IETF Logo Mail Archive

Re: [Add] Trust and control on the Internet (was Re: fixing coffee shop brokenness with DoH)

Andrew Campling <andrew.campling@419.consulting> Wed, 24 July 2019 17:26 UTC

Return-Path: <andrew.campling@419.consulting>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABBB11202E3 for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 10:26:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TCVppmERtrCx for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 10:26:56 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110076.outbound.protection.outlook.com [40.107.11.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52649120112 for <add@ietf.org>; Wed, 24 Jul 2019 10:26:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OxgkLOzTUsPP+2MdZkQzJa4g1C93sKx9uMlSh2enEWr6LCufDJ1BLNrGpCJ4J6qBJoOMh0AFieLsOuDUk0bj63iPpEK7wY9sWHY2yyp0b8iJ6ai6tftvBIbS4jdAyy9PJjRKHVpt/bgBwFvG6MEUpbbrgeLeQ8a4H9Iv9M5C/NlOJkRXrNI8Vqk1vB+VJDvoQI4smnsFsspmmYA/dDE4D7uKA2vF8nIxVoKShahFZ03q7/yjOXQRLHCbnZR5maP2S6Ndf1rq4ZELVy69sCWC3LcXow2wGxmC5LbpgDV52GYqoK1blBhe9coMA/pYIbV4aWbiOS4IuY7kjNbt9/EcZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7JK0K8qXjrstPz9rDpHOe6P+Ovq4V0Y6xOp7l5Lz1BQ=; b=KVxj7Mtv3Wc6YMgkDV1XwIl1fSt2ZA8HG32FVGfFsSPrgiCNoxtjXW1ERMzx7ThTGcAK+QEkFgjF8BEVvwc6A0zzO3tgQQiYxAspdQZypsT3782DMnJ1PIoUoZV9UTyydSVbqBtk1kEG3wMwiwap4LeuED1ORccl3Rzw1Dcq3gQtVrDLxumJo6gwkm17l59IWSiH4XRu3HOOJnwdB46M0nDqM3/Tf3eK8JYcY6Gl2RvfFrWjFKMra3SShKawG3DcvF8nU6A09pJbqRCSnw2yCqoVrlgE0JwhLSr4NtAWZgVLN5mvNmNQRLtJKFOnH/BAV/6iBnvbc2ujrbGZ0Yjk0Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=419.consulting;dmarc=pass action=none header.from=419.consulting;dkim=pass header.d=419.consulting;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7JK0K8qXjrstPz9rDpHOe6P+Ovq4V0Y6xOp7l5Lz1BQ=; b=Yqwf++PWvo4D7ReqyPQZ3ExjMaEPS5iwnurqd1MQxlBb97sCkfdMeldBhOm4UseJUmLvqOkFkFsFWCAGXVi722uy4k50i8VI+KiGuiW7Rg6IgC70NZxP99Y6zT0iOYD+gQm1CC8n1FjvhYAO1WCwHPCx0mNtnU73aWlS6n2XEP0=
Received: from LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM (20.176.138.146) by LO2P265MB0461.GBRP265.PROD.OUTLOOK.COM (10.166.99.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Wed, 24 Jul 2019 17:26:54 +0000
Received: from LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM ([fe80::387c:9c12:531b:b7bd]) by LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM ([fe80::387c:9c12:531b:b7bd%3]) with mapi id 15.20.2094.013; Wed, 24 Jul 2019 17:26:54 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: Vittorio Bertola <vittorio.bertola@open-xchange.com>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>
CC: "add@ietf.org" <add@ietf.org>
Thread-Topic: [Add] Trust and control on the Internet (was Re: fixing coffee shop brokenness with DoH)
Thread-Index: AQHVQkT5D6PaFV1IHkeon9N66zo/yA==
Date: Wed, 24 Jul 2019 17:26:53 +0000
Message-ID: <LO2P265MB13273F602BB0D9C2A397AA5BC2C60@LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114E23910C@GAALPA1MSGUSRBF.ITServices.sbc.com> <14DF8769-A817-4C06-9140-80198518244F@akamai.com> <CAChr6SzH1EycAr5n+dK5BQcG=0Zsw66qE=8Rptvq7SEoEvQQ=Q@mail.gmail.com> <E5A0DAE2-A718-41EA-B490-58ABD0F31CF2@rfc1035.com> <CAChr6SzvUZS4Ru_SttiZgWtjwBuLrzc_fdewq9w-Ts+Rq_oNHw@mail.gmail.com> <9E8BD2C4-D750-4B8C-BA34-AC4425F2951D@gmail.com> <CAChr6Szo+1x6BnU2XH2A0o7CTQrQhFVPYezR7KQVLw-nWToULg@mail.gmail.com> <MN2PR21MB12134C6B57220E1B8BF5C811FAC60@MN2PR21MB1213.namprd21.prod.outlook.com> <CABtrr-Ue6rAom3ubJc_tPbn37T8HPGPabzX=CxT9UmiicbUtXQ@mail.gmail.com> <520325278.24189.1563973538937@appsuite-gw1.open-xchange.com> <E957E29E-66A9-4F49-8456-C2BBF9693928@fugue.com> <D36D6250-3B75-433E-B37B-BEC73F7C92DF@telefonica.com> <555968666.24560.1563980206283@appsuite-gw1.open-xchange.com>
In-Reply-To: <555968666.24560.1563980206283@appsuite-gw1.open-xchange.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=andrew.campling@419.consulting;
x-originating-ip: [2a00:23c4:a499:2e00:556b:1ff3:ab8e:d0bc]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 46d72459-6dcf-4864-6d4c-08d7105c1f18
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:LO2P265MB0461;
x-ms-traffictypediagnostic: LO2P265MB0461:
x-microsoft-antispam-prvs: <LO2P265MB04610F72B8CB146756EBC6D2C2C60@LO2P265MB0461.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0108A997B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39830400003)(136003)(376002)(396003)(34096005)(366004)(199004)(189003)(229853002)(71190400001)(6436002)(4326008)(508600001)(7736002)(446003)(66574012)(11346002)(486006)(81156014)(14454004)(8676002)(71200400001)(81166006)(68736007)(52536014)(86362001)(53936002)(74316002)(5660300002)(6246003)(6116002)(790700001)(316002)(66946007)(110136005)(76116006)(236005)(66476007)(66446008)(64756008)(66556008)(25786009)(186003)(44832011)(8936002)(9686003)(55016002)(6306002)(54896002)(2906002)(102836004)(7696005)(99286004)(76176011)(256004)(53546011)(6506007)(476003)(46003)(33656002)(46492003); DIR:OUT; SFP:1101; SCL:1; SRVR:LO2P265MB0461; H:LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: 419.consulting does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: lTMt8om4TbqHnm+v1AmdnxDGHZslEq7mlVfird4vdYo4AX2kt2BKK4HfSodvSc54zV+Z1ldm/LnGZXIDAJ4q0fA9Z04iMsY6SSWSaY9f4sYi5kDIlnSF3Xdi+zjpHR1KLf172ReAj7bFm5gLmlI3vaMQlmb7JyqBfMokztQLkgrnlGTK3TN5Qv/iOgkDVtWEB9aUozCUngZmVNBzaRZjppm7cMwDYuXog8FAU6chjoKYVeFK/PeIPCQdLa0w2oFmegy/q5OS2vvOAbA4uEkZK51zQT1T0Pl7nt+z4c2KVoMBnKRMGnbtIEAtqwTAZbyy3MKXdfNv1DZWLuvphKu7IWnmKh9Fe77COPADFRPGEpQYk8FzKl4sQMAJ8KnLo8iY8hx6d3bd3/edELpRliy0cvQS47YORUPaL1KM4BBJvpg=
Content-Type: multipart/alternative; boundary="_000_LO2P265MB13273F602BB0D9C2A397AA5BC2C60LO2P265MB1327GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-Network-Message-Id: 46d72459-6dcf-4864-6d4c-08d7105c1f18
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2019 17:26:53.9355 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: andrew.campling@419.consulting
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P265MB0461
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/Yl0NxbJTiMtYhUMhUM5j9JJzDUY>
Subject: Re: [Add] Trust and control on the Internet (was Re: fixing coffee shop brokenness with DoH)
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 17:27:00 -0000

On Jul 24, 2019, at 4:22 PM, Vittorio Bertola < vittorio.bertola@open-xchange.com<mailto:vittorio.bertola@open-xchange.com> > wrote:

>  Trust in the Internet infrastructure is a hard problem because the trust relationships are different depending on subjective judgements and preferences. One user might trust the application and distrust the network, while another user might trust the network and distrust the application, and a third user might be uneducated and fail to make any decision or be easily fooled into trusting the wrong people. This last case leads to several parties claiming that they have to make decisions "on behalf of the users for their own good", but then a struggle between the application, the network and the government ensues, on who is actually entitled to do that, and to which extent.

I think we should note that the third category, the “uneducated” user, is by far the largest, at least in the context of understanding matters such as DNS.  In addition, we should also note that, in the context of GDPR in Europe, DNS data is considered to be personal data and it will be possible for significant profiling to be carried out on the basis of this data; this may constrain what decisions can be made and by whom, at least without the knowledge and consent of the user.

>  The other face of this problem is the "control plan" discussion: DoH supporters claim that the DNS is not a proper control plan for the Internet, but then they do not provide alternatives to people that need one; they either say "do that at the endpoints" (which is generally cumbersome for non-technical users and even impossible in several legitimate cases, ranging from adversarial endpoints - e.g. a bot-infected device - to endpoints that won't have the necessary capabilities - e.g. IoT stuff), or "the Internet shall be free, go get lost!". This is likely to result in an "arms race" - if the protocol people do not provide a clear control plan, the operational people will just make one in some way, no matter how disruptive that will be.

It seems reasonable to assert that a control plane is required for operational purposes including, for example, to implement user choices and comply with local legislation.

>  While ADD already has more immediate points that deserve attention, such as the best practices for configuring Do* servers, it would be good if we could also have the architectural discussion above, which is broader and affects the Internet way beyond the DNS, though it comes up when discussing the DNS because that's where trust and control issues have been addressed until now. Perhaps this could be a separate working item or even a separate working group.

I agree that the architectural discussion needs to be had too.



Andrew

v2.23.0 | Report a Bug | By Email