Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNS SD Privacy Christian Huitema, Daniel Kaiser

Published byIrena Rybak Modified over 5 years ago

Similar presentations

Presentation on theme: "DNS SD Privacy Christian Huitema, Daniel Kaiser"— Presentation transcript:

1 DNS SD Privacy Christian Huitema, Daniel Kaiser
IETF 97, Seoul, November 17, 2016 draft-ietf-dnssd-privacy-00 draft-ietf-dnssd-privacy-00

2 Changes in content from IETF 96
Removed the confusing “simple design” Text was confusing, “we could do this, but we won’t, do that instead.” Focus instead on the “two-step” solution: Publish the “private discovery service” using DNS-SD and obfuscated names Private discovery service uses DNS over TLS, secured with a mutually authenticated pairwise shared secret (PSK). Fixed a bunch of small issues in the text E.g., the two-step solution does in fact defend against fingerprinting. Moved “pairing” specification to separate draft Still rely on PSK established through pairing process draft-ietf-dnssd-privacy-00

3 Discuss: simple fix to scaling issues
Current: Advertise hints of the form Hash(nonce, PSK) Potential cost is O(N*M), N: number of pairings per machine M: number of servers in the network Suggested fix: compute only once per interval, e.g. 5 minutes Nonce = 32 bit Unix time, rounded to “interval” Servers compute N hashes per interval, based on server’s pairings Clients compute N hashes per interval, based on client’s pairings Clients perform M simple “hash comparisons” per query Simple implementation: set 24 bit nonce as Unix time >> 8 Feedback? draft-ietf-dnssd-privacy-00

4 draft-ietf-dnssd-privacy-00
Process and Next steps Adoption call passed Draft is now: draft-ietf-dnssd-privacy-00 Need implementation experience Working on it with Get DNS team Anybody else? Report on implementation and last call before IETF 98? draft-ietf-dnssd-privacy-00

Download ppt "DNS SD Privacy Christian Huitema, Daniel Kaiser"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Things we need to standardise: a recap/review since IETF89 dnssd WG, IETF90, Toronto, 24 th July 2014.

Things we need to standardise: a recap/review since IETF89 dnssd WG, IETF90, Toronto, 24 th July 2014.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Multiprotocol Attacks and the Public Key Infrastructure* Jim Alves-Foss Center for Secure and Dependable Software University of Idaho

Multiprotocol Attacks and the Public Key Infrastructure* Jim Alves-Foss Center for Secure and Dependable Software University of Idaho
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.

Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
 WHAT IS ENCRYPTION :-  Encryption (Round) (cont.) :-  HISTORY OF DE :-  TYPES OF DATA ENCRYPTION :-  Decryption :-  Security And Cryptanalysis.

 WHAT IS ENCRYPTION :-  Encryption (Round) (cont.) :-  HISTORY OF DE :-  TYPES OF DATA ENCRYPTION :-  Decryption :-  Security And Cryptanalysis.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

Similar presentations

Ads by Google