IETF Logo Mail Archive

Re: [TLS] Alternative ESNI?

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 18 December 2018 18:54 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 313F41200B3 for <tls@ietfa.amsl.com>; Tue, 18 Dec 2018 10:54:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6LSUuYeXsi7g for <tls@ietfa.amsl.com>; Tue, 18 Dec 2018 10:54:33 -0800 (PST)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D0AC1311CE for <tls@ietf.org>; Tue, 18 Dec 2018 10:54:33 -0800 (PST)
Received: by mail-ot1-x32a.google.com with SMTP id n8so16677359otl.6 for <tls@ietf.org>; Tue, 18 Dec 2018 10:54:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6DD3BIXpI0X1AG6/q0Y9Nl7w3+FanjqqP84vbkQ2wiE=; b=U+ggt0Tb3Li29DagPDJGQHkOnxe/h/fSOgbGtpxKo6kozloS6SbFwDMrQbl5Nw+i+q eGfizLpf6VvxBUtGPGuh/H/GMKy33pDjB7VhNecjxVoWKDHgXbYZkYn28jwIgeMBFR4b 1QqhyMTCFMXfLuqZYKPxi6y2SswWxguYC0JMJBev/3w08Y1w27drvJ46sRMKexh4T20y Itse6Iy7lYyFGePCBaloYTNuUz3Gh9iib7Ing9gfNUdk2TCZ2PHScH6p8rblzB/3hvRG UFDiT550xn6ZlwrCitQrzeIe245yrDOBhQtKQMdSnLF4KFpODqnkVxBfcHrVsP0aXNe7 nMpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6DD3BIXpI0X1AG6/q0Y9Nl7w3+FanjqqP84vbkQ2wiE=; b=dcBHyFhpNosAz4IikDLvHR4xayOI6XhzVEP3LuvJMbd5onM9X7R6QCmEjpycmwjWbd Y75wXN58uAj5wV6YFkWPJVN4ALN8/0xiMhQrJWV3ajmxPylFSTpLDJ9wsbC5oqpQ9j2c Lk1Jco8l/fIkpA1t3RmhkROiJE3C0YkPHkQ0lLeUO+nsXfNxFlXPT9Zcv5rW32HP/BP0 Zz0uxUvOTJgXaivLOwLs6NNfbXVy2P/Vzog8EWImL5bP/RP43b4Y4XV4yAALuxxWVQXg dkBftm0qwJPhuXzyOVCN8BfUGsmsIvv4WYxEW0QLvprChUuxx7QkWQncgWU44ZBGUwLf 437w==
X-Gm-Message-State: AA+aEWa/Aoc+FTZHrIc6PVU4WODGGqQkdQ3BGq3S002M9NEHVFxfkgFy 8xtqygRPXXIvRD/Maa8qkuO8zORQGWaFzW63a689eDtj
X-Google-Smtp-Source: AFSGD/VqbA8pgoMbJfa/q7t6QUY6JdNObM6COrmz0MYK81WVRsvhg0idRi2MuwbMjMnVSMqnQTRdurC+BFav07r5dhU=
X-Received: by 2002:a9d:6a4:: with SMTP id 33mr12622772otx.347.1545159272850; Tue, 18 Dec 2018 10:54:32 -0800 (PST)
MIME-Version: 1.0
References: <20181215025346.GJ15561@localhost> <CABcZeBM_7LF-UDH8NR3Kad-8zSJBWwuNsDEJVAagHf1cV4Ow6g@mail.gmail.com> <alpine.LRH.2.21.1812161439170.14874@bofh.nohats.ca> <CABcZeBNyF6kP7iHZjDq0w+OtOOj5d67J8sCkLYwA5xaFTW8Q8Q@mail.gmail.com>
In-Reply-To: <CABcZeBNyF6kP7iHZjDq0w+OtOOj5d67J8sCkLYwA5xaFTW8Q8Q@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Tue, 18 Dec 2018 13:53:56 -0500
Message-ID: <CAHbuEH7R36YyFN=7ctMUHMndgt93TKM9srM4YkdBqL05dLyscQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Paul Wouters <paul@nohats.ca>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000946a02057d506daf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/p8-8007nBGaEHlzfS4BEgtgnmlI>
Subject: Re: [TLS] Alternative ESNI?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 18:54:36 -0000

Just a clarifying question inline
On Sun, Dec 16, 2018 at 3:30 PM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Sun, Dec 16, 2018 at 11:45 AM Paul Wouters <paul@nohats.ca> wrote:
>
>> On Fri, 14 Dec 2018, Eric Rescorla wrote:
>>
>> > However, in a large number of cases (e.g., an attacker on your local
>> network,
>> > there are non-DNSSEC ways of obtaining this property, such as using DoH.
>>
>> Data origin authenticity is not the same as transport security.
>>
>
> Yes, I'm quite aware of this fact.
>
>
> DoH offers no guarantee that the non-dnssec protected information you
>> received is not modified.
>>
>
> As with all things security, it depends on your threat model. If the
> attacker you
> are concerned with is between you and the DNS server, then in fact it does
> provide protection.
>
>
> Unfortunately, I keep needing to say this on various IETF lists. The
>> move towards "blindly trusting DNS over HTTPS/TLS" servers is misguided
>> and just moving the goal post.
>>
>
> I don't think this is a very accurate characterization of the situation.
> At present,
> the vast majority of DNS information is not DNSSEC protected [0], and yet
> we
> have to rely on it. If there's a "blindly trusting" in this discussion,
> it's that. DNS
> over HTTPS is designed to improve the situation, though of course it's not
> a panacea.
>
> However in *this* case, it actually covers a pretty large fraction of the
> threat
> model, because (1) many attackers are close to the user and (2) if the
> attacker
> controls your DNS server, then they learn which site you are going to in
> any case even before you send SNI.
>

This is written as a pretty broad statement.  Did you intend to say that
the attackers for this threat vector are close to the user or many
attackers? Asking as this could sway opinions and the current solution is
well suited to CDNs, not necessarily others.

Even if all the attacker can do is *modify*
> records rather than observe queries, this is often enough. For censorship
> applications,
> they just serve a blackholed IP address, and for surveillance
> applications, an
> attacker with significant network capabilities can serve a dedicated IP
> for each
> server name and then forward the traffic.
>
> Note that DNSSEC does not help very much in this case. If the attacker is
> the server, they don't need to modify records, and if they are not the
> server,
> then DNSSEC protection relies upon the client hard-failing on DNSSEC
> failures,
> which generic clients do not do because it would cause unacceptable
> failure rates.
>
> -Ekr
>
> [0] https://www.cs.umd.edu/~dml/papers/dnssec_imc17.pdf provides an
> overview
>

This is probably a bit better as a reference as it appears to be kept
current:
https://www.internetsociety.org/deploy360/dnssec/statistics/

and includes links to others providing statistics for reference as well.
The validation statistics look a bit better in the following study:
https://stats.labs.apnic.net/dnssec/XA?c=XA&x=1&g=1&r=1&w=7&g=0
where worldwide, they say 16% DNSSEC validates.

-Kathleen


> of the extremely depressing state of play; only 1% of .com is properly
> signed
> and about 30% of domains which have DNSSEC don't publish all the records
> needed to verify the domain.
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email