IETF Logo Mail Archive

Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 01 September 2015 09:33 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91B381B8DFE; Tue, 1 Sep 2015 02:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pFsZX9sSV6MK; Tue, 1 Sep 2015 02:33:41 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7ED8F1B6341; Tue, 1 Sep 2015 02:33:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 42FA9BE98; Tue, 1 Sep 2015 10:33:39 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Neckvw5Y3ZY9; Tue, 1 Sep 2015 10:33:39 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 46592BE5D; Tue, 1 Sep 2015 10:33:32 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1441100019; bh=AHP+M/j/sprUVZD48hkClbFaLeUZt8bWRuMvxpMXitE=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=s9EzBYkCHA45ISWvZhzBiutbgzxWtV9c1hQ5oUUy26uMzx0KVnWpcqiaVqtUU134S uPnagfW9tv8VTqABvpu3pA9oHFdQOF9sugBR5k/60cu8dB3hyzpHbS5tswN+IH0c/L PXaioVDZjqUwLqmA3gD8hBYuQtruEobyGbUSOhNk=
To: Mark Nottingham <mnot@mnot.net>
References: <007601d0c2c3$7615b610$62412230$@huitema.net> <CAHbuEH7RSdDmJK3i0e0W+kW0TSsbCNqQx7S+ZKp1Zx+7-uRjhw@mail.gmail.com> <841F8AF6-D800-4232-A900-7FB3872DE1D7@fb.com> <CAHbuEH66yK9JqnnK4UnoC1wtkL1d6S-JeL5twx6izM9o-R_BNg@mail.gmail.com> <CALaySJLD7WQG_2Zj2bU1_1TvTOVtVnw+YdirupFX5eAYu4CVOA@mail.gmail.com> <E178C22F-11F1-4FD7-89CC-5B2F8D1F3C44@mnot.net> <55E22119.9080106@bogus.com> <E8D38479-5B77-4D60-9D19-5F697A2DFC89@mnot.net> <55E414D7.3070600@cs.tcd.ie> <371BFDC3-19C6-4B5F-AA49-525DBA26EA67@mnot.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <55E570E6.4090603@cs.tcd.ie>
Date: Tue, 01 Sep 2015 10:33:26 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <371BFDC3-19C6-4B5F-AA49-525DBA26EA67@mnot.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/pPRSMz8tmQLh-sXLQKdrnvTGK9k>
Cc: secdir <secdir@ietf.org>, Alec Muffett <alecm@fb.com>, joel jaeggli <joelja@bogus.com>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "draft-ietf-dnsop-onion-tld.all@tools.ietf.org" <draft-ietf-dnsop-onion-tld.all@tools.ietf.org>, The IESG <iesg@ietf.org>, Brad Hill <hillbrad@fb.com>, Barry Leiba <barryleiba@computer.org>
Subject: Re: [secdir] Security review of draft-ietf-dnsop-onion-tld-00.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 09:33:44 -0000


On 01/09/15 09:35, Mark Nottingham wrote:
> Hey Stephen,
> 
> On 31 Aug 2015, at 6:48 pm, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>
>>
>> Hi Mark,
>>
>> I thought there was also to be a change to say that .onion names would
>> in future need to continue to adhere to the DNS name syntax (lengths
>> mainly) just so that we don't get more ickkiness when/if .onion names
>> are handled by code expecting DNS names?
>>
>> That wasn't from the secdir review but came up in the general IETF
>> list discussion in the last call.
> 
> See:
>   https://github.com/mnot/I-D/commit/3b691672b94455f2038353ae03c04c3b1001193d
> 
> Note that I just stole that text out of RFC3986. If there's a better way to do it, I'm all ears.

I think that's a fine change and reflects the list
discussion perfectly.

Ta,
S.


> 
> Cheers,
> 
> 
> 
>>
>> S.
>>
>> On 31/08/15 08:58, Mark Nottingham wrote:
>>> Attempting to address all of the outstanding feedback I've seen:
>>>
>>> * <https://github.com/mnot/I-D/commit/b3cdbbd0964532c88fefde3786d82b8bee1c62ee> uses .onion "names" instead of "addresses" consistently.
>>>
>>> * <https://github.com/mnot/I-D/commit/941719e8de43a642c2fab9049927b60d23b7012d> clarifies the requirements placed upon registrars, as per the IANA review.
>>>
>>> * <https://github.com/mnot/I-D/commit/bc57060e84ea338ff107f623b9e43498ee8d8309> updates the Tor URLs, but does NOT flip the two references suggested in Gen-ART to Normative; as per subsequent discussion, they aren't necessary to register the TLD, merely informative. Please advise if I read that wrong.
>>>
>>> * <https://github.com/mnot/I-D/commit/358186a82887ed3907537bc45bd37937b4a6a09e> moves much of the generic explanatory text from Security Considerations into the Introduction, as per the SecDir review. 
>>>
>>> * <https://github.com/mnot/I-D/commit/ca1eaaec5129f7ce82df8a749c11eb692de1059c> notes what happens when legacy systems get DNS queries leaked to them, as per the SecDir review.
>>>
>>> * I didn't yet do anything to address this feedback in the SecDir review:
>>>
>>>> Then, the security section also does not discuss how malicious name resolvers could be deployed in order to attack the TOR network. For example, if TOR security relies on DNS servers “black holing” misrouted request to resolve “.onion” names, what happens if malicious servers replace the suggested black-holing with some malicious tampering?
>>>
>>> Christian, how would that work? I don't see how this kind of attack (by having a malicious server leverage clients who erroneously forward DNS requests for .onion) is going to be qualitatively different from any other attack on the Tor network; indeed, it doesn't seem like a very effective way to attack the network itself. Now, it may be that you can trick some users into thinking they're on Tor when they're not, in the right circumstances, but that's not an attack on the network. 
>>>
>>> Can you give some more detail here (or ideally some suggested text)?
>>>
>>> Cheers,
>>>
>>>
>>>
>>>> On 30 Aug 2015, at 7:16 am, joel jaeggli <joelja@bogus.com> wrote:
>>>>
>>>> On 8/29/15 3:10 AM, Mark Nottingham wrote:
>>>>
>>>>> If the IESG would like to set a clear, unambiguous policy about this,
>>>>> I'm sure it would be welcomed; personally, I've heard advice both
>>>>> ways, and have not yet figured out how to make everyone happy.
>>>>
>>>> Well... you can ask me. imho the situation looks like the following to me.
>>>>
>>>> I think it's fine to have the discussion, propose the updates and hold
>>>> the draft update till the end; or to roll a new version as the product
>>>> of the discussion. The former runs the risk of accumulating a discuss
>>>> either from me or from another AD due to something that "really needs to
>>>> be addressed" prior to exit from iesg review. the later that we need
>>>> more time, if it comes shortly before thursday. ( the call is now at
>>>> 0700 pacific) so it's extremely unlikely that I will manange to
>>>> re-review something submitted late wednesday evening.
>>>>
>>>> I'm kind of waiting on the update to the iana language I asked for on
>>>> 8/15 and that is a barrier to publication, but I expect we know what
>>>> it's going to say in that respect already so I'm not going to hold up
>>>> the dicussion on that...
>>>>
>>>> thanks
>>>> joel
>>>>
>>>>> Cheers,
>>>>>
>>>>> -- Mark Nottingham   https://www.mnot.net/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> --
>>> Mark Nottingham   https://www.mnot.net/
>>>
> 
> --
> Mark Nottingham   https://www.mnot.net/
>

v2.23.0 | Report a Bug | By Email