Re: [Secdispatch] GNU Name System
Chelsea Komlo <chelsea.komlo@gmail.com> Fri, 24 July 2020 03:00 UTC
Return-Path: <chelsea.komlo@gmail.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E2943A0812; Thu, 23 Jul 2020 20:00:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hk6QLQxgbxnj; Thu, 23 Jul 2020 20:00:12 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 829AC3A0815; Thu, 23 Jul 2020 20:00:12 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id 88so6947797wrh.3; Thu, 23 Jul 2020 20:00:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=X33zKYiTD+gXuKu07yg5/bXy3bEMRLZuUx98OsNlvW4=; b=lZHGmgvL3pKibPhWLU3Si450yXiiKhqZQFs8polzB9jX5279WcDhKVRSq86M78VUob Z99Cq2IwJEouoOzi5/VICnCRLkvQ8TP70qDTYcWL5VLUZ8yEEFo6+YhB/yJgJMNCcwo6 qy5qGiexB+KLrkQ71/3KgcTAE03N6CAeW++ukBuUmCIOW3l1aJL3H6Dcj0GxivSWZaMj qbGONTWOe0iYcOE7b/QnlvM7x5Ic6IIDeTU9pvWga5gqnWYyFQ6d7K4Ora5ZUeytMDLy 36OlMPWYwDJ25WO7aZC4I+MVL3+fCHmNcufXwtlB/SgfXPRlevwFpH9TA+1ZXCCw4PlJ n6qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=X33zKYiTD+gXuKu07yg5/bXy3bEMRLZuUx98OsNlvW4=; b=WwVHi3RBEE10mJU423YarDjcOnhnIAB+jV8uw1p5FsXMt93mtreJnEBM9eLhvNra6u LeQog2p2kCgWHLiwUPqriWpAur9TlkaoQssUlPSGsqEqg6/A2XHYmAIyHGsrpoM0podT jLTC3AAUlrY5jN060+Ozbg4KUW9Q3Vf1WPWktcPWgZIosW/1fEqqPKklMi2CvBKJ0G8j JNNI6IKySfIwidgwjDEOnhpctNHL+Txqbm3ftdb0tTORSns8TKNdVNcv31gAo6PgA9iN l8IIxsDfnwDYTIV2essOg9srtfdnLTc9IsBuk2b0VMdjywOMXfb5u/9PMJNco19Gxq0E N5cQ==
X-Gm-Message-State: AOAM531IZnkFx3wl1gZgGqe4TCilE0LoY7bIy1XW+yAu7d+AzVlyFu+M 65fbR3lvNwuBCuv3v2dIimDWqCDbE1JFtOTdIkx94P6JV9M=
X-Google-Smtp-Source: ABdhPJzMhcbMj2VYDUmAYVD/7YS+BpXtYUs8HiCAvMoiL75fqftH2xLcW67rXpquPCU6C1eVH7LgPEekzUp7LX7pPBY=
X-Received: by 2002:adf:8024:: with SMTP id 33mr6700016wrk.135.1595559610464; Thu, 23 Jul 2020 20:00:10 -0700 (PDT)
MIME-Version: 1.0
References: <31625.1595368614@localhost> <707BC467-05E0-43C9-AF86-AE741E4E26FD@callas.org>
In-Reply-To: <707BC467-05E0-43C9-AF86-AE741E4E26FD@callas.org>
From: Chelsea Komlo <chelsea.komlo@gmail.com>
Date: Thu, 23 Jul 2020 20:59:57 -0600
Message-ID: <CAJoqpTJ7xZUwT4RH+wEZk8B2D8j0+LNiThTFbLda=0F1Kzt-cg@mail.gmail.com>
To: "secdispatch@ietf.org" <secdispatch@ietf.org>
Cc: "draft-schanzen-gns@ietf.org" <draft-schanzen-gns@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ccbdaf05ab272b74"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/qPWLejRjxrKgZ108xCwB9oQOl_g>
Subject: Re: [Secdispatch] GNU Name System
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2020 03:00:15 -0000
I looked over the GNS draft and have a few comments regarding how the terms "censorship resistance" and "privacy-preserving" are used in the draft. The draft says that "This specification describes a censorship-resistant, privacy-preserving and decentralized name system: The GNU Name System (GNS)." The term "censorship-resistance" here refers to the ability for the system to resist removal of domain names by someone that does not directly control the domain. However, this definition of censorship resistance is in fact quite limited, and doesn't consider other factors like namesquatting, doppelgangers, and other variations of abuse that prevent use of the system. While some of these considerations may be outside the scope of this draft, identifying and describing the implications of these assumptions is important to ensure the system is viable in practice (Section 9.2 currently just says that zone administrators must take abuse into account and develop rules to mitigate it). Further, this draft implicitly assumes that users have access to some censorship-resistant channel (such as Tor) in order to perform lookups. For example, this system will likely be blocked in countries that also can successfully block Tor (such as China without the use of bridges). This draft should clearly specify the assumption that users have access to some censorship-resistant channel. Finally, the draft should explicitly define what "privacy-enhancing" means in the description that "GNS provides a privacy-enhancing alternative to the Domain Name System (DNS)"; i.e, whose privacy is being enhanced, and under what circumstances. The draft describes how user lookups are performed over resource record blocks, which hides a user's lookup within a single block (which seem to contain multiple domains?), but of course the privacy guarantees of this approach are much weaker than systems that provide a single anonymity set for lookups. Chelsea On Thu, Jul 23, 2020 at 7:12 PM Jon Callas <jon@callas.org> wrote: > I've also read through the GNS draft and have some comments: > > * Like Michael Richardson, I have a great love for SDSI and love to see it > used. I think there's a large discussion we should have about what the use > cases can and should be. Alternate roots etc. are an issue, but I'm not > sure it would be so bad to be able to say "ICANN's ietf.org" other than > that it implies there could be someone else's "ietf.org" and that this is > obviously problematic, particularly in how it would enable things like > phishing. I take the opposite take on user experience. Protocol documents > shouldn't be talking UX. Anyway, I think there's a discussion point as to > whether this is a good idea. As much as I would like to be able to say "the > media server I have at home" (for a number of reasons, not the least of > which that that implies I'm not at home"), it's not clear this is really a > good idea in the general case. My security auditor's mind is having a field > day in thinking of cool (meaning confusing or malicious) ways to use this. > Yet, I think it's a discussion point. > > * If this gets put into a working group, I think it needs an IETF name for > it, not GNS and not something that contains "GNU." Other standards have had > their institutional links filed off; SSL became TLS, SSH became SECSH. > Notably, OpenPGP did not, and I think that this was unfortunate. Despite > all good intentions at the time, it's created confusion, and I say that as > an RFC editor and as an implementer. There's nothing wrong with GNUnet's > GNS being a reference implementation of <protocol>, and my advice to both > the IETF and the GNS people, you'll be happier if you change the protocol > name. > > * There are a number of eccentric things in the protocol now. I don't mean > that as a pejorative -- there are lots of eccentric things I like, SDSI, > for example. I also like CFB mode as well as Twofish. Why, though, are they > here? Are the design decisions leading to these? There's not a lot in the > draft about these decisions. In general, it's better to stick to the > well-trodden paths, to pick algorithms, modes, etc. that are in common use. > In specific there are often reasons to do something on its own; I can see > that a naming system might have reasons for going its own way. We just need > a discussion of them. New code, new algorithms mean new bugs. If you can > write about these decisions, "Most people do X, we are doing Y, because Z" > that helps understand why the decisions are there. Some can be guessed -- > CFB means no CBC padding, and no keying issues of a stream cipher like CTR > mode. Tell us, though. I also really want to see what's going on and why > with the record data encryption ini > 4.3. > > * There are a number of other features in this that are interestingly > eccentric, but leave me with a raised eyebrow. For example, a resource > record for a VPN. That's interesting, but why? Zone revocation with > proof-of-work -- why, as time and time again proof-of-work proves not to > work? (I refer also to section 9.5 where you recommend pre-generating > proofs of work. Where should these be stored, how should they be > protected?) > > * The Security considerations need more work. 9.1 discusses the ECDSA > decision, but not other crypto considerations. It refers us to the relevant > papers without really saying more. > > 9.2 points out that unrestricted Unicode names can lead to phishing, but > says nothing more than, "zone administrators must take into account this > attack vector and incorporate rules in order to mitigate it." That's not > helpful. Or perhaps, 'this enables phishing, and it's your problem not > ours, and we're not going to tell you what to do' is the actual security > consideration. The second paragraph essentially says that protocol prevents > taking down phishing site because authoritarian governments are bad. Um, > okay. > > 9.3 is also pretty scary, a direct quote (and not my paraphrase) is: "Zone > administrators, and for GNS this includes end-users, are required to > responsibly and dilligently [sic] protect their cryptographic keys." That's > a pretty big security consideration that everyone has to do their own key > management and get it 100% right. > > I do have a question -- what happens if the keys are lost? Does this mean > the domain is essentially gone forever? I can't quite tell. > > 9.4 says that we need to pick the right DHT, if we pick the wrong one bad > stuff will happen, and if we pick different ones interoperability is > "unlikely." > > I don't have further things to say about revocations, except that it's > tetchy and brittle, by design. > > All in all, the security considerations don't leave me thinking this is > anything like a safe protocol. > > * Despite all my comments above, I think that there's something > interesting in the protocol and the issues can be fixed. Nonetheless, this > is being positioned as an Informational RFC and I think that's a bad idea. > This should either be standards track or continue to be off on its own and > not part of the IETF. > > The major risk is that this is an alternative to DNS that could lead to > fragmentation of the most basic service on the Internet, naming. Yet it > requires everyone to do key management perfectly and optimizes against easy > management through proof of work and so on. I know I've done silly things > managing my own DNS, and it seems that I'd be unhappily doing proof-of-work > to undo every typo. > > There are exciting ideas here. I believe that many of the issues I've > brought up have relatively simple solutions. I also believe that it's no > where near ready to deploy or standardize in the IETF. An informational RFC > is not a good idea; this is too big and too experimental for that. While we > in the IETF understand the difference, most people think and RFC is an RFC > is an RFC is an RFC. The belief is that informational RFCs are standards. > (Again, I am a sinner here, too. I have at times gotten tired of saying > "informational" when someone incorrectly says "standard" and just let them > go on.) > > The agenda for Secdispatch says simply that this item is, "objective: find > a home at IETF" which seems to be presupposing that the decision is not if > it should be in some working group, but which one. I think it's premature > for that. Much more work needs to be done. > > Jon > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch > -- Chelsea H. Komlo | chelseakomlo.com
- [Secdispatch] GNU Name System Michael Richardson
- Re: [Secdispatch] GNU Name System Christian Grothoff
- Re: [Secdispatch] GNU Name System Jon Callas
- Re: [Secdispatch] GNU Name System Chelsea Komlo
- Re: [Secdispatch] GNU Name System Russ Housley
- Re: [Secdispatch] GNU Name System Jon Callas
- Re: [Secdispatch] GNU Name System Schanzenbach, Martin
- Re: [Secdispatch] GNU Name System Francesca Palombini