IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: ADD Requirements Draft

tirumal reddy <kondtir@gmail.com> Fri, 04 September 2020 07:06 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D5CD3A0F1F for <add@ietfa.amsl.com>; Fri, 4 Sep 2020 00:06:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tPc6mPL5wJ_4 for <add@ietfa.amsl.com>; Fri, 4 Sep 2020 00:06:40 -0700 (PDT)
Received: from mail-il1-x131.google.com (mail-il1-x131.google.com [IPv6:2607:f8b0:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A24BA3A0F22 for <add@ietf.org>; Fri, 4 Sep 2020 00:06:40 -0700 (PDT)
Received: by mail-il1-x131.google.com with SMTP id t13so5461053ile.9 for <add@ietf.org>; Fri, 04 Sep 2020 00:06:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xvUEPF1nONYHnUuQ1GbWc3ZcftyUwmYQ0DB4MqeuoYQ=; b=sBeEvsxNfr4ueYxoleB5lw5Mne4rtRMthD+++SZvqzLnPpdWaDARG7EWwaIOs0HUmi ZG7//94+vcsEw1l8PhUGVpUks+/4HV33R3d/VAJRxZgNP9axyknMSUloBmziO8+E+9U+ w2oaORh9sCcKkJUgJst5cuoNI3shCL6VKqnGgzFXLylcsxeN3BqcYTXGCiGctY43EW2B vBItz8sgAfVmA6dyZLctJxklmScxOkLmYySuKYeJ3jMJpdsiXuVwDqmih0T6Uu0MEDsF /L2sdUNQOg6Q57fFIIjizvzlDvc4kwS+KiVH5hOns9Y+JZgfmHyhobhBvBfcVPrEBv1M 6hjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xvUEPF1nONYHnUuQ1GbWc3ZcftyUwmYQ0DB4MqeuoYQ=; b=boN7fEOjEBkoFOfbozZD6OUqjq8uNdY81QUS4g8/G6o0StH/H7gnIwRBDNoaxdF/rA zBRhFlNyMBjjbPyNpyf9DkCbU2r9Nr9AIah8bEIvuEKPLIr434kYGw0UkhU1UM6Pwh27 6XyUyXZ7nSOSh70mehjwG2wtG070vxXaTxy7pWZ75K7f02kuTFUimjBcaWK4/vEYfyLZ DoRJb5mNw4+V2PdHhBzpSX1rQc8t5QpzyLhY3TOWicAp+5Grh4Bi1180vjs+F3MRw+Fm YHmawqeDlVIFK5SLjxrja8WTJsKk+BGmu8WA9t33EdRyAzFalWYsz8wbRhj96TicD5EV OW2Q==
X-Gm-Message-State: AOAM531lkbkiw3aooMkhfAvCbTXe6u2HuXl9Cdz92r2Nm21+knMtd8fP wU5kkG2GarRi2c9JZBlksRXXTPnKl/bS+h1qHBI=
X-Google-Smtp-Source: ABdhPJxcQbTHX6+bW6TyEVSzKLGBqSIPEoJo/VwvN8SbVCjQFfc7zNHnFO/IyX1G9tx6dcREmPd9OT/3v2lvnLROW4o=
X-Received: by 2002:a92:c205:: with SMTP id j5mr6990515ilo.300.1599203199662; Fri, 04 Sep 2020 00:06:39 -0700 (PDT)
MIME-Version: 1.0
References: <31194C90-6C0B-470C-8B14-79C12D2C5C0D@comcast.com> <CACJ6M14gXmEHc_fX8=GpKwRDn6C=R7LR06JG_Qg-cWR5agU9Hw@mail.gmail.com> <391E15D2-9208-4BA9-B01E-3673982DA6CE@apple.com> <CABcZeBMXvcF6PJWE+EkGVx1c9RXzO1XuB3xhrVKUJvUb=aus8A@mail.gmail.com> <4cd8a8c6-3516-4ad6-877c-9460d8096773@www.fastmail.com> <CAFpG3gfkrKGiuPRH1QvH+-w2H=N1ijtDpk5Oh=D2JOp-L4Q1+w@mail.gmail.com> <CABcZeBNhHcNAkVm=PNUvV8_vGVvDvJbaMVHB_w9zu63+ebQwpQ@mail.gmail.com> <CAFpG3gcAjHkh7boDwLq+sHpGtfB2WT0NbuuFqqBQs2M6BZkAOQ@mail.gmail.com> <CABcZeBMi-B7LKB6ipt6vLSZcF9OMLga8f+qydpZVOhOGQrttuQ@mail.gmail.com> <CAFpG3geQefT0=fN-6UFwDqLLqbb1XthHA=np4HPS2NfSO77csA@mail.gmail.com> <CABcZeBPmfe8Um38xFHoxw+26-YQxFUPN+p4aW9uzbPKGy1xz4g@mail.gmail.com> <CAFpG3gefyTcibzfQ-dzXKv5fKE=vwUktux0dz25wNL7_+tf7MA@mail.gmail.com> <CABcZeBMVcH74RYXZrLRNtHLi-xZgGxRHA2CsH6nbiz+5uGM32g@mail.gmail.com> <DM6PR00MB0783D4A658BE3BA8EBD6533BFA2E1@DM6PR00MB0783.namprd00.prod.outlook.com> <07B4108E-07BC-4755-96FB-31D43DCDC19C@apple.com> <CAFpG3geue3Vv+vmWPJSX0Uk7w=o6j56oUfbpNZa6tmDD7Sf9Mw@mail.gmail.com> <4A648DCC-3C23-4845-8F2B-673F177EDC62@apple.com>
In-Reply-To: <4A648DCC-3C23-4845-8F2B-673F177EDC62@apple.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Fri, 04 Sep 2020 12:36:27 +0530
Message-ID: <CAFpG3gdEYVAKY+HaixoZRbV3XSit-gbHVMY7WBK0tSL_9zBBKg@mail.gmail.com>
To: Tommy Pauly <tpauly@apple.com>
Cc: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>, ADD Mailing list <add@ietf.org>, Christopher Wood <caw@heapingbits.net>
Content-Type: multipart/alternative; boundary="000000000000a3c23e05ae7782a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/I_OLnXDFlroyFlN65KOInbAIIJU>
Subject: Re: [Add] [EXTERNAL] Re: ADD Requirements Draft
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2020 07:06:43 -0000

