IETF Logo Mail Archive

Re: [Add] ADD Requirements Draft

tirumal reddy <kondtir@gmail.com> Fri, 04 September 2020 07:28 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CEA93A0FD5 for <add@ietfa.amsl.com>; Fri, 4 Sep 2020 00:28:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ZoAJKuvxFlM for <add@ietfa.amsl.com>; Fri, 4 Sep 2020 00:28:33 -0700 (PDT)
Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F1A63A0FD2 for <add@ietf.org>; Fri, 4 Sep 2020 00:28:33 -0700 (PDT)
Received: by mail-il1-x12b.google.com with SMTP id b17so5537806ilh.4 for <add@ietf.org>; Fri, 04 Sep 2020 00:28:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VOjhFr3vFrOaWSno8tJV1y2h6WBgrmPdfon3HfHMwTg=; b=AFLRAxS4QRarLu18DdGXdxVLLjgMQXAd1aOE/LhTuZuy+CR+LfMmdWdvAZ4AdEH5l+ 1+SKi0QLAE35+OtJ0b66NqB7b0Fa6Kh8ls1d1xJVXadd/WKXQNcV+7MXS4lUVM5QmU2L L5eGR6PtH1Mxad/wzSCsrqHVNIyzXOIUqWHdrAnZEB8uQawnzq4sTXTWbYPzzamKC8TG bZEWJkatoSkZtVRKVN754zn4mDD2FkFyR5mqQDDWv5UE8tFi4l3fgNNN0caqXLzXBaZj aNFAWDeZqjbsuXE8hl93byIJe+CYNOaNBTVRSplk2ZKuyI+TtnbIQFZoQguFMLlSGHz2 QhPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VOjhFr3vFrOaWSno8tJV1y2h6WBgrmPdfon3HfHMwTg=; b=GRUCrhEm74CNpQiF9MLbuUsQkutxGpTCIAdtiaOyR2mfLtEPTgR2xPjH/XbjSCy3wz 0UWfusucBH6Kre4zeLRQD0rDCZW/L7OJSrT6Eb1Vz13c6a6ATYUL5Z2iZashhtBpGpO8 8IEDR3uYuofXLbd4PQ8D5WIIfomWBpu15MGL33qoQP8xJEcZof73sOLnIftHsysdI3RC bjST4P3gmJfjI9KSI79PcF1CXhNLFgqBM3kkFTpFeunP5U3vQG89ejNk8vwR0uuo05r/ +MGs2PpKEqp5EOS3Y7YcE76XqF1B/He6r5agPPEa3oP2JPvFaSg7SVwUnSpGTrEw4PP+ bLcg==
X-Gm-Message-State: AOAM530Ga6thC5F2qr8QEiFsxoq9+kay9SCYxVjg6ywY+Sb0hhVJlZ35 rOySKRHzE3c0QKNeZ3MkdViYGdujL+hFlDwCtj1467hpc1XAUA==
X-Google-Smtp-Source: ABdhPJwz3PXPCD6zMtI3WAV7IVXpPK+y25F1HHrm4rDtDCDLM0uGBkUKCS1a1ltOGzYxEapu0G4l8o6cMTFUKNV7qzY=
X-Received: by 2002:a92:480f:: with SMTP id v15mr6341523ila.123.1599204512908; Fri, 04 Sep 2020 00:28:32 -0700 (PDT)
MIME-Version: 1.0
References: <31194C90-6C0B-470C-8B14-79C12D2C5C0D@comcast.com> <CACJ6M14gXmEHc_fX8=GpKwRDn6C=R7LR06JG_Qg-cWR5agU9Hw@mail.gmail.com> <391E15D2-9208-4BA9-B01E-3673982DA6CE@apple.com> <CABcZeBMXvcF6PJWE+EkGVx1c9RXzO1XuB3xhrVKUJvUb=aus8A@mail.gmail.com> <4cd8a8c6-3516-4ad6-877c-9460d8096773@www.fastmail.com> <CAFpG3gfkrKGiuPRH1QvH+-w2H=N1ijtDpk5Oh=D2JOp-L4Q1+w@mail.gmail.com> <CABcZeBNhHcNAkVm=PNUvV8_vGVvDvJbaMVHB_w9zu63+ebQwpQ@mail.gmail.com> <CAFpG3gcAjHkh7boDwLq+sHpGtfB2WT0NbuuFqqBQs2M6BZkAOQ@mail.gmail.com> <CABcZeBMi-B7LKB6ipt6vLSZcF9OMLga8f+qydpZVOhOGQrttuQ@mail.gmail.com> <CAFpG3geQefT0=fN-6UFwDqLLqbb1XthHA=np4HPS2NfSO77csA@mail.gmail.com> <CABcZeBPmfe8Um38xFHoxw+26-YQxFUPN+p4aW9uzbPKGy1xz4g@mail.gmail.com> <CAFpG3gefyTcibzfQ-dzXKv5fKE=vwUktux0dz25wNL7_+tf7MA@mail.gmail.com> <CABcZeBMVcH74RYXZrLRNtHLi-xZgGxRHA2CsH6nbiz+5uGM32g@mail.gmail.com> <CAFpG3gcJeXyuJ4n8N6wyDvVJGkO1toVC4hUXjL6ACWg+sent+w@mail.gmail.com> <CABcZeBNS7EEw+zX-rgOJpiBbqw6jn80uXSR60Mj-oCRwEnTAjQ@mail.gmail.com> <CAFpG3gcP=9D=7_yS3Nb6a+jHLCTmS5r6a56sCMR98bnzdgoYSg@mail.gmail.com> <6EAEEBAA-1EC5-4A3B-B1BD-D4BE90830F91@apple.com>
In-Reply-To: <6EAEEBAA-1EC5-4A3B-B1BD-D4BE90830F91@apple.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Fri, 04 Sep 2020 12:58:21 +0530
Message-ID: <CAFpG3gejehm9E+W2XOKEBSYVejHHK8wm0tkjGC-q3ep7FbHOBg@mail.gmail.com>
To: Tommy Pauly <tpauly@apple.com>
Cc: Eric Rescorla <ekr@rtfm.com>, ADD Mailing list <add@ietf.org>, Christopher Wood <caw@heapingbits.net>
Content-Type: multipart/alternative; boundary="000000000000ea4a0805ae77d034"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/f_-xboF7OCITy4mJT1gF6cVEwho>
Subject: Re: [Add] ADD Requirements Draft
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Sep 2020 07:28:36 -0000

