Certificate Transparency: Prevent client subnet being added to DNS queries |
|||||||||
Issue descriptionA DNS resolver used by certificate_transparency::LogDnsClient may add the client's subnet to the query (see RFC 7871), which would subsequently result in Google's CT DNS server receiving it along with the leaf hash/index that the client wants an inclusion proof for. Geolocation is of no benefit here, so should be disabled in order to eliminate any client-specific data being passed to that server (better for privacy). This can be done as defined in RFC 7871, section 11.1. It will require implementing some degree of support for EDNS0 (RFC 6891).
,
Nov 28 2016
,
Nov 28 2016
Matt - please review Rob's outline for getting EDNS support in the DNSQuery (so we can opt clients out of having their subnets added by resolvers). Ryan - FYI.
,
Nov 28 2016
This would effectively prohibit us from using the OS resolver, AIUI, in that we cannot control EDNS. It may be useful to bring this up to chrome-privacy@ sooner than later, with the rough sketches and problem statement, to sync with them before this work is done, and in line with the overall DNS privacy work going on in IETF (e.g. https://trac.ietf.org/trac/edu/attachment/wiki/IETF97/97-DNS-Privacy.pdf )
,
Nov 28 2016
Also, why was this Restrict-View-Google'd? We should try to avoid that.
,
Nov 30 2016
,
Nov 30 2016
,
Jun 23 2017
,
Jun 28 2017
,
Jul 24 2017
,
Sep 22 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/69261b62ae82f9fe8ca972ffa09e710d8d041c5b commit 69261b62ae82f9fe8ca972ffa09e710d8d041c5b Author: Rob Percival <robpercival@chromium.org> Date: Fri Sep 22 17:39:14 2017 EDNS0: Support for an OPT pseudo-RR in DNS queries This provides basic support for EDNS0 by allowing an OPT record to be added to DNS queries and read from responses. There is no support for specific EDNS0 options yet; this will be added later. Bug: 667805 Change-Id: I17668e72f3ac7e9f658b577acd4b8a0feec22431 Reviewed-on: https://chromium-review.googlesource.com/668856 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Miriam Gershenson <mgersh@chromium.org> Commit-Queue: Rob Percival <robpercival@chromium.org> Cr-Commit-Position: refs/heads/master@{#503784} [modify] https://crrev.com/69261b62ae82f9fe8ca972ffa09e710d8d041c5b/net/dns/dns_protocol.h [modify] https://crrev.com/69261b62ae82f9fe8ca972ffa09e710d8d041c5b/net/dns/dns_query.cc [modify] https://crrev.com/69261b62ae82f9fe8ca972ffa09e710d8d041c5b/net/dns/dns_query.h [modify] https://crrev.com/69261b62ae82f9fe8ca972ffa09e710d8d041c5b/net/dns/dns_query_unittest.cc [modify] https://crrev.com/69261b62ae82f9fe8ca972ffa09e710d8d041c5b/net/dns/dns_response_unittest.cc [modify] https://crrev.com/69261b62ae82f9fe8ca972ffa09e710d8d041c5b/net/dns/record_parsed.cc [modify] https://crrev.com/69261b62ae82f9fe8ca972ffa09e710d8d041c5b/net/dns/record_rdata.cc [modify] https://crrev.com/69261b62ae82f9fe8ca972ffa09e710d8d041c5b/net/dns/record_rdata.h [modify] https://crrev.com/69261b62ae82f9fe8ca972ffa09e710d8d041c5b/net/dns/record_rdata_unittest.cc
,
Sep 22 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5bfab68936f0584d9f83e98109befcc6a522dccf commit 5bfab68936f0584d9f83e98109befcc6a522dccf Author: Rob Percival <robpercival@chromium.org> Date: Fri Sep 22 18:43:53 2017 Revert "EDNS0: Support for an OPT pseudo-RR in DNS queries" This reverts commit 69261b62ae82f9fe8ca972ffa09e710d8d041c5b. Reason for revert: Tests failing on Android buildbots Original change's description: > EDNS0: Support for an OPT pseudo-RR in DNS queries > > This provides basic support for EDNS0 by allowing an OPT record to be > added to DNS queries and read from responses. There is no support for specific > EDNS0 options yet; this will be added later. > > Bug: 667805 > Change-Id: I17668e72f3ac7e9f658b577acd4b8a0feec22431 > Reviewed-on: https://chromium-review.googlesource.com/668856 