IETF Logo Mail Archive

Re: [Add] Browser Administrative Authority

Tommy Jensen <Jensen.Thomas@microsoft.com> Fri, 24 May 2019 17:37 UTC

Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3E9B120141 for <add@ietfa.amsl.com>; Fri, 24 May 2019 10:37:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.02
X-Spam-Level:
X-Spam-Status: No, score=-0.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IEn0fwc2j5qk for <add@ietfa.amsl.com>; Fri, 24 May 2019 10:37:50 -0700 (PDT)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0711.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe49::711]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCC30120059 for <add@ietf.org>; Fri, 24 May 2019 10:37:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=RJaqYicyOEt9LPmZyuRtFUtRvPXTYEd3X2n0HmZKuN+dK2f8L+8p2EZGN/F7hM+YgpTYc/FHqbmV/hbM6FquM/wA4v5cmaPH52jg55amX4mAJtmvMV5BEapl5l3dGuS7Je5mrjahN/FzUcLiy88/qi+lVLO1cyMvRUFot63Q2cc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7bTjTB+xjxcWIbKkU55zXiOUXV8/MVt0c+03E5zJGzg=; b=BszUQRUujiDXUF1eDT6HilPXLNHr/m9BUMrtNfSj53e/Q1uB+IE+FupOIhctH8NAu/Qab7wtgsOZb5XEwmShb/429qnYlWnEdC57mayO0L7G64/huoz8b903TKsd2Fw1L9+AT6yrARaERXY88RvTLp27Udl5hLmGfX2wn+wwsyo=
ARC-Authentication-Results: i=1; test.office365.com 1;spf=none;dmarc=none;dkim=none;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7bTjTB+xjxcWIbKkU55zXiOUXV8/MVt0c+03E5zJGzg=; b=O6M3eGRex+yAc2Vyq3wjr/ik1TDyLZaO+Im4zjyTNB25PgGO3tFLhSbu65Nbk9vihksiGn3pQ7CyA1g+h/l/3Yuld8lbbVjfBCovsqzz3zYDOzkIl5siPT0DWsCL6SHlVqMSmiFLxX9Ye8F3wEblf68508arg+l5tsilqsFttGU=
Received: from MN2PR21MB1213.namprd21.prod.outlook.com (2603:10b6:208:3a::13) by MN2PR21MB1261.namprd21.prod.outlook.com (2603:10b6:208:3c::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1943.3; Fri, 24 May 2019 17:37:47 +0000
Received: from MN2PR21MB1213.namprd21.prod.outlook.com ([fe80::2583:ea78:45d9:cf2a]) by MN2PR21MB1213.namprd21.prod.outlook.com ([fe80::2583:ea78:45d9:cf2a%7]) with mapi id 15.20.1943.007; Fri, 24 May 2019 17:37:47 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: "Cook, Neil" <neil.cook=40open-xchange.com@dmarc.ietf.org>, Adam Roach <adam@nostrum.com>
CC: "add@ietf.org" <add@ietf.org>, "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
Thread-Topic: [Add] Browser Administrative Authority
Thread-Index: AQHVEj/KCszQjrP3dE6V1AF0CU4zcaZ6bliAgAAQiwCAAAj8aA==
Date: Fri, 24 May 2019 17:37:47 +0000
Message-ID: <MN2PR21MB1213868D0BC3575C2589B670FA020@MN2PR21MB1213.namprd21.prod.outlook.com>
References: <182C9119-59F9-43FA-B116-4D45649B74B5@nbcuni.com> <07A89E54-2DFC-4B5A-9784-610BBE7D2BB2@nostrum.com>, <125917581.1152.1558717017241@appsuite-gw4.open-xchange.com>
In-Reply-To: <125917581.1152.1558717017241@appsuite-gw4.open-xchange.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Jensen.Thomas@microsoft.com;
x-originating-ip: [131.107.160.81]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6d5b9182-17e8-48cb-934f-08d6e06e897c
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:MN2PR21MB1261;
x-ms-traffictypediagnostic: MN2PR21MB1261:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MN2PR21MB1261138E55BDFBEA23725CE0FA020@MN2PR21MB1261.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0047BC5ADE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(396003)(136003)(366004)(39860400002)(346002)(199004)(189003)(53754006)(71190400001)(4326008)(71200400001)(33656002)(8990500004)(486006)(476003)(14454004)(561944003)(6246003)(22452003)(110136005)(19627405001)(8936002)(256004)(2906002)(54906003)(10290500003)(478600001)(14444005)(53936002)(966005)(72206003)(73956011)(91956017)(76116006)(66446008)(102836004)(66556008)(64756008)(66946007)(66476007)(76176011)(52536014)(7696005)(53546011)(6506007)(74316002)(25786009)(81166006)(6436002)(8676002)(55016002)(9686003)(236005)(6306002)(54896002)(81156014)(86362001)(99286004)(229853002)(5660300002)(3846002)(6116002)(86612001)(66066001)(52396003)(11346002)(10090500001)(68736007)(66574012)(606006)(7736002)(316002)(26005)(446003)(105004)(186003); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR21MB1261; H:MN2PR21MB1213.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: L5lR/gszrBD7FzCRsRTN/JzTKcju+9qGHz24+rRNmDw4cidOHd5fwtpCXZ+YF4KFOJOgXe46weGNTQlAF6wl6VFCFjJpWKM/ySPyJcNgXXiEJbT0mhAU2r7TZA4ActptODZ+/NjPK2/opVn0UIELgU9qBJRHQjtJ1roXPR1pwfaQOeSa2qpHERqW34B1Lw5oFv11xcUZjQShkOgw35+ElNnbH16Z1jQ0Y6Dmo+RZfO1oz0sAFUuW2zOTna4KopD+aUTBgrjFN0FCp3UwjuCGcDJBZvWw1LS41Ccg/tnzNiVDH0wyBoqeXIylGkBFo5tKvAsF3DVL4O5DPplWQTc67Oc+KRtJqJEr3/W/qMSDDAo5wJAmU0ZGThXIfBQIvUdipt7XzQSSlBFEdSAK/a28ik97lQQFoXfHa5uU7aX/jh0=
Content-Type: multipart/alternative; boundary="_000_MN2PR21MB1213868D0BC3575C2589B670FA020MN2PR21MB1213namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6d5b9182-17e8-48cb-934f-08d6e06e897c
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2019 17:37:47.4799 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tojens@microsoft.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR21MB1261
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/7qy65jCPMdUgWK_kVRG7iE3P5mg>
X-Mailman-Approved-At: Fri, 24 May 2019 10:53:41 -0700
Subject: Re: [Add] Browser Administrative Authority
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 17:39:22 -0000

Glenn, that was a great write-up. Thanks for sharing.

To highlight Neil's point about this not being enterprise only: imagine a parent who configures content controls through their ISP. In a world where the browser defaults the user into using the browser's own DNS (DoH or otherwise) while bypassing system policies, children have a no effort needed sidestep to parental controls and it won't be immediately obvious to the parent why their controls don't work.

I don't think asking the platform and other apps on the platform to all be aware of one another's policies is scalable. For the same reasons Glenn gave, I think apps should defer to the platform, redirecting users to make changes there rather than making changes within their own space.

Thanks,
Tommy

________________________________
From: Add <add-bounces@ietf.org> on behalf of Cook, Neil <neil.cook=40open-xchange.com@dmarc.ietf.org>
Sent: Friday, May 24, 2019 9:56 AM
To: Adam Roach
Cc: add@ietf.org; Deen, Glenn (NBCUniversal)
Subject: Re: [Add] Browser Administrative Authority

Glenn’s point is not just about enterprises. It applies to consumer use cases as well.

Neil

Sent from my iPhone

On 24 May 2019, at 16:58, Adam Roach <adam@nostrum.com<mailto:adam@nostrum.com>> wrote:

This is called “enterprise policy”, and — as far as I know — all major browsers honor it.

See, e.g., https://support.mozilla.org/en-US/products/firefox-enterprise/policies-customization-enterprise/policies-overview-enterprise<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.mozilla.org%2Fen-US%2Fproducts%2Ffirefox-enterprise%2Fpolicies-customization-enterprise%2Fpolicies-overview-enterprise&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C421d47c01fa144f4193208d6e068dcdd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636943138330418185&sdata=uuA80939I8ud4IOBT%2BjtbgXuxjYYapkrVPIJzYWDVXE%3D&reserved=0>

/a

On May 24, 2019, at 09:48, Deen, Glenn (NBCUniversal) <Glenn.Deen@nbcuni.com<mailto:Glenn.Deen@nbcuni.com>> wrote:


HI everyone,



I’ve been thinking though some of the issues with the proposal DoH deployment in browsers.



A big part of the tug of war here is  the authority precedence for advanced security and network settings that should be followed.



Historically, it’s been at the device level – which meant the device administrator, which could choose delegate choices to a specific DNS resolver operator, or to the Network DHCP provided settings.



Now the browser is seeking to adding itself into the authority chain for those settings. The trouble being that this is a major change to the administrative trust model.



To date, browser settings have been limited to rendering options, some basic certificate options, addons, and scripting language choices.    Advance security and trust has remained with the device administrator.     Adding the browser to the administrative chain so that it can control advanced security and network settings introduces a problem because the browser does not have an administrative level authority that is as high as the device administrator.



Current hierarchy (top has more authority)



              Device Administrator       -- device authority for security, network, trust settings

              Network Administrator     -- provides recommend network settings to devices

              Resolver Administrator    -- can provide filtering

              Browser  Maker               -- provides core trusted certificate list

              Browser User                  -- can set rendering options, can make limited certificate choices, plugins.  – Impact is limited to the browser sandbox





The problem is that some of the browser makers proposals are now changing this administrative authority hierarchy, but they haven’t done the extra work of establishing administrative trust and working through the consequences of that such as a child being able to change the browser DNS settings and bypass both resolver, Network, and even OS based restrictions.



So they are changing it to:



              Browser Maker                -- provides default DNS resolver and DNS Protocol choices.

              Browser User                  -- can set DNS resolver and DNS protocol

              Device Administrator       -- device authority for security, network, trust settings

              Network Administrator     -- provides recommend network settings to devices

              Resolver Administrator    -- can provide filtering







The path to fixing this maybe to see if there is a way to express the administrative hierarchy that respects the intentions of the device administrator on what hierarchy they want to accept/delegate decisions to.



It maybe that what’s needed is a means to communicate to the browser what authority the device administrator wants it to follow, since in the end the device owner should be in charge.





-glenn



--
Add mailing list
Add@ietf.org<mailto:Add@ietf.org>
https://www.ietf.org/mailman/listinfo/add<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fadd&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C421d47c01fa144f4193208d6e068dcdd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636943138330418185&sdata=oU%2BCn1b6ZnhcqdbC9DfsZJDdbgBuUulonrCmpszw5cg%3D&reserved=0>
--
Add mailing list
Add@ietf.org<mailto:Add@ietf.org>
https://www.ietf.org/mailman/listinfo/add<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fadd&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C421d47c01fa144f4193208d6e068dcdd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636943138330428195&sdata=UpeS0reJ%2BhVeVP4HuDCqMK3sDCqVDv4o2LAtIyoBS2o%3D&reserved=0>

v2.23.0 | Report a Bug | By Email