <CAHbuEH7RSdDmJK3i0e0W+kW0TSsbCNqQx7S+ZKp1Zx+7-uRjhw@mail.gmail.com> <841F8AF6-D800-4232-A900-7FB3872DE1D7@fb.com> <CAHbuEH66yK9JqnnK4UnoC1wtkL1d6S-JeL5twx6izM9o-R_BNg@mail.gmail.com> <CALaySJLD7WQG_2Zj2bU1_1TvTOVtVnw+YdirupFX5eAYu4CVOA@mail.gmail.com> <E178C22F-11F1-4FD7-89CC-5B2F8D1F3C44@mnot.net> <55E22119.9080106@bogus.com> <E8D38479-5B77-4D60-9D19-5F697A2DFC89@mnot.net> <55E414D7.3070600@cs.tcd.ie> <371BFDC3-19C6-4B5F-AA49-525DBA26EA67@mnot.net> <55E570E6.4090603@cs.tcd.ie> <05AC4751-6317-4EB6-BFF7-1C822B8D44BB@gmail.com>
In-Reply-To: <05AC4751-6317-4EB6-BFF7-1C822B8D44BB@gmail.com>
Date: Tue, 1 Sep 2015 06:58:42 -0700
Message-ID: <00be01d0e4be$50fcac40$f2f604c0$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQI50R8PuDN5FgYzzyJG3m5SgMEMYAJVzMtaAgL9VGEBO6r6yQGDmJGEAalbUnsCAexJawG5pZLqAhMpnEQCU8+F4QJR/RDBAqv/AJ2cpshQIA==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/5IPlbzUc9Nqk-C839WtAcbnwQHU>
Cc: 'secdir' <secdir@ietf.org>, 'Alec Muffett' <alecm@fb.com>, 'joel jaeggli' <joelja@bogus.com>, 'Mark Nottingham' <mnot@mnot.net>, draft-ietf-dnsop-onion-tld.all@tools.ietf.org, 'Brad Hill' <hillbrad@fb.com>, 'The IESG' <iesg@ietf.org>, 'Barry Leiba' <barryleiba@computer.org>
Subject: Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 13:58:46 -0000

On Tuesday, September 1, 2015 4:37 AM, Kathleen Moriarty wrote:
> 
> I still have the outstanding question on security properties that may be buried
> in this thread.

The question was, how could malicious DNS agents trick TOR clients into disclosing their presence. The recent exchange with Mark was about such agents passively listening for clients' mistakes. Is there a way to actively trigger such mistakes?

Such attacks would require actively sending information to clients, such as "if you have a request for example.onion, send it to me." The way to do that in the DNS is through NS records. Malicious agents could send an NS record for ".onion" as additional record in a response, asking resolvers to send them such traffic. This might trick legacy clients. Maybe.

-- Christian Huitema