IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00

Rob Sayre <sayrer@gmail.com> Tue, 16 July 2019 15:24 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16B95120783 for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 08:24:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dl3jmFzw2T7Q for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 08:24:18 -0700 (PDT)
Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B15AD120790 for <add@ietf.org>; Tue, 16 Jul 2019 08:24:10 -0700 (PDT)
Received: by mail-io1-xd41.google.com with SMTP id j5so36353304ioj.8 for <add@ietf.org>; Tue, 16 Jul 2019 08:24:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hj77lW4UlnYouvRN1oWqJIi0QC+Zn65pT9dfI8uPwlk=; b=cj1vSZerDMel5yau//faABYWL1o9eJkRcGkrqiJKJ/aw9kljpFziUDS05cmt23w9SH lJ60c8xinQZRHzOkcWsXydq8fbJdtF1pVMx6aANmA0mo0+uhJuXHcanMYCK7eIc76DkD M3bjn6tiRdQrzQQkgMTzmni4c/jD0leBeKukPpATkHfH+hiHvT/eKgYa8Rp+lqN4ntht nQDK4RDdsJqy5+cV9ODhT1DsF8qLZrmYEeiLnTy3U4qFcARkEiPAgKzb82sr42nFEyRZ lbmkyap7dzzTXj7fJITZh0a0g5cvjtGrezEvTujlHSu9dPVuGKfqzOiKaIj2laqehDpC d5nQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hj77lW4UlnYouvRN1oWqJIi0QC+Zn65pT9dfI8uPwlk=; b=jHF6b/trOVI+waqDagCXxWEN+Cntp4y9Qw/giMf6M+qWBXLsxz/+IoZadooHIXEYG/ Tt+XLzzFqEOU7Fg5KqbIO3hhdAoSoL8uIL4LtQwkQ0FtbCX2FoZjqFGVO0zbb+MLgouK Xs+rrhQWQ1uD/yJPZT470oY/W5Mb3MmmFjKMZYVyLYB2JraJUFeByQJDzn5HM03AYerS UCrkWvKogdclv5rXW7XV0CbBgVfRH/abeYrw/1k6iHrcqkPESsQVp8NRuIf19Jb0QQCn Mm0EDXCBWfIB/BK/gryKI4CzRNHwtmTxem2CUCY0HZHY9D5befLEle/8h97pifK8Ummd eFnw==
X-Gm-Message-State: APjAAAVVGc0G3g+ih+XA2lFHVBbJkQyqlpmXXBDjE5KiOsbnCJWyBrSD Xxjg/Ux0G3y0XTVn8GMx90DNFAvAdvDtTLIMciE=
X-Google-Smtp-Source: APXvYqxdrRCeGmrRyDOcyXR4UTvcdtH/nC3Cog0na1WIQb8Mi6eEpSjhyswtEk5Kyom3NKvyZjIVReHmR6HSjF6z2is=
X-Received: by 2002:a02:13c3:: with SMTP id 186mr34537322jaz.30.1563290649831; Tue, 16 Jul 2019 08:24:09 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6SwEUz9MrdRA0bnv9f-oNi0oUHkfRKjd9-o6jwhuckLXdw@mail.gmail.com> <CAFWeb9LNdT=EYVKTsYDxcBCQKoQFNShKotYtWujt4U9GA-V1mg@mail.gmail.com> <CAFWeb9+eWKSKY9O2JLn9-0+Zq7hrD48F-y+Y4T-iRaaF0vtdOA@mail.gmail.com> <A45F4F74-D6C1-435A-A52F-C2DEA82E2999@sky.uk> <CAFWeb9JVBj+Yehup5q4v9X-7XDY+02frd-04AQGL2HoSLON2qA@mail.gmail.com> <CABcZeBMY9q9vKGse1svzbvXF_dSHA+9q06j4ugDVCZP9VT1koQ@mail.gmail.com>
In-Reply-To: <CABcZeBMY9q9vKGse1svzbvXF_dSHA+9q06j4ugDVCZP9VT1koQ@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Tue, 16 Jul 2019 08:23:58 -0700
Message-ID: <CAChr6Sz5Rfz=UxOYuPguSvVK2HCX2ZoA1-FytW7+EOUxN8y46Q@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Alec Muffett <alec.muffett@gmail.com>, add@ietf.org, "Dixon, Hugh" <Hugh.Dixon@sky.uk>
Content-Type: multipart/alternative; boundary="000000000000dd2b51058dcdf7d0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/8JIpl9UlBCjziHtMvjiWe1vXKr4>
Subject: Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 15:24:21 -0000

On Tue, Jul 16, 2019 at 7:22 AM Eric Rescorla <ekr@rtfm.com> wrote:

> Hi Alec,
>
> This is a good question.
>
> As I alluded to in my response to Robert Sayre, DoH has a difficult
> deployment problem. Specifically, whether we like it or not, there are
> some environments in which DNS filtering is in place and the user
> wants it that way (parental [0] or anti-malware filtering are good
> examples of this).
>

Parental controls and malware detection are usually done on the device.

https://www.apple.com/newsroom/2019/04/the-facts-about-parental-control-apps/
https://blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/


>
> In any case, hopefully this clarifies the situation.
>

It does not.

thanks,
Rob



>
>
> On Tue, Jul 16, 2019 at 4:26 AM Alec Muffett <alec.muffett@gmail.com>
> wrote:
>
>> On Tue, 16 Jul 2019, 11:31 Dixon, Hugh, <Hugh.Dixon@sky.uk> wrote:
>>
>>> Hi Alec –
>>>
>>
>> Hi Hugh!
>>
>> Given that this is at its core (just) a protocol for asking (any) DNS
>>> server whether it has a filtering policy, won’t “non-compliant software”
>>> will be the sort of software which does not beacon?
>>>
>>
>> That's kinda the whole point; the problem is that innocent people might
>> try using Firefox to access Twitter from Turkey during a civil rights
>> crackdown, their Firefox-implementing-this-mechanism will give them away as
>> trying to evade Government blocking of Twitter, and they will end up
>> arrested or worse.
>>
>> Not everyone is in a position to welcome or appreciate upstream DNS
>> filtering "for their own good" - for instance, this example from Turkey:
>>
>>
>> https://www.mic..com/articles/85987/turkish-protesters-are-spray-painting-8-8-8-8-and-8-8-4-4-on-walls-here-s-what-it-means
>> <https://www.mic.com/articles/85987/turkish-protesters-are-spray-painting-8-8-8-8-and-8-8-4-4-on-walls-here-s-what-it-means>
>>
>> It would seem regressive of Mozilla's principles to assist someone
>> getting identified & thrown in jail for non-compliance with repressive
>> blocking; not to mention - to repeat - the other obvious possibility is
>> that any IP address which beacons-out a lookup of TBD.arpa will immediately
>> be blackholed / firewalled, again to dissuade people from fact-checking
>> their government's spokespeople.
>>
>> Or, perhaps you would consider this non-compliant-behaviour, worthy of
>> such sanction?
>>
>> - alec
>>
>> --
>> Add mailing list
>> Add@ietf.org
>> https://www.ietf.org/mailman/listinfo/add
>>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email