On Thu, 3 Sep 2020 at 20:32, Tommy Pauly <tpauly@apple.com> wrote:

>
>
> On Sep 3, 2020, at 2:23 AM, tirumal reddy <kondtir@gmail.com> wrote:
>
> Hi Eric,
>
> I think you have misunderstood the purpose of the draft. I would like to
> clarify the intent:
>
> 1) It prevents the client from connecting to an Encrypted DNS resolver
> hosted by an attacker. It is useful when the Encrypted
> DNS server is insecurely discovered (e.g., using DHCP/RA, SUDN) and the
> discovered encrypted
> server is not pre-configured in the OS/Browser. It resembles the
> Background-Check Model discussed in Sections 5.2 and 5.3 of Remote
> attestation procedure (RATS) Architecture
> https://tools.ietf.org/html/draft-ietf-rats-architecture-05.
>
> 2)It does not require Encrypted DNS servers to use EV certificates.
> However, the verifier creating the attestation results
> may or may not use EV certificates depending on whether the Encrypted DNS
> server will be discovered securely
> or insecurely. For example, the verifier need not use EV certificate in
> the following scenarios:
>
> a. If the Encrypted DNS server will only be discovered securely (e.g.,
> using IKEv2), the verifier need not
>     use an OV/EV certificate.
>
> b. Another scenario is bootstrapping a networking device to use the
> encrypted DNS server in the local network. Secure Zero Touch Provisioning
> (RFC8572) defines a bootstrapping strategy for enabling devices to securely
> obtain the required configuration information with no user input. If the
> encrypted DNS server is insecurely discovered and not pre-configured in the
> networking device, the client can validate the Policy Assertion Token
> signature using the owner certificate as per Section 3.2 of RFC8572. In
> this case, the owner certificate
> need not be an OV/EV certificate.
>
> 3. The draft also signals resolver information like whether the resolver
> performs filtering, reasons for filtering and
> URL to privacy/audit statement. It does not signal any machine-parsable
> privacy policy and it does not intend to replace
> the privacy statement provided by a legal attorney.  It is helpful in
> scenarios where the discovered resolver is not
> pre-configured in the OS/Browser. It aligns with the charter of ADD to
> "define a mechanism that allows communication of DNS resolver
> information to clients for use in selection decisions. This could be part
> of the mechanism used for discovery, above."
>
>
> This charter point refers, I believe, to information like applicable or
> private domains, provider identity, etc. I think that filtering policy and
> auditing statements are not in scope: "Making any recommendations about
> specific policies for clients or servers is out of scope.”
>

The draft does not recommend any specific policies for clients or servers.
For example, it does not discuss any "privacy policies'.

a) It explains DNS server identity and cryptographically attesting the
identity.
b) It also discusses whether the server performs filtering, reasons for
filtering (blocking malware/phishing etc.). We are considering the conveyed
resolver information as "resolver capabilities". It does not recommend any
specific policy for the server/client.

