IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: ADD Requirements Draft

Andrew Campling <andrew.campling@419.consulting> Tue, 01 September 2020 22:01 UTC

Return-Path: <andrew.campling@419.consulting>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 782CE3A1113 for <add@ietfa.amsl.com>; Tue, 1 Sep 2020 15:01:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.8
X-Spam-Level:
X-Spam-Status: No, score=-1.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ztZIaGOOygQK for <add@ietfa.amsl.com>; Tue, 1 Sep 2020 15:01:03 -0700 (PDT)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100053.outbound.protection.outlook.com [40.107.10.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3558C3A1114 for <add@ietf.org>; Tue, 1 Sep 2020 15:01:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LBXbQtk50C7yuJnTzWFLtvqUyAuOg6zoGGyVAH2eeeAFenri63NkE56lIhcvoJO5+HKjuvRsgwg/5PWa5gMqd3s342zcal5bxYpnLSRb2NMfvr+N5QWS3mJJ6g+mw3LNtJ+X7h1VMlYMpRT4No4VoCBeRD6+w7TIs3Ft4mWqcQYXt6a5kgQ9lM4+Je8fmzc3tK/W9Dd1YyTS4WsjgMcCxr6J/XjBqtbHYxsQ6SdhY8YgF7K9apI2CV0Za4XZ5f1QI/tYeVdvxZpEWAlXtEWBIaO1wKCjialtrpkuaKl3UTduX73/Qt4FXqBjrLalf2vACA40GxdGm9+S1Y21f50ktA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=66+Frg2kxo6VcR22qa044BpLP2fJtgJF8g0KP9sN7P4=; b=k76BxciddabxPydL1WuP4ua//fYWUKes8BxEBChGVOIXrmrsIyIa5knFjJTl/2Omvz5jneDlqOp2JkH5+fp8Q6TrrJ6E4HmmOFivc4DUkp0ObVHaRwNqzrY0fclZS0KO/cg/B1dbK5bf49RQ7Ip+u8YWICTiv3l2oqcUvmYhmbiIHE2oeJLlHyZ9QR3YG9NZd1v/0ylXmUB3d5YOGX5VAPejZm5PCJLl+QMms9eFaoOC0nmM1PRu4wiae5zzpMgOuOhRpt0PmUg/fe/EJ64R7v+E9lbJAjChWu9ZAWfnvqSTW/wSLb17hTOdSuExMGRDtvwP35pF9dM6vDzpfkvBFQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=66+Frg2kxo6VcR22qa044BpLP2fJtgJF8g0KP9sN7P4=; b=dcMslBR8z9W1pn9QhnLXm/GElYiZDSSpZ3cjPJ++21X0qXjDlqo7HKtItn1RDqQ/VTNE+es6VP2aJp/zE5lkSAVbAyFw0YONcxy1ugAbzjpQx22C+vTS8xtnwyRUWcUx1P742qetzd8Dly/zxF/tLbsoCU0xP0BBAw8WMUXaqeY=
Received: from LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:71::15) by LO2P265MB1534.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:95::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.21; Tue, 1 Sep 2020 22:01:00 +0000
Received: from LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM ([fe80::91fb:af23:a084:10cf]) by LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM ([fe80::91fb:af23:a084:10cf%7]) with mapi id 15.20.3326.025; Tue, 1 Sep 2020 22:01:00 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: Tommy Pauly <tpauly@apple.com>, Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>
CC: Eric Rescorla <ekr@rtfm.com>, tirumal reddy <kondtir@gmail.com>, ADD Mailing list <add@ietf.org>, Christopher Wood <caw@heapingbits.net>
Thread-Topic: [Add] [EXTERNAL] Re: ADD Requirements Draft
Thread-Index: AQHWgJovfCXAxvaIDECZ9QMQmDJTj6lUVBJg
Date: Tue, 01 Sep 2020 22:01:00 +0000
Message-ID: <LO2P265MB057382DA9985ABF17940B41EC22E0@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM>
