Re: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt
Daniel Migault <daniel.migault@ericsson.com> Wed, 06 November 2019 21:46 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD12A120145 for <add@ietfa.amsl.com>; Wed, 6 Nov 2019 13:46:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Level:
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.082, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LH8CrKj8F7Cm for <add@ietfa.amsl.com>; Wed, 6 Nov 2019 13:46:03 -0800 (PST)
Received: from mail-vs1-f49.google.com (mail-vs1-f49.google.com [209.85.217.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1F6512010E for <add@ietf.org>; Wed, 6 Nov 2019 13:46:02 -0800 (PST)
Received: by mail-vs1-f49.google.com with SMTP id a143so17062767vsd.9 for <add@ietf.org>; Wed, 06 Nov 2019 13:46:02 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CFSXyIswMNlCM8wzpek6efAZ3uVv1zXnBwSeXqhOGRM=; b=q+jYegTcySyE5zizNnXGO98xiB2lgDGsRKZEgrDDujLrtiAVACPHHeO9lUO0zg7YmV FYZtrjqrlJK7BSS8XoxE1t+6TjYzBpPROiMhDjS9xMKhSIFFitj6BJcmUvYyOjxAg8Wq 46804TkkSW6rpojBYeTsW3aOkuUhg4ycOF+VGImcZYLuuOLpPa6+msZE1tuN4A6I0yVd 4QZAArO9cnMNmp3dDM040i7hR96REG5xwDybEtU3MsY3HLshFcvIeh1NjN/NlesQi8ul wzw17TPyxcH5fkxKrJl09w0IOXg/K5wDlYgwpUH3sXstNPgY0wuzWBF8EsVFVl9NXAQj piPg==
X-Gm-Message-State: APjAAAV3vIOaw1vRL63gLpSaLQp/Er/F7K6U2pZXYLdh/GUhkBYl9SxR Q4Lcs3W1RFywllK2j8ro0V4llvwqArTxz1a8WUg=
X-Google-Smtp-Source: APXvYqxNo6CgpB4hIe1TUHQjgVOnSI/3ZNDBMr5Sgu8XG4HjpzGDCfdR4QF3g3aaR+2Q/e3Vxsjm/TJCNaVL3ziurwI=
X-Received: by 2002:a05:6102:810:: with SMTP id g16mr118642vsb.69.1573076761794; Wed, 06 Nov 2019 13:46:01 -0800 (PST)
MIME-Version: 1.0
References: <157288444149.16545.17250458995529707952.idtracker@ietfa.amsl.com> <CADZyTk=5g7toa5QwaQ9tCO1d2iJ1-pF9W6RzOEi9MjrsnyLsFw@mail.gmail.com> <2f52a096-ae14-a9f8-1dbf-8931e3204ec7@cs.tcd.ie> <SN2PR00MB0077009FBBB40FB2B3DD9B35FA790@SN2PR00MB0077.namprd00.prod.outlook.com> <CA+nkc8Aw+PPktomjwydWtfvVyM6Phhn9YbL33WV65-sbS0k1AA@mail.gmail.com> <1030648680.29401.1573073455702@appsuite-gw1.open-xchange.com>
In-Reply-To: <1030648680.29401.1573073455702@appsuite-gw1.open-xchange.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Wed, 06 Nov 2019 16:45:50 -0500
Message-ID: <CADZyTkn-0imBEkZUHtfYDhGw3QvF5HYc5tA+a86kbwqhLBQe7w@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
Cc: Bob Harold <rharolde@umich.edu>, "add@ietf.org" <add@ietf.org>, Daniel Migault <daniel.migault=40ericsson.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000975ed10596b479a2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/fSz0vuzVU9GsKQ1JRZEetWkKTz8>
Subject: Re: [Add] Fwd: New Version Notification for draft-mglt-abcd-doh-privacy-analysis-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 21:46:05 -0000
Hi Vittorio, I agree that it will be hard to have a general statement as DoH brings more or less privacy. As you mention "it depends". However, I believe it should documented, so the end user can understand in which context he is and what to do. Yours, Daniel On Wed, Nov 6, 2019 at 3:51 PM Vittorio Bertola <vittorio.bertola= 40open-xchange.com@dmarc.ietf.org> wrote: > > Il 6 novembre 2019 20:35 Bob Harold <rharolde@umich.edu> ha scritto: > > > > On Wed, Nov 6, 2019 at 2:10 PM Tommy Jensen <Jensen.Thomas= > 40microsoft.com@dmarc.ietf.org> wrote: > > As far as ill-behaved applications go, they were going to do whatever they > wanted anyway, and pushing DoH adoption doesn't give them powers they > didn't already have. At some point, the problem becomes one of the user > needing to decide what apps they trust which we cannot help with via > protocol design. > > > I agree with most of your points - but here you say "pushing DoH adoption > doesn't give them powers they didn't already have". One concern is IF some > major web service enables DoH on a major web server, then that does make it > very easy for apps to hide their DNS in a way they could not easily do > before. > > More generally, applications could already do their own > DNS-over-whatever-type-of-encryption-and-obfuscation-protocol, but they > would have to develop it on their own and also develop and run the related > server. After standardizing DoH and getting it widely adopted, applications > that want to reach that objective just need to deploy a readily available > Web client library and use any of the many public servers - something that > any script kiddie can do. > > Note that this is less true of DoT, since DoT towards out-of-perimeter > servers would more easily be detectable and blockable. This is why I have > heard some cybersecurity people suggest that the industry should promote > DoT rather than DoH, as they see it less likely that DoT will circumvent > national cybersecurity practices and law enforcement mechanisms. > > Regarding Daniel's draft, I appreciate the effort and I partly tried to do > this and other analyses in my draft for Prague, but I then realized that > there are people here that will never consent to such a document becoming > an agreed standard, even if informational. So I suggest that we should > focus on a few technical developments for interoperability purposes that we > can agree upon, such as standardized ways for the local network to > advertise their own Do* service and their use of it for local policy > enforcement, and give up discussions on deployment models and human rights > assessments. I don't think we could ever get to agreement here on whether > DoH brings more privacy and freedom or less of it, as the answer is really > "it depends". > > -- > > Vittorio Bertola | Head of Policy & Innovation, Open-Xchange > vittorio.bertola@open-xchange.com > Office @ Via Treviso 12, 10144 Torino, Italy > > -- > Add mailing list > Add@ietf.org > https://www.ietf.org/mailman/listinfo/add >
- [Add] Fwd: New Version Notification for draft-mgl… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Rob Sayre
- Re: [Add] Fwd: New Version Notification for draft… Alec Muffett
- Re: [Add] Fwd: New Version Notification for draft… Stephen Farrell
- Re: [Add] Fwd: New Version Notification for draft… Tommy Jensen
- Re: [Add] Fwd: New Version Notification for draft… Bob Harold
- Re: [Add] Fwd: New Version Notification for draft… Vittorio Bertola
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Christian Huitema
- Re: [Add] Fwd: New Version Notification for draft… Daniel Migault
- Re: [Add] Fwd: New Version Notification for draft… Rob Sayre
- Re: [Add] Fwd: New Version Notification for draft… Christian Huitema
- Re: [Add] Fwd: New Version Notification for draft… Rob Sayre