[secdir] secdir reveiw of draft-ietf-dnssd-hybrid

Dan Harkins <dharkins@lounge.org> Thu, 12 October 2017 22:51 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15F03132D96; Thu, 12 Oct 2017 15:51:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2QQ-2qhIay_i; Thu, 12 Oct 2017 15:51:44 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 09CE3133071; Thu, 12 Oct 2017 15:51:41 -0700 (PDT)
Received: from thinny.local (unknown [216.38.134.66]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by colo.trepanning.net (Postfix) with ESMTPSA id 81E7F10224052; Thu, 12 Oct 2017 15:51:40 -0700 (PDT)
To: "iesg@ietf.org" <iesg@ietf.org>, secdir@ietf.org, draft-ietf-dnssd-hybrid.all@ietf.org
From: Dan Harkins <dharkins@lounge.org>
Message-ID: <58f723a1-b6df-3f6d-8337-9fd7ebfdb7e7@lounge.org>
Date: Thu, 12 Oct 2017 15:51:39 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------3CBA112BAE5E71A9E96CAC24"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/LUereu5JMsOJrfbIT0TFMBdmRlw>
Subject: [secdir] secdir reveiw of draft-ietf-dnssd-hybrid
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2017 22:51:46 -0000

   Greetings,

   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

   This draft describes a new type of proxy that uses multicast DNS
to discover multicast DNS records on local links and then makes
corresponding DNS records visible in the unicast DNS namespace.

   This is a very well written draft and is easy to read and understand.
I believe it is "Ready with nit". My nit is this:

   I understand that there is a general problem with restricting certain
DNS records but this draft seems to exacerbate that problem. The draft's
privacy considerations do discuss the case where a "Multicast Service
Discovery Proxy" makes records for transient devices from the local link
available to, theoretically, the global public DNS database and thereby
advertises the presence or absence of a laptop (and more importantly it's
owner from a house). This is a serious issue and I think the draft should
address it instead of punting the problem to "firewalls, split-view DNS,
and Virtual Private Networks". Due to my general DNS ignorance I am unable
to suggest a workable solution but there should be a way to instruct the
proxy to suppress certain records (perhaps encode something in the QNAME,
I don't know). I just think this draft creates a serious problem out of a
protocol limitation and it should provide some way to address it.

   regards,

   Dan.