Re: [Add] fixing coffee shop brokenness with DoH

Paul Wouters <paul@nohats.ca> Thu, 25 July 2019 15:00 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A69F91202CB for <add@ietfa.amsl.com>; Thu, 25 Jul 2019 08:00:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPVn_UCl5nGj for <add@ietfa.amsl.com>; Thu, 25 Jul 2019 08:00:03 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E76C120289 for <add@ietf.org>; Thu, 25 Jul 2019 08:00:00 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 45vb3g0f6yzF0f for <add@ietf.org>; Thu, 25 Jul 2019 16:59:59 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1564066799; bh=p26iHxxuAPJKLl1UawB2eGo/NdAn/BQXgwaM8ZogadU=; h=Date:From:To:Subject:In-Reply-To:References; b=h3dLkN3PR5SkpAs4tQ1s08ULFfnnXPOofpVcA2ePkogUYKtwGQhAmCIVmejKB88+h NXqZTC1ZkJaquxiaxAlWZyasDtP83XqSjli0dA3ZdOORAbfho2ZylRw8G/7Op6RVsb itkLUi4YD5tdsmztAXoB/2USYKZ8he3Gr+5HD1RM=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id lw2HCYJPQi75 for <add@ietf.org>; Thu, 25 Jul 2019 16:59:57 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <add@ietf.org>; Thu, 25 Jul 2019 16:59:56 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id E40B9394973; Thu, 25 Jul 2019 10:59:55 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca E40B9394973
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id D9D8840A6FFE for <add@ietf.org>; Thu, 25 Jul 2019 10:59:55 -0400 (EDT)
Date: Thu, 25 Jul 2019 10:59:55 -0400
From: Paul Wouters <paul@nohats.ca>
To: add@ietf.org
In-Reply-To: <CABcZeBOXNMm9eYU=uyqo8eAGNnr5t91-E-ydO7NsBEoep6w5nQ@mail.gmail.com>
Message-ID: <alpine.LRH.2.21.1907251052060.23797@bofh.nohats.ca>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114E23910C@GAALPA1MSGUSRBF.ITServices.sbc.com> <14DF8769-A817-4C06-9140-80198518244F@akamai.com> <CAChr6SzH1EycAr5n+dK5BQcG=0Zsw66qE=8Rptvq7SEoEvQQ=Q@mail.gmail.com> <E5A0DAE2-A718-41EA-B490-58ABD0F31CF2@rfc1035.com> <CABcZeBMqvZivS_Hk_2mSOAOnM+mHy1mtcwnHVFc14v_jdkgU=Q@mail.gmail.com> <1EFB37A3-23C6-44FF-B001-8F04B381EC04@rfc1035.com> <CABcZeBPB2Bb8RCigDt+tJ5Lz3KQQnPAVVkrF+fDUiTFJcw=eVw@mail.gmail.com> <D3359CC8-80B4-4443-B3B1-F2AD80C94DA6@rfc1035.com> <CABcZeBOZiu_=VfWJDY_9V86TiGpsuZRKMCiersopxD+kTBBUtA@mail.gmail.com> <20190725142135.0FFA715BD17B@fafnir.remote.dragon.net> <CABcZeBPO-hi=z-fB1toOCBRTUF+krndCZqPHS=Jrev1tTtY6XQ@mail.gmail.com> <20190725144039.0A57D15BD9C7@fafnir.remote.dragon.net> <CABcZeBOXNMm9eYU=uyqo8eAGNnr5t91-E-ydO7NsBEoep6w5nQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/CoQT2E27gzQPVAc8RB7Lv7JRlxE>
Subject: Re: [Add] fixing coffee shop brokenness with DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jul 2019 15:00:09 -0000

On Thu, 25 Jul 2019, Eric Rescorla wrote:

> For context, our breakage budget here is very small: any change to clients which causes connection error
> rates to increase by more than fractions of a percent is not really something we can deploy.

What percentage of hijacked connections due to maliciously modified DNS
is within your breakage budget? In other words, how do you balance security
versus user convenience? A certificate that has expired only two hours
ago seem to be fine to hard fail on. But a broken DNS transport is not?

There is a bit of interaction here. People messing (or neglecting)
their DNS of endusers might do this less if they get flagged in common
browsers for doing so. Of course I symphatize with you that you do not
want that to become your problem. But how long are we kicking this
can down the road?

Everything on the internet should be authenticated. We keep delaying
this as a hard requirement for DNS only, for increasingly less convincing
reasons.

Paul