IETF Logo Mail Archive

Re: [Tsv-art] [dns-privacy] Tsvart last call review of draft-ietf-dprive-dnsoquic-08

Sara Dickinson <sara@sinodun.com> Thu, 27 January 2022 13:17 UTC

Return-Path: <sara@sinodun.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 653153A0332; Thu, 27 Jan 2022 05:17:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JJn8s4EjeigD; Thu, 27 Jan 2022 05:17:53 -0800 (PST)
Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBA103A0317; Thu, 27 Jan 2022 05:17:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=mythic-beasts-k1; h=To:Date:From:Subject; bh=KaPBlDCRc8WBoQdqdyjwl4DAE9Grm1JNKlgVuvdAn1M=; b=f9TLr/1gaduhkpEy3LH3Ga6A8C miuW9eJ6+u7D2Is0pNQYRC+0VNLqAiGuMlio6pilKQVgv0CzEhlLIryAND/ycec3Bs5aknTJoDThG VAVb8d/WzmKfRsvdGywCy0lH3gmUktQH908CGTvpA4f+mI/oXOJVNZkmCMP1JpaVEY8LhqQzJqlh5 aUmZkL6lf4vgH0nERuLJg+KUmogkW78Vg6N32/QehjX7XvBLiCYt7YSEb5cbxCwjnoq7AWr6Avw8k KqgKIc7xIQdWjUTGosE5ZWmInDNhjJdpeOfSAsu0uzkiphBAR6LNjUnULjQIbs6TeUjr5cAPV+wwu HZ5o4lrA==;
Received: from [82.68.3.134] (port=25080 helo=[192.168.12.101]) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <sara@sinodun.com>) id 1nD4es-0002vt-2M; Thu, 27 Jan 2022 13:17:50 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Sara Dickinson <sara@sinodun.com>
In-Reply-To: <e81b7117-126a-4557-b020-eb5dbffa775b@huitema.net>
Date: Thu, 27 Jan 2022 13:17:39 +0000
Cc: tsv-art@ietf.org, draft-ietf-dprive-dnsoquic.all@ietf.org, last-call@ietf.org, DNS Privacy Working Group <dns-privacy@ietf.org>, Christian Huitema <huitema@huitema.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E131CF24-A64B-481A-A856-11B83886B154@sinodun.com>
References: <164303671825.29006.13435316265266313857@ietfa.amsl.com> <e81b7117-126a-4557-b020-eb5dbffa775b@huitema.net>
To: Brian Trammell <ietf@trammell.ch>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/jh5eR3JYVHp9RqIKYpO0Pr3RcIU>
Subject: Re: [Tsv-art] [dns-privacy] Tsvart last call review of draft-ietf-dprive-dnsoquic-08
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2022 13:17:59 -0000

Hi Brian, 

Thanks for the review, and as Christian said the padding question has been a point of discussion.

I’m personally comfortable with a downref to RFC 8467 with text to support why this is done as you suggest. Multiple studies have shown just how easy traffic analysis is without any padding - we could actually cite one of the more recent ones. RFC 8467 is implemented for stub-recursive DoT in most open source software and is in use by major recursive operators.  For me this approach mitigates the immediate risk of exposing DNS names - preventing traffic analysis from identifying DoQ is a much longer term goal (and requires ECH). 

I’ve had a first pass at a PR making RFC8467 normative here: https://github.com/huitema/dnsoquic/pull/143

Regards

Sara


> On 26 Jan 2022, at 20:32, Christian Huitema <huitema@huitema.net> wrote:
> 
> Thanks for the review, Brian.
> 
> We have been going back and forth on the padding requirements, and the current text is specifically written to avoid a downward reference to RFC 8467. You are making a good arguments that it is hard for implementers to comply with a requirement that they MUST pad if there is no specific guidance about how to pad. On the other hand, I think that we should not delay publication until getting definitive agreement on the appropriate padding policy. For example, we would have to resolve the tension between application specific padding, with a goal to hide which DNS names are being queried, and generic transport level padding, with a goal to prevent traffic analysis from distinguishing between DoQ and other applications. So, I am inclined to just replace MUST by SHOULD, and leave it at that. That's one of your proposed remedies,  but I wonder whether others might object.
> 
> -- Christian Huitema
> 
> 
> On 1/24/2022 5:05 AM, Brian Trammell via Datatracker wrote:
>> Reviewer: Brian Trammell
>> Review result: Ready with Nits
>> 
>> This document has been reviewed as part of the transport area review team's
>> ongoing effort to review key IETF documents. These comments were written
>> primarily for the transport area directors, but are copied to the document's
>> authors and WG to allow them to address any issues raised and also to the IETF
>> discussion list for information.
>> 
>> When done at the time of IETF Last Call, the authors should consider this
>> review as part of the last-call comments they receive. Please always CC
>> tsv-art@ietf.org if you reply to or forward this review.
>> 
>> This document is a mature and straightforward mapping of DNS over QUIC,
>> modeling a QUIC connection as equivalent to DNS over TCP with one query
>> per stream. 0-RTT and fallback design choices are reasonable and
>> well-explained. Security and privacy considerations are well-presented.
>> All in all, a very good example of an application mapping over QUIC.
>> 
>> I have only a few nits here:
>> 
>> Editorial nits:
>> 
>> - in section 5.3.1, is STOP_SENDING spelled "STOP_SENDING"
>> or "Stop Sending"? Please choose one.
>> 
>> - "These privacy issues are detailed in Section 9.2 and Section 9.1"
>> is a weird order; please swap.
>> 
>> Content nit:
>> 
>> I understand the intent behind "Implementations MUST protect against the
>> traffic analysis attacks described in Section 9.5 by the judicious injection of
>> padding"; however (1) there is no interoperability risk from failing to comply
>> with this restriction, and (2) as an implementor, it would not be clear to me
>> how to prove my padding injection was "judicious".
>> 
>> There is a reference to an experimental RFC 8467 that presumably defines
>> acceptable padding policies, but it is referenced as "should consider".
>> 
>> I would recommend one of the three following remedies:
>> 
>> - change this to a SHOULD (since verifying compliance is impossible as phrased),
>> - add a normative downref to 8467 and make it clear that that reference defines
>> padding policies considered compliant, or
>> - provide some other guidance implementors can use do determine whether
>> they are padding enough to be considered compliant.
>> 
>> Further, traffic analysis threats are not limited to packet lengths, as section 9.5
>> acknowledges. Is there any equivalent MUST guidance regarding stream frame
>> timing for traffic analysis resistance that could be given here?
>> 
>> 
>> _______________________________________________
>> dns-privacy mailing list
>> dns-privacy@ietf.org
>> https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email