IETF Logo Mail Archive

Re: [Add] meeting hum: should the IETF take up this work?

"Diego R. Lopez" <diego.r.lopez@telefonica.com> Wed, 31 July 2019 16:04 UTC

Return-Path: <diego.r.lopez@telefonica.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D080D1203DA for <add@ietfa.amsl.com>; Wed, 31 Jul 2019 09:04:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telefonica.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w9K7ZKR_tip0 for <add@ietfa.amsl.com>; Wed, 31 Jul 2019 09:04:53 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00134.outbound.protection.outlook.com [40.107.0.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1961D1203B7 for <add@ietf.org>; Wed, 31 Jul 2019 09:04:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WNTbV8DF1155aIIIFQBXmE8+2hVQeT/lr2Ycs9ZmJJeHqEWQZfTVEEVw7LbBdyBN+py1r3QZcKlk4pSPe9Rv9lPHaxk9QjuSL6iTlkJedAh//+Kjf5aoYsdH1sDDShIgt5YUXE2kMw5kCePj+rPrS7mn5zr3DAMgKSkmIRrKZfstwUaqKdqaD16pC1ZpwT73GpBd19Nj0VmYFrUIZU5mJf6W5cc4nNhSKg5cbQArkAwGzTWv9OCPfXHR3PAhn2d22j9lWqB1V+Lj1X507qAik1D0Slkq6+zC7vEA1wtFYDsBWDoSCz6wAKLTfWtTocdxhIgfrLDGWg9qY1MmwNOmPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qC2mJi9t6G2Wi67RUeLXY41+drXu/La0aKSWrOCBr90=; b=L7Qpx1SA4t6tRAvSz5obTiF5rtm5U/fXasYN9o5EnQaseYkH4E+HBv+m5pBprg27lgNyXqRNm3nlLH/EDV6hA9sP6g9Z+b2H6+x4QdiLKRF0rpp5fc3SC0nSVbT5400xuyzu8x5eV+p+JbLzAI4RLnr44eYnhDkLd8XLXCQzrX/i0caIkTGY81ZGsNS+qPcHIjhas3VzTM/8ku34h9Ujztu9ILch3VPldaN4wsAcl3c65qs6/dencDGO8YS4/c/dA/jRWl/InyaZN8w/rhoxBWsFsMxBqB8VO4s357oaLA9+56iU7UGDtFU/zqxCY6+zFRGN/5zUIe2aP1VPvcUucg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=telefonica.com;dmarc=pass action=none header.from=telefonica.com;dkim=pass header.d=telefonica.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telefonica.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qC2mJi9t6G2Wi67RUeLXY41+drXu/La0aKSWrOCBr90=; b=gnQGxG8DWDDKGQ3n6uYT99MyyPBNuI1GrJycbmKmqr0QZs397SXKWhrv/OiUpC8aIMHczdjrSDCNWidTyELmGHBCd2u5/JK8L/kuZFLH3cQLINVlSXxeSTWt0Hn2HUpZ7MGna41H/oe0MjPReMmdYS9sagPrKkU86fTBz1Ckwms=
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com (52.134.70.148) by DB3PR0602MB3738.eurprd06.prod.outlook.com (52.134.71.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Wed, 31 Jul 2019 16:04:50 +0000
Received: from DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::9c53:d10:400e:c71]) by DB3PR0602MB3788.eurprd06.prod.outlook.com ([fe80::9c53:d10:400e:c71%5]) with mapi id 15.20.2115.005; Wed, 31 Jul 2019 16:04:50 +0000
From: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: "Livingood, Jason" <Jason_Livingood@comcast.com>, "add@ietf.org" <add@ietf.org>, Adam Roach <adam@nostrum.com>
Thread-Topic: [Add] meeting hum: should the IETF take up this work?
Thread-Index: AQHVQaN6W0OKjL9v+0y8Y3h3cwbqjqbYx7wAgAABXACAAAQtgIABMd6AgAD6woCAAGikAIAIW3qAgAEV/YD//84bAIAASyKA//+/xgA=
Date: Wed, 31 Jul 2019 16:04:50 +0000
Message-ID: <23B6F36E-36E8-4BE6-8E9C-37E0F99FF409@telefonica.com>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <AAEA003A-58DB-4FEE-81B2-BBFE9BBB2A37@rfc1035.com> <CAChr6SwA+HM4u5-xpUxQXPH8G8k7sfm6AETJJ019HE=bsq+OXA@mail.gmail.com> <8F094057-DFBC-4732-9DA4-BE46E7914C8A@rfc1035.com> <20190724165951.GB29051@laperouse.bortzmeyer.org> <821B448B-F7EA-46A5-837D-DA0E8C60643A@open-xchange.com> <d653d422-4a71-9fab-fd2e-b8ddaa476f91@nostrum.com> <488E2CE0-73D5-4B9E-A5AD-28FDCB95ED2A@cable.comcast.com> <CABcZeBPdf5Ce0W2y09ff2eF8yL37KLK4uUoeYs=7+YPMEtVnhg@mail.gmail.com> <FB0D3A9A-BE96-45CF-AD0F-E63ADEB7F97A@telefonica.com> <CABcZeBPJWzeVJc3sVTNzM0_+KVj88yHT+cwoUzuoTcxh2utwTA@mail.gmail.com>
In-Reply-To: <CABcZeBPJWzeVJc3sVTNzM0_+KVj88yHT+cwoUzuoTcxh2utwTA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.c.190715
authentication-results: spf=none (sender IP is ) smtp.mailfrom=diego.r.lopez@telefonica.com;
x-originating-ip: [88.16.178.60]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 09d7b2c3-5445-4c1d-f4cb-08d715d0d16e
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DB3PR0602MB3738;
x-ms-traffictypediagnostic: DB3PR0602MB3738:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <DB3PR0602MB3738D843C9E285F58D78DFC0DFDF0@DB3PR0602MB3738.eurprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 011579F31F
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(376002)(366004)(396003)(136003)(346002)(39860400002)(199004)(189003)(40134004)(3846002)(6116002)(58126008)(54906003)(786003)(316002)(76176011)(5660300002)(6486002)(8936002)(66574012)(7736002)(14454004)(606006)(229853002)(26005)(81156014)(86362001)(53546011)(8676002)(53936002)(2906002)(81166006)(68736007)(102836004)(6246003)(6436002)(99286004)(33656002)(256004)(11346002)(446003)(66946007)(186003)(14444005)(66066001)(25786009)(486006)(478600001)(236005)(36756003)(966005)(54896002)(6306002)(6512007)(66446008)(6916009)(6506007)(76116006)(4326008)(476003)(2616005)(5070765005)(71200400001)(71190400001)(45080400002)(66476007)(66556008)(64756008); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR0602MB3738; H:DB3PR0602MB3788.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: telefonica.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: y4DnZw7kMqkTcsNh9u+AZeOCbVmm89R0i2z0CiXHhRzDDuduK06tEWNUN0H6aR54bIRTQtjU7Czi7HWmanCuDq2YcrCrRZcO04NQXZRjCrpIA+0pIiRA4ghFnwk0QxHdC6k47NEnGWbTJmco+7NhX+jAlNOOImGEKxCYBbErC2rxVlk1fZl+QVoMdwrfXrs/iFXdFadk7JxuI6IsdhyhUIUF7Di2+nHckALZaEzheHnOLyy9fG92Id7meh0Kn4s5gq3kEcE5tgfUbykZgbsPb0ABYYk451PxDSCX9kvjKtOt8zfKuJQMJBQACdUGjGwoLIHoSbNS5sAejnr3UWtWZrFAx9mSITFfYCLy+5PMYResk10MM95FhrLcJqHxvPneT6e+/L0kvDrohwW0mmI+8wMKRINaH8ugQJZFpN522jk=
Content-Type: multipart/alternative; boundary="_000_23B6F36E36E84BE68E9C37E0F99FF409telefonicacom_"
MIME-Version: 1.0
X-OriginatorOrg: telefonica.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 09d7b2c3-5445-4c1d-f4cb-08d715d0d16e
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jul 2019 16:04:50.6105 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9744600e-3e04-492e-baa1-25ec245c6f10
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: diego.r.lopez@telefonica.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR0602MB3738
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/WHHhvT8fpCja-ILN65zlzCeeGy0>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 16:05:04 -0000