References: <31194C90-6C0B-470C-8B14-79C12D2C5C0D@comcast.com> <CACJ6M14gXmEHc_fX8=GpKwRDn6C=R7LR06JG_Qg-cWR5agU9Hw@mail.gmail.com> <391E15D2-9208-4BA9-B01E-3673982DA6CE@apple.com> <CABcZeBMXvcF6PJWE+EkGVx1c9RXzO1XuB3xhrVKUJvUb=aus8A@mail.gmail.com> <4cd8a8c6-3516-4ad6-877c-9460d8096773@www.fastmail.com> <CAFpG3gfkrKGiuPRH1QvH+-w2H=N1ijtDpk5Oh=D2JOp-L4Q1+w@mail.gmail.com> <CABcZeBNhHcNAkVm=PNUvV8_vGVvDvJbaMVHB_w9zu63+ebQwpQ@mail.gmail.com> <CAFpG3gcAjHkh7boDwLq+sHpGtfB2WT0NbuuFqqBQs2M6BZkAOQ@mail.gmail.com> <CABcZeBMi-B7LKB6ipt6vLSZcF9OMLga8f+qydpZVOhOGQrttuQ@mail.gmail.com> <CAFpG3geQefT0=fN-6UFwDqLLqbb1XthHA=np4HPS2NfSO77csA@mail.gmail.com> <CABcZeBPmfe8Um38xFHoxw+26-YQxFUPN+p4aW9uzbPKGy1xz4g@mail.gmail.com> <CAFpG3gefyTcibzfQ-dzXKv5fKE=vwUktux0dz25wNL7_+tf7MA@mail.gmail.com> <CABcZeBMVcH74RYXZrLRNtHLi-xZgGxRHA2CsH6nbiz+5uGM32g@mail.gmail.com> <DM6PR00MB0783D4A658BE3BA8EBD6533BFA2E1@DM6PR00MB0783.namprd00.prod.outlook.com> <07B4108E-07BC-4755-96FB-31D43DCDC19C@apple.com>
In-Reply-To: <07B4108E-07BC-4755-96FB-31D43DCDC19C@apple.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: apple.com; dkim=none (message not signed) header.d=none;apple.com; dmarc=none action=none header.from=419.consulting;
x-originating-ip: [86.144.99.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 06c5eb7b-4623-416d-b34c-08d84ec2830f
x-ms-traffictypediagnostic: LO2P265MB1534:
x-microsoft-antispam-prvs: <LO2P265MB1534060F23D9CB0C04249926C22E0@LO2P265MB1534.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6av02oSpsBVPUYbPtTLFy7dt3OCkMdP2/nX5CR7JctdstMaCulO+T8jy61DK7j5y2Z+VTjULxlbcnI6Qoz8YBcIerYGuR7ZPrA9flVTXWctJVzjL2Nv1smdy/4d1S3eCFbieFxCbjpVVazfhSRuGN3MAeOJ2ISuUm5OSVmpcTF1+v57/glJOYhMaFCApYBbMxT2V5iI9tg7DDCDBCH9mkJl3J3szPIGGVeoz7TqA86YjjMeaAtwA4A58R8HToreSuys2EEcDWGpbJqKY58DyLUQOWtJyy0GB1VjmhPyaX0S+AU7TSJWnbuUV/RnUy0VUYhygHxJOL5A5EdyiyRSKp/15Dkpq1TzvG7aQ32XkIvAUlx9PjabtDjQcPOmwrpUaK+kjb91qkWQkrNJh8okysPhIjpNjh8WNPFqYis0jBRX5UeJY6plcFN7JggZuJJF5
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(396003)(39830400003)(376002)(346002)(366004)(136003)(26005)(2906002)(54906003)(186003)(316002)(4326008)(7696005)(9686003)(966005)(33656002)(8676002)(8936002)(110136005)(86362001)(83380400001)(5660300002)(76116006)(71200400001)(53546011)(6506007)(55016002)(166002)(66946007)(66476007)(66446008)(66556008)(44832011)(478600001)(64756008)(52536014)(46492007); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: YRxn5NmxEUwMG4esdTDIX78WgxZ1Qzj76DvSnyfdgLoNr254U1EQ6r07Pq+03UaftSw194WYt5EwzJDqwVaGQfPoFs2Ws0bixPuiTIKSfDIL7CLmRLdxYcanRopl1f74fTdDrnez29LH4BMqcEDRSc1LF0dnHNFrMDkobbETxsxzhs46MiND0GGT4+J2LOeIbQ4GPAjsDV2JDC1v3nFHNs27q1h/0xRjY7osKFeCsRJjCVbhY0Zql+sJXDd5WFWKpLjmYIQ5EsuFmVNN4pttzYnv1RVv2f35UUl4sgc8OZ66/gv7KiAMDocAbrpfNLDEJiPkg/a10M09wP0nDZXi9JOLa4qkpXXi8GOSFLk9uUk76cLLm2nL+Dt3Vu+CZM8zmG9z/JBr4gtH4FkpIJRvILwRK47we/OJwQp4ZQeLmHDmyHozqCtJYBviT+7sg7im8CSjPL9Ji0gytbEoRiMbGrNmwSSGqx2DfIIN0b4CXxpsoqhvZxMrhj1SbBoCsP8XopZuJKhcSQwASTJs7gxax/nK8E79W5FfYYn736Z9I9HoW2H03gXEeSB0jVnVJiBRG5IIT9cglITZUaVvMeUXL/RLY4WSqenFzutcu1cb3SM5CexZ/2guWQGykOMA3mI8rWdOa0drZGnu12TdyJQwRg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_LO2P265MB057382DA9985ABF17940B41EC22E0LO2P265MB0573GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 06c5eb7b-4623-416d-b34c-08d84ec2830f
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Sep 2020 22:01:00.0862 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MNP4kQ7+NFvR7+grFK23T6PMwEMHlKwgmiLVmx60RUFZVX9ma3DxZZfzIHSeQQ1ftbQPOpD75vsX0qsx/FYw/BwzKNyl/QAfYf31b1CnnNM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P265MB1534
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/W5W2hau_SlXC-x5YFteg0y4Gr9Y>
Subject: Re: [Add] [EXTERNAL] Re: ADD Requirements Draft
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2020 22:01:08 -0000

