Predictable QNAME #23
Comments
|
This only really applies for CNAMEs - the label should be unique. TXT records shouldn't have to both with this. Not sure why this is a security concern? |
|
@shuque @paulwouters any opinions? Will close this out otherwise. |
|
I guess there is the issue that always having a fixed label like "_example_provider" can help an external adversary tell what service providers are being used. Having a less predictable QNAME label like "random_token._example_provider" make it harder to scan. |
|
Erik for the second QNAME did you mean "random-token._example_provider" ? I like the idea of making it hard for bad actors scoping things out. |
|
If the random token is part of the QNAME, wouldn't it always be hard to scan for? Using a prefix based on service that is known should still not really matter? Eg you can you find SADJSADJGNWRSFDSF._ietf-challange.nohats.ca. ? |
|
Erik and I both failed to notice that |
|
|
|
I am still unclear on the issue and proposed fix? |
|
Me too. Is it actually something that we need to hide in the validation record? There are probably many other ways outsiders can find out what application service a domain owner is using. I'm not sure this is a problem we need to solve. |
|
I marked it Future Work because I think it couild use some more thinking on this. |
|
I mentioned the scanning aspect in #133 (which is just another use of the multi-provider case) Another aspect that I didn't mention is that a predictable QNAME makes Kamnisky-stye attacks against the validator easier. This may be enough of a corner case that I'm not sure it's worth mentioning, but maybe it is? (It's also unclear that anything we can do defends against this, as in this attack use-case the Application Service Provider would give the attacker a challenge.) |
No description provided.
The text was updated successfully, but these errors were encountered: