Re: [Add] [Doh] Ongoing discussion of DoH, DoT, and related issues
Michael Sinatra <michael@brokendns.net> Wed, 10 April 2019 22:29 UTC
Return-Path: <michael@brokendns.net>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2540212008B for <add@ietfa.amsl.com>; Wed, 10 Apr 2019 15:29:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KGOqkYmL19OQ for <add@ietfa.amsl.com>; Wed, 10 Apr 2019 15:29:53 -0700 (PDT)
Received: from burnttofu.net (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DF49120049 for <add@ietf.org>; Wed, 10 Apr 2019 15:29:53 -0700 (PDT)
Received: from elwha.brokendns.net (elwha.brokendns.net [206.125.172.202]) by burnttofu.net (8.15.2/8.15.2) with ESMTPS id x3AMTehv008699 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Wed, 10 Apr 2019 18:29:42 -0400 (EDT) (envelope-from michael@brokendns.net)
Received: from kimberton.burnttofu.net (unknown [IPv6:2604:5500:c2c2:fb00::7777]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by elwha.brokendns.net (5.65c/IDA-1.4.4/5.63) with ESMTPSA id B26B06772D; Wed, 10 Apr 2019 15:29:42 -0700 (PDT)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Ray Bellis <ray@bellis.me.uk>, add@ietf.org
References: <CALaySJKuFYvpM1gt0U_ve-WcjXRVUnDtb=R5gyDDw029D9vGiA@mail.gmail.com> <1c9bafa8-19a0-e14a-c029-3e8b5c8db929@bellis.me.uk> <80a05f5c-c864-934a-2fb7-fa54289dd574@cs.tcd.ie>
From: Michael Sinatra <michael@brokendns.net>
Message-ID: <ab67053f-1002-b9e5-2bd0-2bb874a143a2@brokendns.net>
Date: Wed, 10 Apr 2019 15:29:37 -0700
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <80a05f5c-c864-934a-2fb7-fa54289dd574@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.6.2 (burnttofu.net [162.217.113.18]); Wed, 10 Apr 2019 18:29:44 -0400 (EDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/IGW3pnZsDg4tguPrv6p9Bh7dQQQ>
Subject: Re: [Add] [Doh] Ongoing discussion of DoH, DoT, and related issues
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 22:29:55 -0000
On 2019-04-10 13:50, Stephen Farrell wrote: >> This whole mess started, IMHO, because some parties are treating the DNS >> as an application service, and not as part of the infrastructure and >> network services. > > I don't think that's accurate. My take is that DNS privacy work > started for perfectly valid privacy reasons and that DoT (while > a fine thing) wasn't the right tool for some who need that better > privacy... hence DoH. I realize you realize that begs the following question... :-) What's "better" about the privacy afforded by DoH? If applications choose which DNS server to use without the informed consent of the user or in ways that obfuscate the DNS transaction and undermine the user's control, that potentially _erodes_ privacy. If DoH encourages network administrators in certain regulatory (imagined or real) domains to do inline TLS decryption, that potentially _erodes_ the user's privacy. IMO, this mess started for two reasons: First, DoH advocates internalized a particular definition of privacy and made the assumption that DoH maximized privacy according to that definition, within the constraints of a particular set of use-cases. Based on the debate in these forums, it doesn't feel like DoH advocates considered the full range of use-cases, and how different sets of users define "privacy." Second, applications developers like Mozilla made the assumption that their vetting of DNS providers was sufficient to justify announcing their intent to use said providers by default, rather than leaving that decision as a user opt-in. (And the announcement of intent was enough to create this mess, even if they didn't or won't follow-through.) It's perfectly reasonable to say that DoH improves certain aspects of privacy under certain use-cases. It's also reasonable to recognize, and appropriately disclaim, that there are use-cases and circumstances where DoH can undermine privacy. This is why I believe we need to continue work on draft-reid-doh-operator-00, draft-livingood-doh-implementation-risks-issues-03, and draft-bertola-bcp-doh-clients-00. >> Having individual applications do that without the informed consent of >> their users is over-reach, IMHO, whatever their lawyers write into their >> shrink-wrap licenses. > > Partly agree. I hate the license-crap the s/w business involves so > agree with you there. OTOH, I disagree that informed consent is at > all feasible here - we simply cannot expect a typical user to spend > literally hours of work needed to really understand the issues here. I think your definition of "typical user" is unduly narrow. Regardless, DoH doesn't absolve the user from understanding the issues at hand. It simply migrates the management of a component of the user's personal information from "network" to "application," potentially without informing the user or letting them opt-in. IMO the IETF can and should take a stand that this is not the desired BCP for DoH. > And without understanding there can be no informed consent, except > perhaps in some weasel-wordy manner. IOW, I think arguments about > consent here are about as convincing as asking that people look up > BGP information before allowing their packets be routed. I think your analogy is wide of the mark. The correct analogy would be having users select network providers on the basis of their privacy policies and their routing hygiene (prefix filtering, MANRS-compliance, origin-validation practices, etc.). You might say, "but not all users do that!" and you would certainly be right. But some do take those factors into consideration (or they ask knowledgeable folks to make informed recommendations) and they should be given the necessary information to make an informed decision. And the IETF *can* influence this through BCPs. michael
- [Add] Ongoing discussion of DoH, DoT, and related… Barry Leiba
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Ray Bellis
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Stephen Farrell
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Thomas Peterson
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Ray Bellis
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Michael Sinatra
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Stephen Farrell
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Michael Sinatra
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Stephen Farrell
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… George Michaelson
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Ralf Weber
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Vittorio Bertola
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Tony Finch
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Stephen Farrell
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Stephen Farrell
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Ray Bellis
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Ralf Weber
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Ray Bellis
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Ralf Weber
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Ray Bellis
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Adam Roach
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Salz, Rich
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Ray Bellis
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… Brian Dickson
- Re: [Add] [Doh] Ongoing discussion of DoH, DoT, a… [ABEL] [VELA]