IETF Logo Mail Archive

Re: [Add] meeting hum: should the IETF take up this work?

Eric Rescorla <ekr@rtfm.com> Wed, 31 July 2019 14:25 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4411F12011D for <add@ietfa.amsl.com>; Wed, 31 Jul 2019 07:25:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yHCedx2vji9B for <add@ietfa.amsl.com>; Wed, 31 Jul 2019 07:24:58 -0700 (PDT)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37DE812004F for <add@ietf.org>; Wed, 31 Jul 2019 07:24:58 -0700 (PDT)
Received: by mail-lf1-x12b.google.com with SMTP id p197so47571728lfa.2 for <add@ietf.org>; Wed, 31 Jul 2019 07:24:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=K/qQ+pg0ZPDnIhkiluu6NiqdWrzCe0KXQQGO6CqxzTU=; b=Gvs5E1m/CS6OmfPE9pKnY5veVyTbLKOkNTBsReUFFo7QdXKsOgcSCu+8l0q78tjKPX WWnSe+LbZiI+8Dd8l9yubo4mRz1vz7PkJAlgz/0BCzAEQQL43JB2H2h4oUDWW96sPO04 /DM/WSfYqqTx+Htko58P1O8XxlonblltQ75jtXJwxeWohtG3xuWJi9xETQQmAAwkpVD1 Rtlq9vNeoVSJ+AMl3NMDdx7uNP6c67dO46RK8NkRUNR3F6XPT0djdGDrmlJDeC6x5aHq zzDKW4r8zZdBuaYVkcG2UrF1/82XFBmW02e9HvDhwdXXZy6cfFjR9n+FKtrxpbfm3QgF iCWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=K/qQ+pg0ZPDnIhkiluu6NiqdWrzCe0KXQQGO6CqxzTU=; b=P3aiMoknWnszTo/57zCO0C5bi4VDG8jCcEPQwKnKB/7xQkOj+ye+Z+nEO8W9DyZFzF Jp2MyagLUYtUUFZ0QtXcbFUGNXQuBnwnc+MJb4jxKFH7Dm+KNser/6JefBM0p6IMVryc sWEhaBbEkgAL99J4SYFYkXKJ+OhlhHT/iY/e3jFru639z0b4AeHlGuM1tUPpIaexUTRG pioqHryMN2fTJ3E6GGgcyZ+vPs7KbijAj8ebUslpgPFZir0CvSgROtjKxteiG3cSZh9U FpjeqjtmxLiBPeBaZuZ8Dw7y77fWEjbkM896H3NmKsCHFLt4lg7qE6jiGSb1vDxPCbvk cxLg==
X-Gm-Message-State: APjAAAUoKJkdWcHhZOFPSoVXzeko3sJ3MHKGC6HDm/ae43PTsP8uznnA FuhPhVj4ZBtLdqzrM7qvKsnh+eE9pLzNRRGzUO0=
X-Google-Smtp-Source: APXvYqx9SveT+fmzNtgf/znKbt9mZDsbUC4DtQp1WyEq76tlrArh1xBd7b/yeAgdZ+foGbrDh0dVaqEtIN6G+CKwBik=
X-Received: by 2002:a05:6512:1da:: with SMTP id f26mr57386260lfp.129.1564583096313; Wed, 31 Jul 2019 07:24:56 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <AAEA003A-58DB-4FEE-81B2-BBFE9BBB2A37@rfc1035.com> <CAChr6SwA+HM4u5-xpUxQXPH8G8k7sfm6AETJJ019HE=bsq+OXA@mail.gmail.com> <8F094057-DFBC-4732-9DA4-BE46E7914C8A@rfc1035.com> <20190724165951.GB29051@laperouse.bortzmeyer.org> <821B448B-F7EA-46A5-837D-DA0E8C60643A@open-xchange.com> <d653d422-4a71-9fab-fd2e-b8ddaa476f91@nostrum.com> <488E2CE0-73D5-4B9E-A5AD-28FDCB95ED2A@cable.comcast.com>
In-Reply-To: <488E2CE0-73D5-4B9E-A5AD-28FDCB95ED2A@cable.comcast.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 31 Jul 2019 07:24:19 -0700
Message-ID: <CABcZeBPdf5Ce0W2y09ff2eF8yL37KLK4uUoeYs=7+YPMEtVnhg@mail.gmail.com>
To: "Livingood, Jason" <Jason_Livingood@comcast.com>
Cc: Adam Roach <adam@nostrum.com>, "add@ietf.org" <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ad80a4058efae3d0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/Kk_tV-va21cFUZgmcvN5wymm8qg>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 14:25:00 -0000

On Tue, Jul 30, 2019 at 2:49 PM Livingood, Jason <
Jason_Livingood@comcast.com> wrote:

> On 7/25/19, 10:12 AM, "Add on behalf of Adam Roach" <add-bounces@ietf.org
> on behalf of adam@nostrum.com> wrote:
> > You can see, for example, Cloudflare's associated privacy
>     policy at
> https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/
>
> [JL] This speaks to the DNS query/response. But with DoH, this is
> contained inside of an HTTP envelope, so to speak, which has much more rich
> tracking - noted at https://www.cloudflare.com/privacypolicy/ under
> website visitors (which I presume applies to all HTTP transactions).


No, this is not our understanding. Rather, the privacy policy for DoH
covers every aspect of DoH, including the HTTP portion. The Cloudflare
Privacy Policy is a separate policy for CF websites and does not govern the
resolver.


So the confluence of DNS and HTTP here seems interesting to better
> understand and document as TRR-style policies evolve. Since there is an
> HTTP server involved in DoH, presumably all the normal HTTP log items are
> seen & processed and can be logged, like user agent, cookies, and so on.
>

Firefox doesn't send cookies for DoH. We do send User-Agent, and we could
look at removing that, but given TLS ClientHello fingerprinting, that's
probably not adding a huge amount of additional information.

-Ekr


> [JL] In addition, I suspect a concern (for the very high scale centralised
> DoH platforms) is not just the per-user privacy policy but also what
> aggregated business intelligence a global scale platform would be able to
> develop (e.g. of a population of 500M users, how many have queried for *.
> netflix.com in the past N hours, by country, ASN, user agent, etc.),
> relative to competitors or potential competitors. So I suspect these
> concerns may arise, at least for platforms of very high scale /
> penetration.
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email