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Miriam Gershenson <mgersh@chromium.org> > Commit-Queue: Rob Percival <robpercival@chromium.org> > Cr-Commit-Position: refs/heads/master@{#503784} TBR=rsleevi@chromium.org,mgersh@chromium.org,mmenke@chromium.org,robpercival@chromium.org Change-Id: I6de56f04fffa38021910700371bf609a7b4bae10 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: 667805 Reviewed-on: https://chromium-review.googlesource.com/679214 Reviewed-by: Paul Jensen <pauljensen@chromium.org> Commit-Queue: Rob Percival <robpercival@chromium.org> Cr-Commit-Position: refs/heads/master@{#503806} [modify] https://crrev.com/5bfab68936f0584d9f83e98109befcc6a522dccf/net/dns/dns_protocol.h [modify] https://crrev.com/5bfab68936f0584d9f83e98109befcc6a522dccf/net/dns/dns_query.cc [modify] https://crrev.com/5bfab68936f0584d9f83e98109befcc6a522dccf/net/dns/dns_query.h [modify] https://crrev.com/5bfab68936f0584d9f83e98109befcc6a522dccf/net/dns/dns_query_unittest.cc [modify] https://crrev.com/5bfab68936f0584d9f83e98109befcc6a522dccf/net/dns/dns_response_unittest.cc [modify] https://crrev.com/5bfab68936f0584d9f83e98109befcc6a522dccf/net/dns/record_parsed.cc [modify] https://crrev.com/5bfab68936f0584d9f83e98109befcc6a522dccf/net/dns/record_rdata.cc [modify] https://crrev.com/5bfab68936f0584d9f83e98109befcc6a522dccf/net/dns/record_rdata.h [modify] https://crrev.com/5bfab68936f0584d9f83e98109befcc6a522dccf/net/dns/record_rdata_unittest.cc
,
Sep 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c2b1a17640f28d64081c99ab7a68910f242e210a commit c2b1a17640f28d64081c99ab7a68910f242e210a Author: Rob Percival <robpercival@chromium.org> Date: Mon Sep 25 13:30:42 2017 Reland "EDNS0: Support for an OPT pseudo-RR in DNS queries" This is a reland of 69261b62ae82f9fe8ca972ffa09e710d8d041c5b Original change's description: > EDNS0: Support for an OPT pseudo-RR in DNS queries > > This provides basic support for EDNS0 by allowing an OPT record to be > added to DNS queries and read from responses. There is no support for specific > EDNS0 options yet; this will be added later. > > Bug: 667805 > Change-Id: I17668e72f3ac7e9f658b577acd4b8a0feec22431 > Reviewed-on: https://chromium-review.googlesource.com/668856 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Miriam Gershenson <mgersh@chromium.org> > Commit-Queue: Rob Percival <robpercival@chromium.org> > Cr-Commit-Position: refs/heads/master@{#503784} Bug: 667805 Change-Id: Ib4a1e4819369024fd311117dee6be0ff30b2a807 Reviewed-on: https://chromium-review.googlesource.com/679334 Reviewed-by: Miriam Gershenson <mgersh@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Commit-Queue: Rob Percival <robpercival@chromium.org> Cr-Commit-Position: refs/heads/master@{#504040} [modify] https://crrev.com/c2b1a17640f28d64081c99ab7a68910f242e210a/net/dns/dns_protocol.h [modify] https://crrev.com/c2b1a17640f28d64081c99ab7a68910f242e210a/net/dns/dns_query.cc [modify] https://crrev.com/c2b1a17640f28d64081c99ab7a68910f242e210a/net/dns/dns_query.h [modify] https://crrev.com/c2b1a17640f28d64081c99ab7a68910f242e210a/net/dns/dns_query_unittest.cc [modify] https://crrev.com/c2b1a17640f28d64081c99ab7a68910f242e210a/net/dns/dns_response_unittest.cc [modify] https://crrev.com/c2b1a17640f28d64081c99ab7a68910f242e210a/net/dns/record_parsed.cc [modify] https://crrev.com/c2b1a17640f28d64081c99ab7a68910f242e210a/net/dns/record_rdata.cc [modify] https://crrev.com/c2b1a17640f28d64081c99ab7a68910f242e210a/net/dns/record_rdata.h [modify] https://crrev.com/c2b1a17640f28d64081c99ab7a68910f242e210a/net/dns/record_rdata_unittest.cc
,