Tommy Pauly
That seems reasonable for a same provider auto upgrade-type scenario.  To look at it from the other perspective, if the client wants to change the DNS from the one that the client already has a relationship with then an explanation of policy is required together with user assent (possibly even indirect user assent in some cases, eg enterprise, parent etc, to borrow terminology from RFC 8890).

Andrew

From: Tommy Pauly <tpauly@apple.com>
Sent: 01 September 2020 20:57
To: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>
Cc: Eric Rescorla <ekr@rtfm.com>; tirumal reddy <kondtir@gmail.com>; ADD Mailing list <add@ietf.org>; Christopher Wood <caw@heapingbits.net>
Subject: Re: [Add] [EXTERNAL] Re: ADD Requirements Draft

Agreed. From my perspective as a client vendor, I don’t see a likely path to consuming this kind of policy. This is one of the reasons I’ve argued that we should have in our requirements a limitation that the entity that provides DNS should be one that the client already has a relationship with—we don’t need any new explanation of policy, we’re relying on existing relationships.

Thanks,
Tommy (Pauly)


On Sep 1, 2020, at 10:11 AM, Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org<mailto:Jensen.Thomas=40microsoft.com@dmarc.ietf.org>> wrote:

ekr> Taking a step back here: is there any client with significant usage that would be interested in consuming this kind of policy when published by a resolver?

Speaking for myself: no. The user either understands the implications and has pre-configured a resolver of their choice, or they don't and expect DNS to just work. Until DNS server choice is an everyday user concept akin to music streaming app choice (or at least wireless network choice), that will continue to be the case.

