[Add] Browser Administrative Authority

"Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com> Fri, 24 May 2019 14:49 UTC

Return-Path: <Glenn.Deen@nbcuni.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D47812003F for <add@ietfa.amsl.com>; Fri, 24 May 2019 07:49:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KK2gQVEPjavz for <add@ietfa.amsl.com>; Fri, 24 May 2019 07:49:08 -0700 (PDT)
Received: from mx0a-00176a04.pphosted.com (mx0a-00176a04.pphosted.com [67.231.149.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DDD912031E for <add@ietf.org>; Fri, 24 May 2019 07:48:51 -0700 (PDT)
Received: from pps.filterd (m0048276.ppops.net [127.0.0.1]) by m0048276.ppops.net-00176a04. (8.16.0.27/8.16.0.27) with SMTP id x4OEmDrS011602 for <add@ietf.org>; Fri, 24 May 2019 10:48:50 -0400
Received: from usaoamgip002.mail.tfayd.com ([173.213.212.136]) by m0048276.ppops.net-00176a04. with ESMTP id 2sjayv6f7n-1 (version=TLSv1.2 cipher=RC4-SHA bits=128 verify=NOT) for <add@ietf.org>; Fri, 24 May 2019 10:48:50 -0400
Received: from unknown (HELO potemwp00014.mail.tfayd.com) ([10.40.78.204]) by usaoamgip002.mail.tfayd.com with ESMTP; 24 May 2019 10:46:15 -0400
Received: from potemwp00029.mail.tfayd.com (100.124.56.53) by potemwp00025.mail.tfayd.com (100.124.56.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Fri, 24 May 2019 08:48:47 -0600
Received: from potemwp00029.mail.tfayd.com ([100.124.56.53]) by potemwp00029.mail.tfayd.com ([100.124.56.53]) with mapi id 15.01.0669.032; Fri, 24 May 2019 08:48:47 -0600
From: "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
To: "add@ietf.org" <add@ietf.org>
CC: "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
Thread-Topic: Browser Administrative Authority
Thread-Index: AQHVEj/KCszQjrP3dE6V1AF0CU4zcQ==
Date: Fri, 24 May 2019 14:48:47 +0000
Message-ID: <182C9119-59F9-43FA-B116-4D45649B74B5@nbcuni.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [100.124.57.31]
x-exclaimer-md-config: 47edc00f-f2d6-45ef-be83-8a353bd47e45
Content-Type: multipart/alternative; boundary="_000_182C911959F943FAB1164D45649B74B5nbcunicom_"
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-05-24_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=893 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905240099
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/2QWysnscaMV1lMjNmvIl0VbYPrk>
Subject: [Add] Browser Administrative Authority
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 14:49:11 -0000

HI everyone,

I’ve been thinking though some of the issues with the proposal DoH deployment in browsers.

A big part of the tug of war here is  the authority precedence for advanced security and network settings that should be followed.

Historically, it’s been at the device level – which meant the device administrator, which could choose delegate choices to a specific DNS resolver operator, or to the Network DHCP provided settings.

Now the browser is seeking to adding itself into the authority chain for those settings. The trouble being that this is a major change to the administrative trust model.

To date, browser settings have been limited to rendering options, some basic certificate options, addons, and scripting language choices.    Advance security and trust has remained with the device administrator.     Adding the browser to the administrative chain so that it can control advanced security and network settings introduces a problem because the browser does not have an administrative level authority that is as high as the device administrator.

Current hierarchy (top has more authority)

              Device Administrator       -- device authority for security, network, trust settings
              Network Administrator     -- provides recommend network settings to devices
              Resolver Administrator    -- can provide filtering
              Browser  Maker               -- provides core trusted certificate list
              Browser User                  -- can set rendering options, can make limited certificate choices, plugins.  – Impact is limited to the browser sandbox


The problem is that some of the browser makers proposals are now changing this administrative authority hierarchy, but they haven’t done the extra work of establishing administrative trust and working through the consequences of that such as a child being able to change the browser DNS settings and bypass both resolver, Network, and even OS based restrictions.

So they are changing it to:

              Browser Maker                -- provides default DNS resolver and DNS Protocol choices.
              Browser User                  -- can set DNS resolver and DNS protocol
              Device Administrator       -- device authority for security, network, trust settings
              Network Administrator     -- provides recommend network settings to devices
              Resolver Administrator    -- can provide filtering



The path to fixing this maybe to see if there is a way to express the administrative hierarchy that respects the intentions of the device administrator on what hierarchy they want to accept/delegate decisions to.

It maybe that what’s needed is a means to communicate to the browser what authority the device administrator wants it to follow, since in the end the device owner should be in charge.


-glenn