IETF Logo Mail Archive

Re: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt

Vittorio Bertola <vittorio.bertola@open-xchange.com> Wed, 06 November 2019 20:50 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8466C1200A4 for <add@ietfa.amsl.com>; Wed, 6 Nov 2019 12:50:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nNOp4iGZ5wGJ for <add@ietfa.amsl.com>; Wed, 6 Nov 2019 12:50:58 -0800 (PST)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF06A12010E for <add@ietf.org>; Wed, 6 Nov 2019 12:50:57 -0800 (PST)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id D9E6B6A234; Wed, 6 Nov 2019 21:50:55 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1573073455; bh=B6KpOtH0OOVd07VMdVGQf6mGNUk02j1W8uoAEwsBtPA=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From; b=wGXCa0hVmKhWptgfrMQGvxm9VC/f42uzFin6SReduvvWAuP4N85I1Pp28i607qdGq 35vBLcbmBWOUg3x+ZFIRH3/hgpVWt5Hbzo4xB044thWPJ2CiKCH7dJ4JVxMUxmUmSf egmgqxFFcpx6i4IT1g26UKGZRM6bgVGgWwQDPEfgoYpKdFnBAeE4fTbNjPPc5ysks5 Mt4uLQlMUPIFlaMgYp8z5MGfL/FMVw9r6xy4P2E3Y9XNGILvPrL0IDMAqDbl+6+ujG C3DeWtc9dEN11RK7jRiX/TJjIDCNJFX66u0LUxBL2DmNqAInc8uoXM5MltWnLCRqCQ d3CGmYgsmwYCg==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id C4CAF3C0101; Wed, 6 Nov 2019 21:50:55 +0100 (CET)
Date: Wed, 06 Nov 2019 21:50:55 +0100
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
Reply-To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Bob Harold <rharolde@umich.edu>
Cc: Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>, "add@ietf.org" <add@ietf.org>
Message-ID: <1030648680.29401.1573073455702@appsuite-gw1.open-xchange.com>
In-Reply-To: <CA+nkc8Aw+PPktomjwydWtfvVyM6Phhn9YbL33WV65-sbS0k1AA@mail.gmail.com>
References: <157288444149.16545.17250458995529707952.idtracker@ietfa.amsl.com> <CADZyTk=5g7toa5QwaQ9tCO1d2iJ1-pF9W6RzOEi9MjrsnyLsFw@mail.gmail.com> <2f52a096-ae14-a9f8-1dbf-8931e3204ec7@cs.tcd.ie> <SN2PR00MB0077009FBBB40FB2B3DD9B35FA790@SN2PR00MB0077.namprd00.prod.outlook.com> <CA+nkc8Aw+PPktomjwydWtfvVyM6Phhn9YbL33WV65-sbS0k1AA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.2-Rev15
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/F2xZRKvr7PBxSoaQy7kIEH_7Vp0>
Subject: Re: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 20:51:00 -0000


Il 6 novembre 2019 20:35 Bob Harold <rharolde@umich.edu> ha scritto:



On Wed, Nov 6, 2019 at 2:10 PM Tommy Jensen <Jensen.Thomas= 40microsoft.com@dmarc.ietf.org> wrote:
As far as ill-behaved applications go, they were going to do whatever they wanted anyway, and pushing DoH adoption doesn't give them powers they didn't already have. At some point, the problem becomes one of the user needing to decide what apps they trust which we cannot help with via protocol design.

I agree with most of your points - but here you say "pushing DoH adoption doesn't give them powers they didn't already have".  One concern is IF some major web service enables DoH on a major web server, then that does make it very easy for apps to hide their DNS in a way they could not easily do before.
More generally, applications could already do their own DNS-over-whatever-type-of-encryption-and-obfuscation-protocol, but they would have to develop it on their own and also develop and run the related server. After standardizing DoH and getting it widely adopted, applications that want to reach that objective just need to deploy a readily available Web client library and use any of the many public servers - something that any script kiddie can do.

Note that this is less true of DoT, since DoT towards out-of-perimeter servers would more easily be detectable and blockable. This is why I have heard some cybersecurity people suggest that the industry should promote DoT rather than DoH, as they see it less likely that DoT will circumvent national cybersecurity practices and law enforcement mechanisms.

Regarding Daniel's draft, I appreciate the effort and I partly tried to do this and other analyses in my draft for Prague, but I then realized that there are people here that will never consent to such a document becoming an agreed standard, even if informational. So I suggest that we should focus on a few technical developments for interoperability purposes that we can agree upon, such as standardized ways for the local network to advertise their own Do* service and their use of it for local policy enforcement, and give up discussions on deployment models and human rights assessments. I don't think we could ever get to agreement here on whether DoH brings more privacy and freedom or less of it, as the answer is really "it depends".

-- 

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy

v2.23.0 | Report a Bug | By Email