-Tiru


>
>

> Thanks,
> Tommy
>
>
> Hopefully it clarifies for further reviews.
>
> Cheers,
> -Tiru
>
> On Thu, 3 Sep 2020 at 06:54, Eric Rescorla <ekr@rtfm.com> wrote:
>
>> Tirumal,
>>
>> I think this conversation has gone beyond the point where it is
>> productive.
>>
>> I do not believe that users are going to be able to meaningfully consume
>> either real world identity information ("This is run by company X") or
>> privacy policy information about resolvers. We've tried that in several
>> other domains and it hasn't worked, and I don't think going through why in
>> a lot of detail is going to illuminate the situation here. But more to the
>> point, I think you're hearing that client vendors aren't interested, so
>> standardizing this would not help. If you want to continue to propose this,
>> I suggest that you find some set of clients which would consume it, at
>> which point a discussion of the merits of this idea will be more useful.
>>
>> -Ekr
>>
>>
>>
>> On Wed, Sep 2, 2020 at 5:32 AM tirumal reddy <kondtir@gmail.com> wrote:
>>
>>> Please see inline
>>>
>>> On Tue, 1 Sep 2020 at 22:16, Eric Rescorla <ekr@rtfm.com> wrote:
>>>
>>>>
>>>>
>>>> On Tue, Sep 1, 2020 at 4:10 AM tirumal reddy <kondtir@gmail.com> wrote:
>>>>
>>>>> Hi Eric,
>>>>>
>>>>> Please see inline
>>>>>
>>>>> On Fri, 28 Aug 2020 at 19:08, Eric Rescorla <ekr@rtfm.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Aug 28, 2020 at 12:35 AM tirumal reddy <kondtir@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> On Thu, 27 Aug 2020 at 18:46, Eric Rescorla <ekr@rtfm.com> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Aug 26, 2020 at 10:15 PM tirumal reddy <kondtir@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi Eric,
>>>>>>>>>
>>>>>>>>> Please see inline
>>>>>>>>>
>>>>>>>>> On Wed, 26 Aug 2020 at 16:50, Eric Rescorla <ekr@rtfm.com> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> As I said when you first proposed this in an ADD meeting, I do
>>>>>> not believe that anything of this kind is viable.
>>>>>>
>>>>>
>>>>>> 1. Certificates tied to a legal entity have not been effective, which
>>>>>> is why browsers are removing EV.
>>>>>>
>>>>>
>>>>> The draft does not propose using EV certificates for encrypted DNS
>>>>> servers, please see
>>>>> https://tools.ietf.org/html/draft-reddy-add-server-policy-selection-05#section-4 for
>>>>> more details.
>>>>>
>>>>
>>>> It proposes something similar, which I expect to have the same
>>>> drawbacks.
>>>>
>>>
>>> Can you please explain the drawbacks for further discussion ?
>>>
>>>
>>>>
>>>>
>>>> 2. There is ample evidence that users do not read privacy policies.
>>>>>>
>>>>>
>>>>> The DNS server privacy statement is much more simpler compared to a
>>>>> typical privacy statement by a
>>>>> content service provider (see
>>>>> https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-14#section-6).
>>>>>
>>>>
>>>> I don't think that makes it significantly more likely that people will
>>>> read it.
>>>>
>>>
>>> It varies from person to person. People may not read the privacy
>>> statements because they visit several domains in a day. The DNS operators a
>>> user will use will be very few, for example an user may want to use a
>>> discovered resolver in selected networks like Enterprise or Home network.
>>> Further, encrypted DNS resolver publishing the privacy statement URL is a
>>> best practise similar to the way OS mandating apps to publish privacy
>>> policy.
>>>
>>>
>>>>
>>>>
>>>> Further, automated analysis of a privacy statement is possible using
>>>>> deep learning (
>>>>> https://pribot.org/files/Polisis_USENIX_Security_Paper.pdf). You can
>>>>> explore polisis and pritbot at https://pribot.org to explore the
>>>>> analysis of privacy statements by several organizations..
>>>>>
>>>>
>>>> I took a quick look at this tool and while it appears to be interesting
>>>> work, it does not produce output which I think is likely for users to
>>>> actually assimilate. For instance here is what it does with McAfee's policy:
>>>>
>>>> https://pribot.org/polisis/?company_url=mcafee.com&_id=59d8f9c4e3dd0c4e24555c1d&category=first-party-collection-use
>>>>
>>>
>>> The summary page is quite easy for end users to review the
>>> positives/negatives to watch out for and it also highlights the relevant
>>> text in a large privacy document (see
>>> https://pribot.org/polisis/?company_url=http%3A%2F%2Fmcafee.com&_id=59d8f9c4e3dd0c4e24555c1d&category=assessment).
>>> The DNS server privacy statement is much more simpler compared to a typical
>>> privacy statement for deep learning to identify if the server is
>>> privacy-friendly.
>>>
>>>
>>>>
>>>> We've already run this experiment of machine readable privacy policies
>>>> once with P3P and I don't see a reason to think this will be any different
>>>>
>>>
>>> No, the draft does not discuss any machine readable privacy policies
>>> other than conveying the privacy statement URL.
>>>
>>>
>>>>
>>>> Taking a step back here: is there any client with significant usage
>>>> that would be interested in consuming this kind of policy when published by
>>>> a resolver? If so, I'd like to hear from them about their needs. If not, it
>>>> doesn't seem worth discussing further.
>>>>
>>>
>>> The draft only discusses conveying resolver information and does not
>>> discuss any machine parsable privacy policy.
>>>
>>> -Tiru
>>>
>>>
>>>>
>>>> -Ekr
>>>>
>>>> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>
>
>

v2.23.0 | Report a Bug | By Email