Re: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt
Bob Harold <rharolde@umich.edu> Wed, 06 November 2019 19:35 UTC
Return-Path: <rharolde@umich.edu>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3344212026E for <add@ietfa.amsl.com>; Wed, 6 Nov 2019 11:35:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cw1yFfTbPO9d for <add@ietfa.amsl.com>; Wed, 6 Nov 2019 11:35:29 -0800 (PST)
Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 436E012010C for <add@ietf.org>; Wed, 6 Nov 2019 11:35:29 -0800 (PST)
Received: by mail-qk1-x72c.google.com with SMTP id h15so16006536qka.13 for <add@ietf.org>; Wed, 06 Nov 2019 11:35:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=i0d/bY8HSkxz8iYtbIXw2MWdI7ntp/VMgW2dBZSar0o=; b=qrzyuKfiopNlvRaTVanPshIzEAwE14uI1IAJbKXj2//2OKXFZvabnNeKQ4sRY96Vq0 6aLkg3vRTjclExhB1+nqhEl5MTaqd5qTpVv0BbcZnAbVVpzabLr0IPn0FLY6QtgUNFbN tdBkxI2RJX/37+u5fXfStPbr5+ZLT4h/lDLTxkL8cfHmaBsgci/5YJL9aaTqDqxsDVb4 IC652O6HBFvaf9jpnz/mFheIpAYiAkSE6uAu9cYMqmu38+Xv9hJUT+Z8ClYobbrT2p5u ACrwHnuMLvj4VeRHuUJAc5Zv0DOnKrrLgwgLQPBsA5+Qs5wQSYgQr3HNPytxxBqM5Rxi 8D6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=i0d/bY8HSkxz8iYtbIXw2MWdI7ntp/VMgW2dBZSar0o=; b=XzrLtQeo9gq1B6SJxBseJZZNVCg9Ca5rw4KYG1bmpX7GyUPoJz4OnRgnRCcbv71sK8 z4pr4F2BiG84gvRDKdjdZKoFn88K6z4YrWSvYgZsLBHjw1FbTMMan9tBNOOFBPz9vu3a s7KvRg+4QNK+kkrD+cWySqXcgErvhMZ85avn4DAiYarICm5JhFzTcp1jTSImmctA+pCK G8XhAMmUJLj4ioPhdNF52N+YAXJba6y0GGDCfrXSw9u6WsbA0nrsoel7je7unDcU9zg9 FUrGiCl3lx5PMMbunZNsajl2Vblw/1QxeQoQKU7+sBTrGwexCcsbERYD22u4kJmwk6hG DfhQ==
X-Gm-Message-State: APjAAAVpuI7IRjgS872mj0F/vLSnvlTQtULGJ1AX22LP6JjEhfK9m/nn /tGZQGreftcOaVihBXEfXg/cK06V6cVkL4MKHoAP5B6nAkU=
X-Google-Smtp-Source: APXvYqwuDdq+Lq4R4ZsJmQDkEo3eFs+DfA2et2afBN2e+hUO3N6uHXvVhhC+ZI/UajzuTPMSHlrQDe0tM7frBWQWyIc=
X-Received: by 2002:ae9:ec0a:: with SMTP id h10mr3491885qkg.334.1573068928007; Wed, 06 Nov 2019 11:35:28 -0800 (PST)
MIME-Version: 1.0
References: <157288444149.16545.17250458995529707952.idtracker@ietfa.amsl.com> <CADZyTk=5g7toa5QwaQ9tCO1d2iJ1-pF9W6RzOEi9MjrsnyLsFw@mail.gmail.com> <2f52a096-ae14-a9f8-1dbf-8931e3204ec7@cs.tcd.ie> <SN2PR00MB0077009FBBB40FB2B3DD9B35FA790@SN2PR00MB0077.namprd00.prod.outlook.com>
In-Reply-To: <SN2PR00MB0077009FBBB40FB2B3DD9B35FA790@SN2PR00MB0077.namprd00.prod.outlook.com>
From: Bob Harold <rharolde@umich.edu>
Date: Wed, 06 Nov 2019 14:35:16 -0500
Message-ID: <CA+nkc8Aw+PPktomjwydWtfvVyM6Phhn9YbL33WV65-sbS0k1AA@mail.gmail.com>
To: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>, "add@ietf.org" <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a956cd0596b2a6ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/SeDs1cvMAJyq5Kiw603ZQcE9lo8>
Subject: Re: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 19:35:32 -0000
On Wed, Nov 6, 2019 at 2:10 PM Tommy Jensen <Jensen.Thomas= 40microsoft.com@dmarc.ietf.org> wrote: > Hey Daniel, > > Adding onto Stephen's comments (+1 to not sure what the goal of this > document is), I'll point out a reoccurrence of the common but false > assumption that DoH always means browsers and always means centralization: > > draft>> DoH changes this paradigm in the way that an application can > circumvent the policy set by the end user, without the end user being aware > of it. Firstly, the encryption is performed by the application and as such > does not provide any visibility to the operating system. > > DoH doesn't change this paradigm at all, as it isn't a protocol just for > apps (see the Adaptive DNS proposal for an example of a platform providing > DoH). This problem (apps doing their own DNS and circumventing system > configured policy) existed before and continues to exist with classic DNS; > it just so happened that the traffic was plain text so any network sniffing > software could observe and possibly modify or block it. I consider that an > unfortunate side effect of plain text protocols, not a feature we should be > working to preserve. It's not like apps doing their own DNS queries today > are visible to most users today, who don't know what packet inspection is. > > I think if we drive widespread adoption of encrypted DNS protocols by > platforms and ISPs, we'll have better luck convincing well-behaved > applications to defer to platform configurations than any other approach. > After all, why build per-app experiences if the platform experience is > already "good" in the eyes of the privacy conscious? This will address the > concern of centralization of the DNS as well (which is not an inherent DoH > problem, but an inherent "default provider for all customers of X > app/platform" problem). > > As far as ill-behaved applications go, they were going to do whatever they > wanted anyway, and pushing DoH adoption doesn't give them powers they > didn't already have. At some point, the problem becomes one of the user > needing to decide what apps they trust which we cannot help with via > protocol design. > I agree with most of your points - but here you say "pushing DoH adoption doesn't give them powers they didn't already have". One concern is IF some major web service enables DoH on a major web server, then that does make it very easy for apps to hide their DNS in a way they could not easily do before. -- Bob Harold > > Thanks, > Tommy > ------------------------------ > *From:* Add <add-bounces@ietf.org> on behalf of Stephen Farrell < > stephen.farrell@cs.tcd.ie> > *Sent:* Wednesday, November 6, 2019 6:20 AM > *To:* Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>; > add@ietf.org <add@ietf.org> > *Subject:* Re: [Add] Fwd: New Version Notification for > draft-mglt-abcd-doh-privacy-analysis-00.txt > > > Hi Daniel, > > On 05/11/2019 20:40, Daniel Migault wrote: > > Please find an analysis on DoH and privacy. The intent is to provide an > > analysis. Any feed backs are welcome! > > My feedback: > > - I don't see how this adds to the discussion. ISTM this > is yet another one-sided description of the issues. What do > you think is the added benefit of having this text in an > Internet-draft? Honestly, I don't get it. > > - In particular, I don't think your "conclusion" that "the > overall picture of concentration shows that it represents > a threat to the end user's privacy" can be justified based > on the content. I'm assuming "represents a threat" is not > just weasel-wording for "might be" which is trivially > true. If you mean anything stronger than "might be" then > that's not justified IMO and if you mean "might be" or > anything weaker, then it looks like stretching to find > a pejorative way to describe things. > > Cheers, > S. > > PS: In saying the above, I do think there are dangers in > how DoH deployments might increase centralisation. But I > also think that one-sided descriptions of those dangers > make the conversations more, and not less, difficult. > > > > > Yours, > > Daniel > > ---------- Forwarded message --------- > > From: <internet-drafts@ietf.org> > > Date: Mon, Nov 4, 2019 at 11:20 AM > > Subject: New Version Notification for > > draft-mglt-abcd-doh-privacy-analysis-00.txt > > To: Daniel Migault <mglt.ietf@gmail.com> > > > > > > > > A new version of I-D, draft-mglt-abcd-doh-privacy-analysis-00.txt > > has been successfully submitted by Daniel Migault and posted to the > > IETF repository. > > > > Name: draft-mglt-abcd-doh-privacy-analysis > > Revision: 00 > > Title: A privacy analysis on DoH deployment > > Document date: 2019-11-04 > > Group: Individual Submission > > Pages: 11 > > URL: > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-mglt-abcd-doh-privacy-analysis-00.txt&data=02%7C01%7CJensen.Thomas%40microsoft.com%7Ce85f2b5a2eec4a50d4de08d762c47bcc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086471402836031&sdata=w7GwUhz%2BIVSB5VW%2BtyEKvAUjTTh%2BNhq12tpVbM5Zw0o%3D&reserved=0 > > Status: > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-mglt-abcd-doh-privacy-analysis%2F&data=02%7C01%7CJensen.Thomas%40microsoft.com%7Ce85f2b5a2eec4a50d4de08d762c47bcc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086471402836031&sdata=XmWL4PabqWROpOd1YmGsKfQ9ucjP16tanC5PnTuewAw%3D&reserved=0 > > Htmlized: > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-mglt-abcd-doh-privacy-analysis-00&data=02%7C01%7CJensen.Thomas%40microsoft.com%7Ce85f2b5a2eec4a50d4de08d762c47bcc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086471402836031&sdata=tpXDCA5qibyJU0%2FBcvkCHxRoKhWTZYi9s4fln0MQLx8%3D&reserved=0 > > Htmlized: > > > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-mglt-abcd-doh-privacy-analysis&data=02%7C01%7CJensen.Thomas%40microsoft.com%7Ce85f2b5a2eec4a50d4de08d762c47bcc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086471402836031&sdata=l4GflUzS14Z68kdSWxLzCjIYKoHWtY%2BwxFxCO5FY%2FEY%3D&reserved=0 > > > > > > Abstract: > > This document provides an analysis on DoH impact on privacy > > > > > > > > > > Please note that it may take a couple of minutes from the time of > submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > The IETF Secretariat > > > > > -- > Add mailing list > Add@ietf.org > https://www.ietf.org/mailman/listinfo/add >
- [Add] Fwd: New Version Notification for draft-mgl… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Rob Sayre
- Re: [Add] Fwd: New Version Notification for draft… Alec Muffett
- Re: [Add] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [Add] Fwd: New Version Notification for draft… Tommy Jensen
- Re: [Add] Fwd: New Version Notification for draft… Bob Harold
- Re: [Add] Fwd: New Version Notification for draft… Vittorio Bertola
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Christian Huitema
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Rob Sayre
- Re: [Add] Fwd: New Version Notification for draft… Christian Huitema
- Re: [Add] Fwd: New Version Notification for draft… Rob Sayre