Hi Tommy,

On Thu, 3 Sep 2020 at 20:30, Tommy Pauly <tpauly@apple.com> wrote:

>
>
> On Sep 3, 2020, at 3:10 AM, tirumal reddy <kondtir@gmail.com> wrote:
>
> On Wed, 2 Sep 2020 at 01:27, Tommy Pauly <tpauly@apple.com> wrote:
>
>> Agreed. From my perspective as a client vendor, I don’t see a likely path
>> to consuming this kind of policy. This is one of the reasons I’ve argued
>> that we should have in our requirements a limitation that the entity that
>> provides DNS should be one that the client already has a relationship
>> with—we don’t need any new explanation of policy, we’re relying on existing
>> relationships.
>>
>
> Existing relationships are definitely useful in certain scenarios but not
> in all. For example:
>
> a) I don't think it is possible for every ISP and Enterprise network in
> the world to approach each and every Browser and OS vendor to be
> pre-configured with network provided encrypted DNS servers.
>
>
> It’s not about the relationship of the OS or the browser with the entities
> that can provide DNS services, it’s the relationship of the *user* with
> those entities.
>

Agreed.



> I do not want to have any pre-configuration for any resolver in my OS.
>

Glad to hear. The benefit of conveying the privacy URL is the user does not
have to search to find the URL that points to the human-readable privacy
policy information of the DNS server. The other advantage is if the user
does not have the time/knowledge to understand the human-readable privacy
policy information of the DNS server, user can rely on tools which use AI
to provide summary of the policy (e.g.,
https://addons.mozilla.org/en-US/firefox/addon/polisis/).

It is very similar to Apple mandating apps to provide a link to the privacy
policy in an easily accessible manner within the app for users. It does not
discuss signaling any machine-parsable privacy policy and it does not
intend to replace the privacy statement provided by a legal attorney.

Why do you object to providing a privacy statement URL as resolver
information to the user/client ?


>
>
> b) Secure discovery most likely avoids the need to have the discovered DNS
> server pre-configured in OS/Browser. However, as we all know secure
> discovery is not possible in some deployments. If the discovered server is
> not pre-configured, client/user needs to know the resolver information of
> the discovered server. In case of insecure discovery, the client should
> have checks to avoid connecting to an encrypted DNS server hosted by an
> attacker.
>
>
> Secure discovery—or at least authenticated discovery over a secure
> channel—is indeed the right way to do things. We should be designing and
> standardizing mechanisms that raise the bar for security over the status
> quo, and ensure that we are not making avenues of attack easier.
>

Agreed, secure discovery is possible in several scenarios like VPN (e.g.,
using IKEv2 Configuration Payload ), Enterprise networks for BYOD (e.g.,
EST) but not possible home networks.
https://tools.ietf.org/html/draft-btw-add-home-08#section-10 discusses how
all the threats in RFC3552 can be addressed in the presence of insecure
discovery.