Sep 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9f72d28d39d875845c9b2acf2d2eb50f8726dea1 commit 9f72d28d39d875845c9b2acf2d2eb50f8726dea1 Author: Rob Percival <robpercival@chromium.org> Date: Tue Sep 26 23:59:45 2017 EDNS0: Allow setting EDNS0 options through DnsTransaction This makes it possible for users of DnsClient to provide EDNS0 options that should be included in all DNS queries. The Certificate Transparency LogDnsClient class will later use this capability to disable use of the EDNS0 Client Subnet extension during its queries. This will provide greater privacy for users (see https://tools.ietf.org/html/rfc7871#section-2). Bug: 667805 Change-Id: I7e91335767f0fb907317077e80bc34fa6b570efd Reviewed-on: https://chromium-review.googlesource.com/681657 Commit-Queue: Rob Percival <robpercival@chromium.org> Reviewed-by: Miriam Gershenson <mgersh@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/master@{#504529} [modify] https://crrev.com/9f72d28d39d875845c9b2acf2d2eb50f8726dea1/net/dns/dns_test_util.cc [modify] https://crrev.com/9f72d28d39d875845c9b2acf2d2eb50f8726dea1/net/dns/dns_transaction.cc [modify] https://crrev.com/9f72d28d39d875845c9b2acf2d2eb50f8726dea1/net/dns/dns_transaction.h [modify] https://crrev.com/9f72d28d39d875845c9b2acf2d2eb50f8726dea1/net/dns/dns_transaction_unittest.cc
,
Oct 4 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7c3cfac9f67d1331151f207d28bd043b489a87d9 commit 7c3cfac9f67d1331151f207d28bd043b489a87d9 Author: Rob Percival <robpercival@chromium.org> Date: Wed Oct 04 19:02:35 2017 Make CreateDnsTxtRequest() more concise Use net::DnsQuery to encode the DNS request. Bug: 667805 Change-Id: I89e03912522466dfb17bae4d3b6def448af80667 Reviewed-on: https://chromium-review.googlesource.com/671015 Reviewed-by: Miriam Gershenson <mgersh@chromium.org> Reviewed-by: Eric Roman <eroman@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Commit-Queue: Rob Percival <robpercival@chromium.org> Cr-Commit-Position: refs/heads/master@{#506470} [modify] https://crrev.com/7c3cfac9f67d1331151f207d28bd043b489a87d9/components/certificate_transparency/mock_log_dns_traffic.cc
,
Oct 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/26c452fd56661c7c0597385c6882488d4b117ffa commit 26c452fd56661c7c0597385c6882488d4b117ffa Author: Rob Percival <robpercival@chromium.org> Date: Tue Oct 10 09:13:43 2017 EDNS0: Make LogDnsClient disable Client Subnet Extension This improves privacy for users, by preventing DNS resolvers adding the client's subnet to Certificate Transparency DNS queries. See https://tools.ietf.org/html/rfc7871#section-2. Bug: 667805 Change-Id: I8f8b5a42cc4e2ae6051ec0cc14ef171a4daa3c80 Reviewed-on: https://chromium-review.googlesource.com/681676 Commit-Queue: Rob Percival <robpercival@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Cr-Commit-Position: refs/heads/master@{#507624} [modify] https://crrev.com/26c452fd56661c7c0597385c6882488d4b117ffa/components/certificate_transparency/log_dns_client.cc [modify] https://crrev.com/26c452fd56661c7c0597385c6882488d4b117ffa/components/certificate_transparency/mock_log_dns_traffic.cc
,
Oct 12 2017
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by robpercival@chromium.org
, Nov 28 2016# EDNS support in Chromium # Required: 1) Implement support for writing EDNS OPT RRs. Either: a) Create OptRecordRdata class to encapsulate EDNS option writing. - This will be the only *RecordRdata class that knows how to write itself. The rest of the classes only know how to read themselves. This is because typical DNS requests do not contain RRs. b) Add write support directly in DnsQuery. - This already contains all of the other write logic for a DNS request. 2) Add constructor param for EDNS options to DnsQuery. 3) Add contructor param for EDNS options to DnsTransactionImpl. 4) Add methods to DnsTransactionFactory to add/remove EDNS options. Optional: 1) Add method to DnsTransaction to get EDNS options. 2) Add support for OptRecordRdata to RecordParsed. Once this fundamental EDNS support is implemented, an ECS option can be added to all CT DNS requests with SOURCE PREFIX-LENGTH == 0 to disable the client subnet being added to the request by recursive resolvers.