IETF Logo Mail Archive

Re: [Add] fixing coffee shop brokenness with DoH

Ted Lemon <mellon@fugue.com> Wed, 24 July 2019 14:15 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94D54120165 for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 07:15:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u59KhTZFRUKn for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 07:15:37 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A07661202EE for <add@ietf.org>; Wed, 24 Jul 2019 07:15:37 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id 44so14595378qtg.11 for <add@ietf.org>; Wed, 24 Jul 2019 07:15:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=jWj0mnWOOg86yDTy+NMDiwteiXMrus2Jj/qZMynfRzQ=; b=1P9493di6zqpf2TpJbgSJPoR+v7xgMzzr2ZXheKF9SlZrkjqlWcrCFQ4swRDUVpHe6 xMRkR3Cizr9bFemMfRO6fXlsz0bmXvLs9XKx+d3Kcwx2QU1Vzpg2hxzSt/iQlBm11XVR AAOGm2IyIWqZws8Yxqf8o4bq8rmwvN3FJ0OngsdzYttrtyFtcbZ+8wclRO4EXxWto7pD w3nsdOi1IEruBFNP9/0K1r6QdwqB35P3iMCu27KM23hEoY/jSmhtL5eL7G83Tp92n7Al Ztm2KE35FJNN1/8AqXKs5+vfxTFsFq5MhXh/s0oBx3hU7ykrx4SL3mhX/kbRwjpSnD1u AG3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=jWj0mnWOOg86yDTy+NMDiwteiXMrus2Jj/qZMynfRzQ=; b=jcHFHCaUpaZF9jinn/+Ta6DmY1ECSm0s+KCGVaCUrpPa7EFN4aoGVC11KjUU18pIvJ nfhKHlNZ4ak+F+US599B3vkL9SpB1kuduQGETgfl9kdhzI+NeDt3TMDFJR6rbTPvLLmc 2JMFipiWwdWFnWssWhOMYX7xj+d3b92i9Wz4qAWcn1Ha90U5FApWAF3wYRs5SJrzg7Lq qrokp08Tn1Rqs/R1WjF/7qlEpEQMm0qnwVIhbdYjp9kx5HhD7bO/35AcfoScD5cON8ud QjCcjbzQz4VMM15lBaN7Vo8PmobRZ8mJP3IUnK9Vgi+OouX8hjAldDhK4v613W3RBFSA vkPg==
X-Gm-Message-State: APjAAAX8SlIB/fNCySwnszPi48Fc1+hT0wRcuv/+od7Msu9w3qDqXSSe DmlGcIwJ7Vk+aj7oWzvDpJLHhQ==
X-Google-Smtp-Source: APXvYqx5c95NlBCINnvHFkkwS6tMrFhVMFlLK2rjTpT6QR+Q7uF7MrTPXTNKfEXXpxGd3Kyu2YNHPA==
X-Received: by 2002:a0c:aede:: with SMTP id n30mr59026892qvd.152.1563977736685; Wed, 24 Jul 2019 07:15:36 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:128:b954:d2fe:7e59:68aa? ([2001:67c:370:128:b954:d2fe:7e59:68aa]) by smtp.gmail.com with ESMTPSA id m27sm22857717qtu.31.2019.07.24.07.15.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jul 2019 07:15:36 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_21DE8653-20AC-49EB-8FFF-C78DD7127AF4"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Ted Lemon <mellon@fugue.com>
X-Priority: 3
In-Reply-To: <520325278.24189.1563973538937@appsuite-gw1.open-xchange.com>
Date: Wed, 24 Jul 2019 10:15:33 -0400
Cc: Joseph Lorenzo Hall <joe@cdt.org>, "add@ietf.org" <add@ietf.org>
Message-Id: <E957E29E-66A9-4F49-8456-C2BBF9693928@fugue.com>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114E23910C@GAALPA1MSGUSRBF.ITServices.sbc.com> <14DF8769-A817-4C06-9140-80198518244F@akamai.com> <CAChr6SzH1EycAr5n+dK5BQcG=0Zsw66qE=8Rptvq7SEoEvQQ=Q@mail.gmail.com> <E5A0DAE2-A718-41EA-B490-58ABD0F31CF2@rfc1035.com> <CAChr6SzvUZS4Ru_SttiZgWtjwBuLrzc_fdewq9w-Ts+Rq_oNHw@mail.gmail.com> <9E8BD2C4-D750-4B8C-BA34-AC4425F2951D@gmail.com> <CAChr6Szo+1x6BnU2XH2A0o7CTQrQhFVPYezR7KQVLw-nWToULg@mail.gmail.com> <MN2PR21MB12134C6B57220E1B8BF5C811FAC60@MN2PR21MB1213.namprd21.prod.outlook.com> <CABtrr-Ue6rAom3ubJc_tPbn37T8HPGPabzX=CxT9UmiicbUtXQ@mail.gmail.com> <520325278.24189.1563973538937@appsuite-gw1.open-xchange.com>
To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/4ay547useV7u-XjMPrjTM4m8gyw>
Subject: Re: [Add] fixing coffee shop brokenness with DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 14:15:43 -0000

On Jul 24, 2019, at 9:05 AM, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote:
> What you seem to want above, however, is not made possible by centralization, but by user choice, i.e. the user being able to tell all the applications to use a specific resolver that has a privacy policy they like.

I asked this question earlier and nobody answered, so I’ll ask it again.  How do we ensure that the user has a choice and that the choice is honored?   Or to put it differently, suppose a malicious app wants to funnel all user DNS requests to a tracker.   How can we detect that this is happening?   How can we prevent it?

I think there’s a tendency to not talk about this problem because I think it’s an extremely hard problem.   It pretty much boils down to this: who can the user trust?  Can the user even meaningfully evaluate their determination of trust?   At present, the trust model is “if I download the browser from Mozilla, I can trust it,” or some variation on that model.  This maybe works for something like Firefox, but, if pretty much any app is doing DoH, can we even tell that this is happening?

I can think of ways of making it hard for the app to misbehave in this way, but no way to completely prevent it.

This is important for two reasons.   First, we should not pretend that we can prevent what we can’t prevent.   Secondly, we should actually come up with a mitigation strategy.

v2.23.0 | Report a Bug | By Email