Re: [Add] Browser Administrative Authority
Adam Roach <adam@nostrum.com> Fri, 24 May 2019 15:57 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AAC21202E4 for <add@ietfa.amsl.com>; Fri, 24 May 2019 08:57:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eaPMhJIMUlJK for <add@ietfa.amsl.com>; Fri, 24 May 2019 08:57:51 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECA3412016F for <add@ietf.org>; Fri, 24 May 2019 08:57:50 -0700 (PDT)
Received: from [172.17.0.10] (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x4OFvnbJ022239 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 24 May 2019 10:57:50 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1558713470; bh=MVZmxJpLYVT78hXYPAFMJNrSAffpZNuLrP6Swb6LqW0=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=itvxXVPVIpKsA2zDH0B9f8tMurvXWa/+N8R2lcTN0XUwdbRK5XQdERAtRiTvZZb/f IaqAPwA1qwDO6hmigLKllW5Sk4X8a1YjcJJ/gGDxfc98xQZjJnHiCUdnG6IVkaTQg/ Icn3FB3lbhVBjqCNy8agTCp7c9ymgm3iMMFn/RW0=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be [172.17.0.10]
Content-Type: multipart/alternative; boundary="Apple-Mail-DFFE2BAF-9866-4BAA-A591-BF4AAB6878EA"
Mime-Version: 1.0 (1.0)
From: Adam Roach <adam@nostrum.com>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <182C9119-59F9-43FA-B116-4D45649B74B5@nbcuni.com>
Date: Fri, 24 May 2019 10:57:43 -0500
Cc: "add@ietf.org" <add@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <07A89E54-2DFC-4B5A-9784-610BBE7D2BB2@nostrum.com>
References: <182C9119-59F9-43FA-B116-4D45649B74B5@nbcuni.com>
To: "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/IwCuk4VSVs-oba_KUwG-1dLFKFs>
Subject: Re: [Add] Browser Administrative Authority
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 15:57:53 -0000
This is called “enterprise policy”, and — as far as I know — all major browsers honor it. See, e.g., https://support.mozilla.org/en-US/products/firefox-enterprise/policies-customization-enterprise/policies-overview-enterprise /a > On May 24, 2019, at 09:48, Deen, Glenn (NBCUniversal) <Glenn.Deen@nbcuni.com> wrote: > > HI everyone, > > I’ve been thinking though some of the issues with the proposal DoH deployment in browsers. > > A big part of the tug of war here is the authority precedence for advanced security and network settings that should be followed. > > Historically, it’s been at the device level – which meant the device administrator, which could choose delegate choices to a specific DNS resolver operator, or to the Network DHCP provided settings. > > Now the browser is seeking to adding itself into the authority chain for those settings. The trouble being that this is a major change to the administrative trust model. > > To date, browser settings have been limited to rendering options, some basic certificate options, addons, and scripting language choices. Advance security and trust has remained with the device administrator. Adding the browser to the administrative chain so that it can control advanced security and network settings introduces a problem because the browser does not have an administrative level authority that is as high as the device administrator. > > Current hierarchy (top has more authority) > > Device Administrator -- device authority for security, network, trust settings > Network Administrator -- provides recommend network settings to devices > Resolver Administrator -- can provide filtering > Browser Maker -- provides core trusted certificate list > Browser User -- can set rendering options, can make limited certificate choices, plugins. – Impact is limited to the browser sandbox > > > The problem is that some of the browser makers proposals are now changing this administrative authority hierarchy, but they haven’t done the extra work of establishing administrative trust and working through the consequences of that such as a child being able to change the browser DNS settings and bypass both resolver, Network, and even OS based restrictions. > > So they are changing it to: > > Browser Maker -- provides default DNS resolver and DNS Protocol choices. > Browser User -- can set DNS resolver and DNS protocol > Device Administrator -- device authority for security, network, trust settings > Network Administrator -- provides recommend network settings to devices > Resolver Administrator -- can provide filtering > > > > The path to fixing this maybe to see if there is a way to express the administrative hierarchy that respects the intentions of the device administrator on what hierarchy they want to accept/delegate decisions to. > > It maybe that what’s needed is a means to communicate to the browser what authority the device administrator wants it to follow, since in the end the device owner should be in charge. > > > -glenn > > -- > Add mailing list > Add@ietf.org > https://www.ietf.org/mailman/listinfo/add
- Re: [Add] Browser Administrative Authority Tom Ritter
- [Add] Browser Administrative Authority Deen, Glenn (NBCUniversal)
- Re: [Add] Browser Administrative Authority Adam Roach
- Re: [Add] Browser Administrative Authority Cook, Neil
- Re: [Add] Browser Administrative Authority Tommy Jensen
- Re: [Add] Browser Administrative Authority Tom Ritter
- Re: [Add] Browser Administrative Authority Tommy Jensen
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] Browser Administrative Authority Melinda Shore
- Re: [Add] Browser Administrative Authority Cook, Neil
- Re: [Add] Browser Administrative Authority Stephen Farrell
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Melinda Shore
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Ebersman
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Erik Kline
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Christian Huitema
- Re: [Add] Browser Administrative Authority Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… tirumal reddy
- [Add] publication of DoH Resolver policies Jim Reid
- Re: [Add] publication of DoH Resolver policies tirumal reddy
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Neil Cook
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… tirumal reddy
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] publication of DoH Resolver policies Livingood, Jason
- Re: [Add] publication of DoH Resolver policies Winfield, Alister
- Re: [Add] publication of DoH Resolver policies Petr Špaček
- Re: [Add] publication of DoH Resolver policies tirumal reddy
- Re: [Add] publication of DoH Resolver policies tirumal reddy
- Re: [Add] [EXTERNAL] Re: publication of DoH Resol… Winfield, Alister
- Re: [Add] [EXTERNAL] Re: publication of DoH Resol… tirumal reddy
- Re: [Add] Browser Administrative Authority Livingood, Jason
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Livingood, Jason
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Livingood, Jason
- Re: [Add] [EXTERNAL] Re: publication of DoH Resol… tirumal reddy