Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt

"Alvaro Retana (aretana)" <aretana@cisco.com> Wed, 02 September 2015 13:47 UTC

Return-Path: <aretana@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 647561B3FCF; Wed, 2 Sep 2015 06:47:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RqkcYGjjqHeK; Wed, 2 Sep 2015 06:47:54 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A14681B4000; Wed, 2 Sep 2015 06:47:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4583; q=dns/txt; s=iport; t=1441201670; x=1442411270; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=NRLSQXgSWZJ19xbSSb6Qytq5MFQqTbc6iejwaAkZimg=; b=VMn6+EeqMW2lmEiSzmHLAy6gyO1q/fYwCvh4ToOwHoEbUd1OdHDEyPnj FRxJJWZSUTtHXXclXxeZDvtqbIFy1n+qOW2oh7jigQSGSlyJhbm7HziSG AhmGl4gLZ3INEqjUDHlSLnPMsOEMVkgL9boRTimNkzUd+6amF+anL8PHW U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CuAgB2/eZV/40NJK1dgk5NVGkGvUIBCYFyhgACgTQ4FAEBAQEBAQGBCoQkAQEEeRACAQgEOwcyFBECBAENBQmIJQ3LJgEBAQEBAQEBAQEBAQEBAQEBAQEBAReGcwGEeoULBwmEIwWFNz+GfYU5gx0BhCFlhT6CMYFKRocLkVQmgg8cgVRxAQEBAYFEgQUBAQE
X-IronPort-AV: E=Sophos;i="5.17,453,1437436800"; d="scan'208,217";a="184505038"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 02 Sep 2015 13:47:49 +0000
Received: from XCH-RCD-007.cisco.com (xch-rcd-007.cisco.com [173.37.102.17]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id t82DlnbN026277 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 2 Sep 2015 13:47:49 GMT
Received: from xch-rcd-007.cisco.com (173.37.102.17) by XCH-RCD-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Wed, 2 Sep 2015 08:47:48 -0500
Received: from xhc-rcd-x01.cisco.com (173.37.183.75) by xch-rcd-007.cisco.com (173.37.102.17) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Wed, 2 Sep 2015 08:47:48 -0500
Received: from xmb-aln-x15.cisco.com ([169.254.9.140]) by xhc-rcd-x01.cisco.com ([173.37.183.75]) with mapi id 14.03.0248.002; Wed, 2 Sep 2015 08:47:48 -0500
From: "Alvaro Retana (aretana)" <aretana@cisco.com>
To: Alec Muffett <alecm@fb.com>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: Security review of draft-ietf-dnsop-onion-tld-00.txt
Thread-Index: AdDCwrgI60FbfiD1VUm8SJFVl8ANngegWveAACR0AIAAAL0/gAABmQkAAHdoZIAAfFgpgP//4p8A///daQA=
Date: Wed, 2 Sep 2015 13:47:48 +0000
Message-ID: <D20C73C3.CD207%aretana@cisco.com>
References: <007601d0c2c3$7615b610$62412230$@huitema.net> <CAHbuEH7RSdDmJK3i0e0W+kW0TSsbCNqQx7S+ZKp1Zx+7-uRjhw@mail.gmail.com> <841F8AF6-D800-4232-A900-7FB3872DE1D7@fb.com> <CAHbuEH66yK9JqnnK4UnoC1wtkL1d6S-JeL5twx6izM9o-R_BNg@mail.gmail.com> <E865FFAE-26DE-4B03-A294-5CB64C660CB7@fb.com> <CAHbuEH7pNs8qvkdEyqQ2-WERfPVHkgYxYH7FaFekerdNm8srGg@mail.gmail.com> <B7EB3E50-6F5C-4F40-80DA-3379D513514A@fb.com> <B5605B1D-2788-4BEB-A72A-493B04BA8213@fb.com>
In-Reply-To: <B5605B1D-2788-4BEB-A72A-493B04BA8213@fb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [173.36.7.23]
Content-Type: multipart/alternative; boundary="_000_D20C73C3CD207aretanaciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/i7tFGe_EuD48FnKF_6d7dU1jrmQ>
X-Mailman-Approved-At: Wed, 02 Sep 2015 07:10:52 -0700
Cc: secdir <secdir@ietf.org>, joel jaeggli <joelja@bogus.com>, Mark Nottingham <mnot@mnot.net>, "draft-ietf-dnsop-onion-tld.all@tools.ietf.org" <draft-ietf-dnsop-onion-tld.all@tools.ietf.org>, The IESG <iesg@ietf.org>, Brad Hill <hillbrad@fb.com>
Subject: Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 13:47:57 -0000

On 9/2/15, 7:51 AM, "iesg on behalf of Alec Muffett" <iesg-bounces@ietf.org<mailto:iesg-bounces@ietf.org> on behalf of alecm@fb.com<mailto:alecm@fb.com>> wrote:

Alec:

Hi!

I am quite confident that Mark’s latest diff:

http://www.ietf.org/rfcdiff/rfcdiff.pyht?url1=https://www.ietf.org/id/draft-ietf-dnsop-onion-tld-00.txt&url2=http://mnot.github.io/I-D/dnsop-onion-tld/draft-ietf-dnsop-onion-tld-01.txt

…covers the “human factors” element quite well.

There is more there, but as an average Internet user (not a Tor user) I still don’t know what to look out for if presented with a .onion name (or something that looks like it).  I suspect that most average users will just click on something w/out realizing (ever!) it is a .onion name, and not a “plain old link” to some other page.

However, the more I read this thread the more I am convinced not much can be said/done.  Just like the facebookXXX.onion versus facebookYYY.onion case, average users don’t pay enough attention to distinguish between facebook.com and faceboook.com, much less would they know that .onion (or any other name for that matter) is special.  As you already wrote in the latest version, we can just hope that the appropriate sw is updated to prevent the average user from doing something they don’t even understand that may result in some leakage of information.

Thanks for addressing this point.

Alvaro.