IETF Logo Mail Archive

Re: [Add] meeting hum: should the IETF take up this work?

Eric Rescorla <ekr@rtfm.com> Sat, 27 July 2019 15:56 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B29B120024 for <add@ietfa.amsl.com>; Sat, 27 Jul 2019 08:56:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FWBKABoFIpWG for <add@ietfa.amsl.com>; Sat, 27 Jul 2019 08:56:10 -0700 (PDT)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E23EC12000E for <add@ietf.org>; Sat, 27 Jul 2019 08:56:09 -0700 (PDT)
Received: by mail-lj1-x22a.google.com with SMTP id d24so54316017ljg.8 for <add@ietf.org>; Sat, 27 Jul 2019 08:56:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ivVA7GiZVvr0Bpo2BPXzXTAIIl0uzaQzqyZayqgWPew=; b=saIeF1kvzSH2oAEMZpMc6y/CUOQBgQoHIoiUihL2LJiJDKpbRWEEbgWijPGG5J26Nr LldhmnZyzlrrSqpqwsI51FThlHv89edhsn7qRaAoeY/+BSdtkHoo4MGRNEpzkgYFk3ek K4q5XRQDkvvPEDX+DlK/DV4F0N148z453w/1McLIfrBed8txkMK6k1Ma0znlCbqyCiYH 8tux98UKSs9+55/Z3B52bGRJtvSEK7uy26wVaBjGY7IK/Y3ESZdmkhV+MwQIIbBQBNL6 iALdxua8zy7Ae6SSd75hokc6mJ2qgi4nPjO4mo1I1LJSyw82rCWPw06YAy+bPdSZ73yT JcDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ivVA7GiZVvr0Bpo2BPXzXTAIIl0uzaQzqyZayqgWPew=; b=syfQ2rkIKuvQ2qG74JUMtXq7CFtxZNOcODbD/mZFLhfLnbrMcRtUm4e5iJHF8/DC3G 74POIhxst9O0TOAe3N7naIVFETPbKGUgpbU0ENzdMNFjthlJzLy/Epog2jkUbty5Pkzd zgiik32VJIkeFdnJuF5WpHgi8uGDZCeWAwcgA8BqxFuxLSr7PpIRzx+DlA9V7IRfMlqD WY9ji7esA3Qyc7MtZWPRdXi+N1VxKdFlm62ZfHcM0oFrlXR02qF0yFam4mSEySNh2FV2 0ubmzTwbwPbX/DkLVW46lnpNGUYEFqtAaGLE91fzGRCMowuDfq2hvioUrHwNt7V2coXa 8ZQA==
X-Gm-Message-State: APjAAAWSQ0oOQ4UarcawJY/HirIBBAWRLeBQRIclUrWPfb0GszRb33pi K7lBl7eT+uWIGi9yzj4E6bq9wAOfejJA3B4m3iM=
X-Google-Smtp-Source: APXvYqy2U4hveCKN5vSp2hUTTkq/xa4Mdaglwxc2GZXXzLMUe8KULmlJI6lqj4FSe7zseL7r7J+5Xnq7oT6//agGQ8Y=
X-Received: by 2002:a2e:96d0:: with SMTP id d16mr39580167ljj.14.1564242968160; Sat, 27 Jul 2019 08:56:08 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <AAEA003A-58DB-4FEE-81B2-BBFE9BBB2A37@rfc1035.com> <CAChr6SwA+HM4u5-xpUxQXPH8G8k7sfm6AETJJ019HE=bsq+OXA@mail.gmail.com> <8F094057-DFBC-4732-9DA4-BE46E7914C8A@rfc1035.com> <20190724165951.GB29051@laperouse.bortzmeyer.org> <821B448B-F7EA-46A5-837D-DA0E8C60643A@open-xchange.com> <d653d422-4a71-9fab-fd2e-b8ddaa476f91@nostrum.com> <25583.1564181379@dooku.sandelman.ca> <CABcZeBNnajRyEtOdhk2nS7uNgQM_z04FbEyxSFWMQ8ho82dPiQ@mail.gmail.com> <1856.1564239150@localhost>
In-Reply-To: <1856.1564239150@localhost>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 27 Jul 2019 08:55:31 -0700
Message-ID: <CABcZeBPZBksubxV6WANToTWB=LbTbRKksv6f87taDLW4A0Bpeg@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000075bc92058eabb2a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/9JmgN3cPKc0DgI7UIOYD2DuyhaM>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jul 2019 15:56:13 -0000

On Sat, Jul 27, 2019 at 7:52 AM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
>     mcr> Does Mozilla have a policy/proceedure to vet the privacy policy of
>     mcr> DoT/DoH providers?  Maybe Mozilla is considering this?
>
>     ekr> Yes: https://wiki.mozilla.org/Security/DOH-resolver-policy
>
>
>     mcr> Would it be appropriate for this to go into
>     mcr> a certificate extension (perhaps signed by a Mozilla CA)?
>
>     > I'm not sure what this would buy us over just having a list.
>
> I guess it buys Mozilla nothing.
> But others could rely on the list in a distributed fashion.
>

Well, we already have a worked example of a similar system, which is Root
Programs, and in that case we've found that having a list of trust anchors
that someone could download was adequate. Unless this list were to get very
large, this seems far simpler than creating a certificate extension.


If the extension said what the privacy was, rather than just that Mozilla
> had
> vetted it, then perhaps there could be other levels of privacy.
>

It's not quite clear to me what you have in mind here, but one thing I
would like to emphasize is that the Mozilla TRR program is more than just a
self-assertion about privacy policy, in that we actively manage the list,
rather than just trusting people's self-assertions. If people were
interested in some other set of privacy policies, then it's not clear to me
who would be responsible for running such a program.

-Ekr

v2.23.0 | Report a Bug | By Email