Re: [Gen-art] Review of draft-ietf-dane-smime-15

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dale Worley <worley@xxxxxxxxxxx> in his review:
> 2. Presumably it was deliberate not to have the first label for an
> SNAMEA record be the canonical UTF-8 string for the local-part, even
> though the DNS architecture (RFC 1035) seems to admit binary labels.

> 3.  Location of the SMIMEA Record
>
>    The DNS does not allow the use of all characters that are supported
>    in the "local-part" of email addresses as defined in [RFC5322] and
>    [RFC6530].
>
> I don't have the full background on this.  My memory ends at RFC
> 1035:
>
>     Although labels can contain any 8 bit values in octets that make up a
>     label, it is strongly recommended that labels follow the preferred
>     syntax described elsewhere in this memo, which is compatible with
>     existing host naming conventions.
>
> I suspect there is by now a defined way to have "UTF-8 labels". Given
> that this draft doesn't use such a mechanism, there's probably a
> discussion out there why just using a UTF-8 string as a label doesn't
> work.  It would be helpful to put a reference to that discussion here,
> because the mechanism in the draft is doing a lot of work to avoid the
> seemingly obvious mechanism.

>From draft-ietf-dane-smime-15:

> 9.2.  Email Address Information Leak
> 
>    The hashing of the local-part in this document is not a security
>    feature.  Publishing SMIMEA records will create a list of hashes of
>    valid email addresses, which could simplify obtaining a list of valid
>    email addresses for a particular domain.  It is desirable to not ease
>    the harvesting of email addresses where possible.
> 
>    The domain name part of the email address is not used as part of the
>    hash so that hashes can be used in multiple zones deployed using
>    DNAME [RFC6672].  This makes it slightly easier and cheaper to brute-
>    force the SHA2-256 hashes into common and short local-parts, as
>    single rainbow tables [Rainbow] can be re-used across domains.  This
>    can be somewhat countered by using NSEC3.

After thinking about this more, it seems to me that the draft is
suffering from conflicting requirements.  On one hand, it wants to not
have the SMIMEA records provide a complete list of local-parts for the
domain name.  On the other hand, simply hashing the local-parts does not
provide enough protection of the local-parts because one dictionary can
be used to attack every domain that uses SMIMEA.  And hashing the
local-parts with the domain name makes it impossible to present the same
set of SMIMEA records for several domain names (that are e-mail
equivalent) using DNAME records.  This, I think, leads to justifying
using hashes as labels for the RRs even though the local-parts are
encoded in UTF-8, and could be used as labels themselves.

It seems to me the way out of this conflict is to salt the hashes of the
local-parts.  That is, each domain has a salt value of e.g. 128 bits (16
octets) which is hashed with the local-part to produce the label for the
RR.  The natural way to distribute the salt is in an RR attached to the
_smimecert domain (which ensures that several domains can use DNAME to
redirect to one tree of SMIMEA records), and it seems that an easy way
to do that is to use an SMIMEA RR with another "certificate usage" value
(presumably 4) to specify that the "certificate association data" field
holds the salt value:

    $origin example.com.

    ; salt
    _smimecert IN SMIMEA 4 0 0 0f215f3ab4a8bd21b831c8316379d5b0
    ; hugh@xxxxxxxxxxx
    51dfb169b7e8f5eeb4c853bf2cc2d9481cb6e9f3bd156afeb3b1cf42._smimecert (
        IN SMIMEA 0 0 1 
        d2abde240d7cd3ee6b4b28c54df034b97983a1d16e8a410e4561cb106618e971 )

It would even be upward-compatible from the current system if we defined
that if there was no SMIMEA record for the _smimecert domain, then the
hash is unsalted.

Dale




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]