Cheers,
-Tiru


>
> Tommy
>
>
> Cheers,
> -Tiru
>
>
>>
>> Thanks,
>> Tommy (Pauly)
>>
>> On Sep 1, 2020, at 10:11 AM, Tommy Jensen <
>> Jensen.Thomas=40microsoft.com@dmarc.ietf.org> wrote:
>>
>> ekr> Taking a step back here: is there any client with significant usage
>> that would be interested in consuming this kind of policy when published by
>> a resolver?
>>
>> Speaking for myself: no. The user either understands the implications and
>> has pre-configured a resolver of their choice, or they don't and expect DNS
>> to just work. Until DNS server choice is an everyday user concept akin to
>> music streaming app choice (or at least wireless network choice), that will
>> continue to be the case.
>>
>> Thanks,
>> Tommy
>>
>> ------------------------------
>> *From:* Add <add-bounces@ietf.org> on behalf of Eric Rescorla <
>> ekr@rtfm.com>
>> *Sent:* Tuesday, September 1, 2020 9:46 AM
>> *To:* tirumal reddy <kondtir@gmail.com>
>> *Cc:* ADD Mailing list <add@ietf.org>; Christopher Wood <
>> caw@heapingbits.net>
>> *Subject:* [EXTERNAL] Re: [Add] ADD Requirements Draft
>>
>>
>>
>> On Tue, Sep 1, 2020 at 4:10 AM tirumal reddy <kondtir@gmail.com> wrote:
>>
>> Hi Eric,
>>
>> Please see inline
>>
>> On Fri, 28 Aug 2020 at 19:08, Eric Rescorla <ekr@rtfm.com> wrote:
>>
>>
>>
>> On Fri, Aug 28, 2020 at 12:35 AM tirumal reddy <kondtir@gmail.com> wrote:
>>
>> On Thu, 27 Aug 2020 at 18:46, Eric Rescorla <ekr@rtfm.com> wrote:
>>
>>
>>
>> On Wed, Aug 26, 2020 at 10:15 PM tirumal reddy <kondtir@gmail.com> wrote:
>>
>> Hi Eric,
>>
>> Please see inline
>>
>> On Wed, 26 Aug 2020 at 16:50, Eric Rescorla <ekr@rtfm.com> wrote:
>>
>>
>>
>> As I said when you first proposed this in an ADD meeting, I do not
>> believe that anything of this kind is viable.
>>
>>
>> 1. Certificates tied to a legal entity have not been effective, which is
>> why browsers are removing EV.
>>
>>
>> The draft does not propose using EV certificates for encrypted DNS
>> servers, please see
>> https://tools.ietf.org/html/draft-reddy-add-server-policy-selection-05#section-4
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-reddy-add-server-policy-selection-05%23section-4&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215760305&sdata=zwTj9VSEumHDnBDlWRQySYQf2lljLOE7aG%2FcNJKWx%2Bk%3D&reserved=0> for
>> more details.
>>
>>
>> It proposes something similar, which I expect to have the same drawbacks.
>>
>>
>> 2. There is ample evidence that users do not read privacy policies.
>>
>>
>> The DNS server privacy statement is much more simpler compared to a
>> typical privacy statement by a
>> content service provider (see
>> https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-14#section-6
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-dprive-bcp-op-14%23section-6&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215770297&sdata=Aon0Ne%2FXFeIqNAPGMS5g0t%2FpPaqrg9bs3OTDJzK3wn8%3D&reserved=0>
>> ).
>>
>>
>> I don't think that makes it significantly more likely that people will
>> read it.
>>
>>
>> Further, automated analysis of a privacy statement is possible using deep
>> learning (https://pribot.org/files/Polisis_USENIX_Security_Paper.pdf
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpribot.org%2Ffiles%2FPolisis_USENIX_Security_Paper.pdf&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215770297&sdata=btIZBlgmsG2b9zCE6pSjQt7q%2FteV6HVT8fakqd08sWQ%3D&reserved=0>).
>> You can explore polisis and pritbot at https://pribot.org
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpribot.org%2F&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215780290&sdata=DluH1rTl9DL%2Blcmt0nb5jhy9H6i1QyJwGJhBkT3x%2FoM%3D&reserved=0> to
>> explore the analysis of privacy statements by several organizations..
>>
>>
>> I took a quick look at this tool and while it appears to be interesting
>> work, it does not produce output which I think is likely for users to
>> actually assimilate. For instance here is what it does with McAfee's policy:
>>
>> https://pribot.org/polisis/?company_url=mcafee.com&_id=59d8f9c4e3dd0c4e24555c1d&category=first-party-collection-use
>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpribot.org%2Fpolisis%2F%3Fcompany_url%3Dmcafee.com%26_id%3D59d8f9c4e3dd0c4e24555c1d%26category%3Dfirst-party-collection-use&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215780290&sdata=gL%2BUOJ3dykOrd316WbZH5HpswalaWAKHscWQspcHM7w%3D&reserved=0>
>>
>> We've already run this experiment of machine readable privacy policies
>> once with P3P and I don't see a reason to think this will be any different
>>
>> Taking a step back here: is there any client with significant usage that
>> would be interested in consuming this kind of policy when published by a
>> resolver? If so, I'd like to hear from them about their needs. If not, it
>> doesn't seem worth discussing further.
>>
>> -Ekr
>>
>> --
>> Add mailing list
>> Add@ietf.org
>> https://www.ietf.org/mailman/listinfo/add
>>
>>
>>
>

v2.23.0 | Report a Bug | By Email