On 31/07/2019, 17:55, "Eric Rescorla" <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:

On Wed, Jul 31, 2019 at 8:25 AM Diego R. Lopez <diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>> wrote:
On 31/07/2019, 16:25, "Add on behalf of Eric Rescorla" <add-bounces@ietf.org<mailto:add-bounces@ietf.org> on behalf of ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
On Tue, Jul 30, 2019 at 2:49 PM Livingood, Jason <Jason_Livingood@comcast.com<mailto:Jason_Livingood@comcast.com>> wrote:
On 7/25/19, 10:12 AM, "Add on behalf of Adam Roach" <add-bounces@ietf.org<mailto:add-bounces@ietf.org> on behalf of adam@nostrum.com<mailto:adam@nostrum.com>> wrote:
> You can see, for example, Cloudflare's associated privacy
    policy at https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/

[JL] This speaks to the DNS query/response. But with DoH, this is contained inside of an HTTP envelope, so to speak, which has much more rich tracking - noted at https://www.cloudflare.com/privacypolicy/ under website visitors (which I presume applies to all HTTP transactions).
No, this is not our understanding. Rather, the privacy policy for DoH covers every aspect of DoH, including the HTTP portion. The Cloudflare Privacy Policy is a separate policy for CF websites and does not govern the resolver.
So the confluence of DNS and HTTP here seems interesting to better understand and document as TRR-style policies evolve. Since there is an HTTP server involved in DoH, presumably all the normal HTTP log items are seen & processed and can be logged, like user agent, cookies, and so on.
Firefox doesn't send cookies for DoH. We do send User-Agent, and we could look at removing that, but given TLS ClientHello fingerprinting, that's probably not adding a huge amount of additional information.
-Ekr
This implies the combination Firefox/Cloudflare does not pose a significant privacy risk. Fair enough. But the general case of whatever-the-app using a hardwired DOH resolver remains, much the same as the archetypal coffeeshop resolver compared to well-behaved, contract-bounded ISPs.
This seems to be assuming a number of facts about how ISPs behave that are not in evidence.

-Ekr

I was not making any assumption on concrete behaviors (and far be it from me to start another semi-religious discussion on the behavior and/or motivations of different actors), just pointing that we must consider behaviors in all cases, including apps and devices in general, the same way we consider all kinds of access providers.

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez
Telefonica I+D
https://www.linkedin.com/in/dr2lopez/

e-mail: diego.r.lopez@telefonica.com<mailto:diego.r.lopez@telefonica.com>
Tel:         +34 913 129 041
Mobile:  +34 682 051 091
----------------------------------

________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição

v2.23.0 | Report a Bug | By Email