Re: [Add] Fwd: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-00.txt
Paul Wouters <paul@nohats.ca> Mon, 07 October 2019 13:32 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 437D612008F for <add@ietfa.amsl.com>; Mon, 7 Oct 2019 06:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5e-VLDuALvjn for <add@ietfa.amsl.com>; Mon, 7 Oct 2019 06:32:42 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDF62120020 for <add@ietf.org>; Mon, 7 Oct 2019 06:32:41 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 46n1ck2Y82zFCK; Mon, 7 Oct 2019 15:32:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1570455158; bh=NjGreL+41MKiFPGh3AmJ3iYR0/CVDPXGMQZYsjnYwoE=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=SP1tlisuDwbvUlbBsXho0+vRkCM6/9xjxBCS9YxETBp5HE2p+BqcnULgNqgFe2OYu QhVSU8RGlL9NbuHnVn9WyIa+T9ERVFdRh0mLvGZ6U1qPMplfl3Bl0xeT4YxK5yWpVX qu1bx4xpg+WpGrFrKUSVGy/qZ3YwNGov1N/hDCjs=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id bK9qyCePOSND; Mon, 7 Oct 2019 15:32:36 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 7 Oct 2019 15:32:35 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 876767D8; Mon, 7 Oct 2019 09:32:34 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 876767D8
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7E25B406CB04; Mon, 7 Oct 2019 09:32:34 -0400 (EDT)
Date: Mon, 07 Oct 2019 09:32:34 -0400
From: Paul Wouters <paul@nohats.ca>
To: tirumal reddy <kondtir@gmail.com>
cc: ADD Mailing list <add@ietf.org>
In-Reply-To: <CAFpG3gfLLkdZt-b+r=8RY8a+yoJx2tzQOevnOLkNQSm9g9QuDw@mail.gmail.com>
Message-ID: <alpine.LRH.2.21.1910070925260.8046@bofh.nohats.ca>
References: <157009854908.16293.4269133049514081713.idtracker@ietfa.amsl.com> <CAFpG3gdpYASvfz_ey=fsh6+8LQ11EJGyU-dVxH7_1QmVeiAQKg@mail.gmail.com> <alpine.LRH.2.21.1910051351420.26913@bofh.nohats.ca> <CAFpG3gfLLkdZt-b+r=8RY8a+yoJx2tzQOevnOLkNQSm9g9QuDw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/AaVJeMG90pdg9mZERdDORIfS6bs>
X-Mailman-Approved-At: Mon, 07 Oct 2019 07:07:23 -0700
Subject: Re: [Add] Fwd: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 13:32:44 -0000
On Mon, 7 Oct 2019, tirumal reddy wrote: > Section 10 Security Considerations describes well why I think this is > not a good idea. Publishing a privacy policy in a computer consumable > way has no relationship to the actual DNS server's privacy policy > used. > > No, the privacy policy also conveys a URL that points to the human readable privacy policy formation of the DNS > server. Public DNS resolvers have published privacy policy statements (for example, see > https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/). If a firm violates the privacy > claims, it will most likely face penalty (similar to FTC imposing fine on facebook). How and how would any enforcement system work for a variety of DNS providers all over the world? ISPs? hotels? coffeeshops? Mobile providers? Will there be an industry standard org? How will this not devolve into government sanctioned mandatory DNS providers on my mobile device? > This is not a technical wire problem to solve with an RFC. It is a > social-economic issue. Can we trust vendor X? And vendor X making > claims in JSON about this isn't useful from a technical point of > view, no matter how or where and with what such statements are > (self)signed. > > Not really, you probably missed the privacy consideration section. User consent is mandatory to use the discovered DoT/DoH > servers, the section says the following: How would that not become another "we use cookies, are you okay" screen for which I have no choice but to say "yes"? > Users are expected to indicate to their system in some way that they > trust certain PAT signers (e.g., if working for Example, Inc., the > user's system is configured to trust example.com signing the PAT). How is that done on my iphone? If I install vendor X application, I already have to trust them (and google or android, etc). Another screen of "terms and services" the enduser is forced to scroll through? > Separately, the user is expected to indicate to their system their > PAT privacy requirements (e.g., logging, etc.). By doing so, thee DNS > client can automatically discover local DNS-over-TLS or DNS-over- > HTTPS server, validate the PAT signature and check if the PAT > complies with user's privacy needs, prior to using that DNS-over-TLS > or DNS-over-HTTPS server for DNS queries. All of these things come down to one thing. Do you trust the DNS provider or not. It's really a binary decision. Dividing this up in a dozen options isn't helping the average user. > It's a great topic for consumer advocay organisations, the EFF or > ACLU or EU commisioners. I do not think this is a technical problem > needing a technical standard from the IETF. And any automated > consumption of this leading to changed DNS client behaviour would > be dangerous. I'm still not convinced this statement is wrong. And additionally can see some serious harmful effects into mandatory censorship if this kind of system becomes mandatory on people's devices. Paul
- [Add] Fwd: New Version Notification for draft-red… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Michael Richardson
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… Michael Richardson
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… Michael Richardson
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy