Re: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt
Tommy Jensen <Jensen.Thomas@microsoft.com> Wed, 06 November 2019 19:10 UTC
Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9B4B12001A for <add@ietfa.amsl.com>; Wed, 6 Nov 2019 11:10:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rh29f5tF1zGb for <add@ietfa.amsl.com>; Wed, 6 Nov 2019 11:10:23 -0800 (PST)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640114.outbound.protection.outlook.com [40.107.64.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DDFB120044 for <add@ietf.org>; Wed, 6 Nov 2019 11:10:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UDbvQkjWzqXjqNEz874KF50+Tx9SGuq2Z3GSIlkxrSUvDO7BKmrBBbSlsjAuIP/Ck2SIIH0+BK+fNFXLiV3Ixj3MTrQc7pNYB/fRvszuup9lwrf+VVeh2Sf0U7whuPhyQFvKN+4JdeMYG43B/i/ioRZBYJ85Cq8/bD8W/3pkscy753GUze09N/zwVlLT/Jki0fNFDBNEkQ3QQmHbf8+7YBEBjiGgqrfdgsqph60/z0vlCY2R/dBaDU7h039XaMAoVu2aXvI4sKL5BmOl75Ps+kWTgk63gi741hZ5UT61FfmapP/WEQiMrfK/oeyf4fR6lRRQ4fG22whmk8HIdfVeIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d1kRu7qNB4qQbxXyAoU/9XTENFqVv5UxF7WCP2V7B00=; b=mh6yfernixLFCcihvg4y4Kf9Hvoj4vaPKep0e7nytGRCwlr0OA8mqWuxTgtySXfp6o4rE6M5CWuZirI4OcpIM9ZM7G8PybGnXD2FHklkdGRIDFH6007K0hDK7WeqAlqonHNHM6dWmtJ3jOEYErVCWWMzPkUchgf4/gExXWX3kSgdlL7H8IrYlytJFNJiekVw38divPwUOVDKLFIpZW91Dlq/KLL/mJf9YKZ7IXZ1FfrVemk+Vf4wMuQIZJI9edvh3gcuXlTMw44qxEeg3Ek3WLqudTBbk6ZQDnMs7Wckd2wYIvx0U3qjqUHDoTWz43VAsYOipsibz+ZF72TuZQGFYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d1kRu7qNB4qQbxXyAoU/9XTENFqVv5UxF7WCP2V7B00=; b=T8gBNBMcXBEdhyaHAMkggVpwEX8pN8v1LD7eA2c6pYaYmZf2Yhv9tJCSoFrFp0pEq5hp202DY/2XXcE3NirrcQecGu+Dan9XepsvpUh18DrhdWySV8EtsK7cEMeLemlrGF8Az2p0Z8y6D5Yfsv3aQhC97ml1oms7P+O0ESa2aEk=
Received: from SN2PR00MB0077.namprd00.prod.outlook.com (10.167.20.149) by SN2PR00MB0224.namprd00.prod.outlook.com (10.167.19.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2465.0; Wed, 6 Nov 2019 19:10:21 +0000
Received: from SN2PR00MB0077.namprd00.prod.outlook.com ([fe80::a4d4:609:3efd:657a]) by SN2PR00MB0077.namprd00.prod.outlook.com ([fe80::a4d4:609:3efd:657a%12]) with mapi id 15.20.2469.000; Wed, 6 Nov 2019 19:10:21 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>, "add@ietf.org" <add@ietf.org>
Thread-Topic: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt
Thread-Index: AQHVlBmqI+TJbrJbJk2D2aZbSQ7kPqd+MmqAgABJNKk=
Date: Wed, 06 Nov 2019 19:10:20 +0000
Message-ID: <SN2PR00MB0077009FBBB40FB2B3DD9B35FA790@SN2PR00MB0077.namprd00.prod.outlook.com>
References: <157288444149.16545.17250458995529707952.idtracker@ietfa.amsl.com> <CADZyTk=5g7toa5QwaQ9tCO1d2iJ1-pF9W6RzOEi9MjrsnyLsFw@mail.gmail.com>, <2f52a096-ae14-a9f8-1dbf-8931e3204ec7@cs.tcd.ie>
In-Reply-To: <2f52a096-ae14-a9f8-1dbf-8931e3204ec7@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-11-06T19:10:20.541Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Jensen.Thomas@microsoft.com;
x-originating-ip: [2001:4898:80e8:1:e13d:ce9e:14de:9b2b]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ce2453f2-2969-4d7d-e959-08d762ecf823
x-ms-traffictypediagnostic: SN2PR00MB0224:
x-microsoft-antispam-prvs: <SN2PR00MB0224CF4D2A5A0CCACE38D856FA790@SN2PR00MB0224.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 02135EB356
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(39860400002)(366004)(396003)(346002)(52314003)(189003)(199004)(316002)(55016002)(71200400001)(10090500001)(71190400001)(2501003)(6436002)(486006)(66556008)(105004)(6116002)(606006)(46003)(478600001)(476003)(446003)(52536014)(11346002)(19627405001)(66574012)(86362001)(9686003)(64756008)(186003)(66446008)(53546011)(54896002)(6506007)(102836004)(229853002)(6306002)(256004)(76116006)(91956017)(5660300002)(296002)(22452003)(7736002)(8936002)(15650500001)(66946007)(561944003)(99286004)(74316002)(7696005)(76176011)(33656002)(8990500004)(110136005)(81156014)(81166006)(8676002)(10290500003)(14444005)(966005)(6246003)(66476007)(2906002)(14454004)(236005)(25786009); DIR:OUT; SFP:1102; SCL:1; SRVR:SN2PR00MB0224; H:SN2PR00MB0077.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jO5IGUX0g3NZSAXCnMVAxeoB2+D7Ex4ueqD3337+O1AO3OuAOdZmfdbiAnM7VauryifK+daTLQROxtyQClT/7y4fC5Je1uUdFuF+LYBHNW9AaoVTLM/oN93at63ro2jtxvJgxI2DJJQh6jRNNux5j2WNN/y1Q83oBaPqbif4cDDGy3PZKrEzI2RKVS+lPEozXesMK6UK8y5uJ4PxQe2itvFEY2fiySvlr18kxunkeXdYg1LI5DWYHsYfzGbdFNlDoY2A3Wt6wuJjk+KNwKqR1bHXE3X0ksHNY3NKU27gKRB1z63U8aIs1ix0i3/BFwwsbh7JDuMbhxK1GN8JzaNfJxu42WjULOyI8gbsCKF4q+BLtGpWRlucmaJpA1SnVhkGj28ETITSKdny7Kq0GmKdeMrB7HDzUwxaoQe14FVe7YM+Um/t7XPBfDmVHGnM1NDs
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_SN2PR00MB0077009FBBB40FB2B3DD9B35FA790SN2PR00MB0077namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ce2453f2-2969-4d7d-e959-08d762ecf823
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2019 19:10:20.9812 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BwWvwxqsANDFbt6quVBwo8EKisW3bnx2MrwjZr3n2LBIKW85JdN6mWXcSRRO1UMmWYrd1I1aIlkqxc7wHjJAsg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN2PR00MB0224
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/fNBK0BGbUIPlQpJc5YqaMRDWLas>
Subject: Re: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 19:10:27 -0000
Hey Daniel, Adding onto Stephen's comments (+1 to not sure what the goal of this document is), I'll point out a reoccurrence of the common but false assumption that DoH always means browsers and always means centralization: draft>> DoH changes this paradigm in the way that an application can circumvent the policy set by the end user, without the end user being aware of it. Firstly, the encryption is performed by the application and as such does not provide any visibility to the operating system. DoH doesn't change this paradigm at all, as it isn't a protocol just for apps (see the Adaptive DNS proposal for an example of a platform providing DoH). This problem (apps doing their own DNS and circumventing system configured policy) existed before and continues to exist with classic DNS; it just so happened that the traffic was plain text so any network sniffing software could observe and possibly modify or block it. I consider that an unfortunate side effect of plain text protocols, not a feature we should be working to preserve. It's not like apps doing their own DNS queries today are visible to most users today, who don't know what packet inspection is. I think if we drive widespread adoption of encrypted DNS protocols by platforms and ISPs, we'll have better luck convincing well-behaved applications to defer to platform configurations than any other approach. After all, why build per-app experiences if the platform experience is already "good" in the eyes of the privacy conscious? This will address the concern of centralization of the DNS as well (which is not an inherent DoH problem, but an inherent "default provider for all customers of X app/platform" problem). As far as ill-behaved applications go, they were going to do whatever they wanted anyway, and pushing DoH adoption doesn't give them powers they didn't already have. At some point, the problem becomes one of the user needing to decide what apps they trust which we cannot help with via protocol design. Thanks, Tommy ________________________________ From: Add <add-bounces@ietf.org> on behalf of Stephen Farrell <stephen.farrell@cs.tcd.ie> Sent: Wednesday, November 6, 2019 6:20 AM To: Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>; add@ietf.org <add@ietf.org> Subject: Re: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt Hi Daniel, On 05/11/2019 20:40, Daniel Migault wrote: > Please find an analysis on DoH and privacy. The intent is to provide an > analysis. Any feed backs are welcome! My feedback: - I don't see how this adds to the discussion. ISTM this is yet another one-sided description of the issues. What do you think is the added benefit of having this text in an Internet-draft? Honestly, I don't get it. - In particular, I don't think your "conclusion" that "the overall picture of concentration shows that it represents a threat to the end user's privacy" can be justified based on the content. I'm assuming "represents a threat" is not just weasel-wording for "might be" which is trivially true. If you mean anything stronger than "might be" then that's not justified IMO and if you mean "might be" or anything weaker, then it looks like stretching to find a pejorative way to describe things. Cheers, S. PS: In saying the above, I do think there are dangers in how DoH deployments might increase centralisation. But I also think that one-sided descriptions of those dangers make the conversations more, and not less, difficult. > > Yours, > Daniel > ---------- Forwarded message --------- > From: <internet-drafts@ietf.org> > Date: Mon, Nov 4, 2019 at 11:20 AM > Subject: New Version Notification for > draft-mglt-abcd-doh-privacy-analysis-00.txt > To: Daniel Migault <mglt.ietf@gmail.com> > > > > A new version of I-D, draft-mglt-abcd-doh-privacy-analysis-00.txt > has been successfully submitted by Daniel Migault and posted to the > IETF repository. > > Name: draft-mglt-abcd-doh-privacy-analysis > Revision: 00 > Title: A privacy analysis on DoH deployment > Document date: 2019-11-04 > Group: Individual Submission > Pages: 11 > URL: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-mglt-abcd-doh-privacy-analysis-00.txt&data=02%7C01%7CJensen.Thomas%40microsoft.com%7Ce85f2b5a2eec4a50d4de08d762c47bcc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086471402836031&sdata=w7GwUhz%2BIVSB5VW%2BtyEKvAUjTTh%2BNhq12tpVbM5Zw0o%3D&reserved=0 > Status: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-mglt-abcd-doh-privacy-analysis%2F&data=02%7C01%7CJensen.Thomas%40microsoft.com%7Ce85f2b5a2eec4a50d4de08d762c47bcc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086471402836031&sdata=XmWL4PabqWROpOd1YmGsKfQ9ucjP16tanC5PnTuewAw%3D&reserved=0 > Htmlized: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-mglt-abcd-doh-privacy-analysis-00&data=02%7C01%7CJensen.Thomas%40microsoft.com%7Ce85f2b5a2eec4a50d4de08d762c47bcc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086471402836031&sdata=tpXDCA5qibyJU0%2FBcvkCHxRoKhWTZYi9s4fln0MQLx8%3D&reserved=0 > Htmlized: > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-mglt-abcd-doh-privacy-analysis&data=02%7C01%7CJensen.Thomas%40microsoft.com%7Ce85f2b5a2eec4a50d4de08d762c47bcc%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086471402836031&sdata=l4GflUzS14Z68kdSWxLzCjIYKoHWtY%2BwxFxCO5FY%2FEY%3D&reserved=0 > > > Abstract: > This document provides an analysis on DoH impact on privacy > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > >
- [Add] Fwd: New Version Notification for draft-mgl… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Rob Sayre
- Re: [Add] Fwd: New Version Notification for draft… Alec Muffett
- Re: [Add] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [Add] Fwd: New Version Notification for draft… Tommy Jensen
- Re: [Add] Fwd: New Version Notification for draft… Bob Harold
- Re: [Add] Fwd: New Version Notification for draft… Vittorio Bertola
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Christian Huitema
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Rob Sayre
- Re: [Add] Fwd: New Version Notification for draft… Christian Huitema
- Re: [Add] Fwd: New Version Notification for draft… Rob Sayre