Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt

Alec Muffett <alecm@fb.com> Wed, 02 September 2015 11:36 UTC

Return-Path: <prvs=66879520af=alecm@fb.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 689861A1B25; Wed, 2 Sep 2015 04:36:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.367
X-Spam-Level:
X-Spam-Status: No, score=-2.367 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QbHP_g7ij6qm; Wed, 2 Sep 2015 04:36:39 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D636C1B3054; Wed, 2 Sep 2015 04:36:39 -0700 (PDT)
Received: from pps.filterd (m0044012 [127.0.0.1]) by mx0a-00082601.pphosted.com (8.14.5/8.14.5) with SMTP id t82BaTju008166; Wed, 2 Sep 2015 04:36:29 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=rWfe4oIjeMfdNZOt2mZEGbHi4QUWrU2Mv+yoOcv3lX8=; b=R5dFVORoEqS5jjzuMWytJkKL80JiHhcFY6+qtI96qFfxkZMbTUIywiuLdAmu3myN3v+S hjHyQHk83CtsauEUFist5zrxL0P2Fi/EMedVxq1mWNk+X2Zerz2HBU9WKxhHddswwXG+ VnuRUxUWrhJb7lRrGv3SnrOXoY2cqOksIvw=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 1wnv05rfaj-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 02 Sep 2015 04:36:29 -0700
Received: from PRN-MBX02-4.TheFacebook.com ([169.254.2.38]) by PRN-CHUB14.TheFacebook.com ([fe80::5977:3d0b:700b:8bb%12]) with mapi id 14.03.0248.002; Wed, 2 Sep 2015 04:36:27 -0700
From: Alec Muffett <alecm@fb.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: Security review of draft-ietf-dnsop-onion-tld-00.txt
Thread-Index: AdDCwrgI+PKUtFTlQwu24Fnrr5jdagegWveAACR0AIAAAL0/gAABmQkAAHdoZIAAfFgpgA==
Date: Wed, 2 Sep 2015 11:36:26 +0000
Message-ID: <B7EB3E50-6F5C-4F40-80DA-3379D513514A@fb.com>
References: <007601d0c2c3$7615b610$62412230$@huitema.net> <CAHbuEH7RSdDmJK3i0e0W+kW0TSsbCNqQx7S+ZKp1Zx+7-uRjhw@mail.gmail.com> <841F8AF6-D800-4232-A900-7FB3872DE1D7@fb.com> <CAHbuEH66yK9JqnnK4UnoC1wtkL1d6S-JeL5twx6izM9o-R_BNg@mail.gmail.com> <E865FFAE-26DE-4B03-A294-5CB64C660CB7@fb.com> <CAHbuEH7pNs8qvkdEyqQ2-WERfPVHkgYxYH7FaFekerdNm8srGg@mail.gmail.com>
In-Reply-To: <CAHbuEH7pNs8qvkdEyqQ2-WERfPVHkgYxYH7FaFekerdNm8srGg@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.54.13]
Content-Type: multipart/signed; boundary="Apple-Mail=_97D5860A-8F01-4FD8-9B71-7B97329FDD78"; protocol="application/pgp-signature"; micalg=pgp-sha512
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-09-02_06:2015-09-02,2015-09-02,1970-01-01 signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/Oc3oqFtPxSmTBvZ1sn0ihN4Kg6g>
Cc: secdir <secdir@ietf.org>, joel jaeggli <joelja@bogus.com>, Mark Nottingham <mnot@mnot.net>, "draft-ietf-dnsop-onion-tld.all@tools.ietf.org" <draft-ietf-dnsop-onion-tld.all@tools.ietf.org>, The IESG <iesg@ietf.org>, Brad Hill <hillbrad@fb.com>
Subject: Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 11:36:41 -0000

Hello All!

Back from some manner of brief holiday, and I’ll try and pick up some loose ends without treading on Mark’s epic work.

>> The goal of leak-reduction is to reduce leaks, rather
>> than to assure security.
> 
> Are there privacy considerations with leak reduction?

Either leaks exist (likely) or they do not. It’s hard to conceive of where a reduction in efficacy of leak-prevention would benefit privacy, so onion-leak-reduction would seem to be one of those things that can be classified as "net win at scale” and the need for it should reduce with time.


>> Tor security does not rely on blackholing DNS requests, it relies upon
>> cryptographic technology.
>> 
>> Tools which are Tor-aware will not have the leakage problem.
> 
> OK, great, so I think just adding something on this point in the
> security considerations would be good.  We are fine on the other
> points and I just have the question about security properties for
> section 2.

I think Mark’s revisions nail this with the “legacy client” paragraph.  :-)

I will skim the rest of the mails and try to consolidate the next response, if any is required.

    -a