Thanks,
Tommy

________________________________
From: Add <add-bounces@ietf.org<mailto:add-bounces@ietf.org>> on behalf of Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>>
Sent: Tuesday, September 1, 2020 9:46 AM
To: tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com>>
Cc: ADD Mailing list <add@ietf.org<mailto:add@ietf.org>>; Christopher Wood <caw@heapingbits.net<mailto:caw@heapingbits.net>>
Subject: [EXTERNAL] Re: [Add] ADD Requirements Draft



On Tue, Sep 1, 2020 at 4:10 AM tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com>> wrote:
Hi Eric,

Please see inline

On Fri, 28 Aug 2020 at 19:08, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:


On Fri, Aug 28, 2020 at 12:35 AM tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com>> wrote:
On Thu, 27 Aug 2020 at 18:46, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:


On Wed, Aug 26, 2020 at 10:15 PM tirumal reddy <kondtir@gmail.com<mailto:kondtir@gmail.com>> wrote:
Hi Eric,

Please see inline

On Wed, 26 Aug 2020 at 16:50, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:


As I said when you first proposed this in an ADD meeting, I do not believe that anything of this kind is viable.

1. Certificates tied to a legal entity have not been effective, which is why browsers are removing EV.

The draft does not propose using EV certificates for encrypted DNS servers, please see https://tools.ietf.org/html/draft-reddy-add-server-policy-selection-05#section-4<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-reddy-add-server-policy-selection-05%23section-4&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215760305&sdata=zwTj9VSEumHDnBDlWRQySYQf2lljLOE7aG%2FcNJKWx%2Bk%3D&reserved=0> for more details.

It proposes something similar, which I expect to have the same drawbacks.


2. There is ample evidence that users do not read privacy policies.

The DNS server privacy statement is much more simpler compared to a typical privacy statement by a
content service provider (see https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-14#section-6<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-dprive-bcp-op-14%23section-6&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215770297&sdata=Aon0Ne%2FXFeIqNAPGMS5g0t%2FpPaqrg9bs3OTDJzK3wn8%3D&reserved=0>).

I don't think that makes it significantly more likely that people will read it.


Further, automated analysis of a privacy statement is possible using deep learning (https://pribot.org/files/Polisis_USENIX_Security_Paper.pdf<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpribot.org%2Ffiles%2FPolisis_USENIX_Security_Paper.pdf&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215770297&sdata=btIZBlgmsG2b9zCE6pSjQt7q%2FteV6HVT8fakqd08sWQ%3D&reserved=0>). You can explore polisis and pritbot at https://pribot.org<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpribot.org%2F&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215780290&sdata=DluH1rTl9DL%2Blcmt0nb5jhy9H6i1QyJwGJhBkT3x%2FoM%3D&reserved=0> to explore the analysis of privacy statements by several organizations..

I took a quick look at this tool and while it appears to be interesting work, it does not produce output which I think is likely for users to actually assimilate. For instance here is what it does with McAfee's policy:
https://pribot.org/polisis/?company_url=mcafee.com&_id=59d8f9c4e3dd0c4e24555c1d&category=first-party-collection-use<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpribot.org%2Fpolisis%2F%3Fcompany_url%3Dmcafee.com%26_id%3D59d8f9c4e3dd0c4e24555c1d%26category%3Dfirst-party-collection-use&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215780290&sdata=gL%2BUOJ3dykOrd316WbZH5HpswalaWAKHscWQspcHM7w%3D&reserved=0>

We've already run this experiment of machine readable privacy policies once with P3P and I don't see a reason to think this will be any different

Taking a step back here: is there any client with significant usage that would be interested in consuming this kind of policy when published by a resolver? If so, I'd like to hear from them about their needs. If not, it doesn't seem worth discussing further.

-Ekr

--
Add mailing list
Add@ietf.org<mailto:Add@ietf.org>
https://www.ietf.org/mailman/listinfo/add

v2.23.0 | Report a Bug | By Email