IETF Logo Mail Archive

Re: [Add] fixing coffee shop brokenness with DoH

Bret Jordan <jordan.ietf@gmail.com> Wed, 24 July 2019 11:42 UTC

Return-Path: <jordan.ietf@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE99C12018B for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 04:42:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kvnybq5YFeIi for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 04:42:04 -0700 (PDT)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CEB71200D5 for <add@ietf.org>; Wed, 24 Jul 2019 04:42:04 -0700 (PDT)
Received: by mail-qk1-x730.google.com with SMTP id d15so33453223qkl.4 for <add@ietf.org>; Wed, 24 Jul 2019 04:42:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wlNUGRouNJLShYGi6objfkYI50trtLdbKrISwLDyC3Q=; b=UWTCglplOjyEIWuBACQgvvFmBBZ41Hgi5g3kRPzsxuNpFY2fyEDso+1Pbc6oQ3AtgU o4IGJNA+6aGe8qLqbbwZC4jrLpKGhJP70Tg9rXaFxSyebwuRf0B03z6KBddKeqFUJX8I D1C4Ul5YF2og39Aq5jsof+CLeV69h+iYWCT3UYEsRjZLUX655Bim8/jXTgD5lEjLUm0r tS0zRnWk3PMofekbpuw/PEc2sy2HLrcPKCpygDpn5L+J/2DTWMxljxdMSv9swK+BffyD lVxfCUbwyS5cF+uZH5ALkiYOiEG7N1xC0w/KS/BRMyw7jzIKs2tkeQlCLXsfyG+poLch XTJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wlNUGRouNJLShYGi6objfkYI50trtLdbKrISwLDyC3Q=; b=BiV6Bgb9+0hpaNEKs7XMbxNCbzNssFoTd4l7u6DgJN4aUnRYfKGujlyQFXcr5IIQ47 1i8CysKxtPaqbCvpU+59xxBo5RlbC/d8htfPai49II5M68juYwYSyFMjEqB3GW7BZHek ay6SgfQAQ8JZaWMxXV3Dtx0wd10T+wcM2Yux0iwrbgBo3NId0ulq+smDl8ZaUu+k+tJN KRBFM0B5v+bfUuwH+HmhbvpbntwGo80Ai4v6DP0q60KtmTNokP+C3EedWP8lxRWwIbhh wvWoMnUR2oAx9RDExnE/RU4NbXuztOHlP7ttoa+EhRfm0SDaQquAw59BqJapKZAArIyS Vwrw==
X-Gm-Message-State: APjAAAXpAUAcO26pG/Ysh6AY85ElEgIXOKRgPocQNq65+ENDm+xzKilg y9BjNNnSjsYcpYxPRjoCLjy3QNgn
X-Google-Smtp-Source: APXvYqw7Mbw8dLRq5pNL1zilCHbzDz86DtQdsnb5xIvDeEQ6F4ToCMx2EHcOTVkR5ldKXA30HwS3oA==
X-Received: by 2002:a37:a6d8:: with SMTP id p207mr49190618qke.387.1563968522922; Wed, 24 Jul 2019 04:42:02 -0700 (PDT)
Received: from [172.20.0.236] ([216.113.24.76]) by smtp.gmail.com with ESMTPSA id x23sm18861483qtp.37.2019.07.24.04.42.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jul 2019 04:42:02 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-A3A92C12-6CD9-46B9-9185-CFEC606608F8"
Mime-Version: 1.0 (1.0)
From: Bret Jordan <jordan.ietf@gmail.com>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <CABtrr-W178F8TZ78X51xrMCC9PE79n=6QzvLaNpuGpU18EPFiA@mail.gmail.com>
Date: Wed, 24 Jul 2019 07:42:01 -0400
Cc: Jim Reid <jim@rfc1035.com>, Rob Sayre <sayrer@gmail.com>, Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>, "add@ietf.org" <add@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <10762BA8-491F-474B-B23A-B7E5BD94F480@gmail.com>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114E23910C@GAALPA1MSGUSRBF.ITServices.sbc.com> <14DF8769-A817-4C06-9140-80198518244F@akamai.com> <CAChr6SzH1EycAr5n+dK5BQcG=0Zsw66qE=8Rptvq7SEoEvQQ=Q@mail.gmail.com> <E5A0DAE2-A718-41EA-B490-58ABD0F31CF2@rfc1035.com> <CAChr6SzvUZS4Ru_SttiZgWtjwBuLrzc_fdewq9w-Ts+Rq_oNHw@mail.gmail.com> <9E8BD2C4-D750-4B8C-BA34-AC4425F2951D@gmail.com> <CAChr6Szo+1x6BnU2XH2A0o7CTQrQhFVPYezR7KQVLw-nWToULg@mail.gmail.com> <MN2PR21MB12134C6B57220E1B8BF5C811FAC60@MN2PR21MB1213.namprd21.prod.outlook.com> <CABtrr-Ue6rAom3ubJc_tPbn37T8HPGPabzX=CxT9UmiicbUtXQ@mail.gmail.com> <343D8DDD-CCEC-4DAB-85D9-B6ED8ABAB91B@gmail.com> <CABtrr-W178F8TZ78X51xrMCC9PE79n=6QzvLaNpuGpU18EPFiA@mail.gmail.com>
To: Joseph Lorenzo Hall <joe@cdt.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/3qibeN8qJbiS5D9Zd59MBr2A_jU>
Subject: Re: [Add] fixing coffee shop brokenness with DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 11:42:07 -0000

My point is centralization of dns queries seems like a far larger potential problem.  Especially when the query is over http and can easily allow extra headers so the end user can be fully tracked.  

Bret

Sent from my Commodore 128D

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

> On Jul 24, 2019, at 7:36 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
> 
> I can do that but the user base we represent at CDT cannot. So not an answer.
> 
>> On Wed, Jul 24, 2019 at 07:33 Bret Jordan <jordan.ietf@gmail.com> wrote:
>> If you are really worried about it, run your own.  I do, and have for 25+ years.  
>> 
>> Bret 
>> 
>> Sent from my Commodore 128D
>> 
>> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
>> 
>>> On Jul 24, 2019, at 6:19 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
>>> 
>>> 
>>> 
>>>> On Tue, Jul 23, 2019 at 22:26 Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org> wrote:
>>>> > Are people selling DNS logs to ad tech companies? Is that the ecosystem being disrupted?
>>>> 
>>>> Given how many valid points have been brought up in the last few weeks about the drawbacks of centralized app-configured DNS, I don’t think the glib tone is constructive.
>>> 
>>> Tone aside, to some users, centralization is a benefit in that they don't have a bunch of unknown privacy policies applying to the resolution of the names they need. For example, the privacy policy of 1.1.1.1 is pretty amazing from the perspective of data retention, secondary uses, etc. (e.g., I know my resolutions will be removed from their logs within 24 hours).
>>> 
>>> This may seem small but it seems to be lost in the centralization/choice discussion.
>>> -- 
>>> Joseph Lorenzo Hall
>>> Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
>>> 1401 K ST NW STE 200, Washington DC 20005-3497
>>> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
>>> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
> -- 
> Joseph Lorenzo Hall
> Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
> 1401 K ST NW STE 200, Washington DC 20005-3497
> e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
> Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

v2.23.0 | Report a Bug | By Email