Re: [Add] Fwd: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-00.txt
Michael Richardson <mcr@sandelman.ca> Mon, 07 October 2019 12:25 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B575712007C for <add@ietfa.amsl.com>; Mon, 7 Oct 2019 05:25:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h9qFTGnk37GD for <add@ietfa.amsl.com>; Mon, 7 Oct 2019 05:25:24 -0700 (PDT)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B80B312004E for <add@ietf.org>; Mon, 7 Oct 2019 05:25:23 -0700 (PDT)
Received: from dooku.sandelman.ca (unknown [80.233.45.41]) by relay.sandelman.ca (Postfix) with ESMTPS id 2FCBF1F456; Mon, 7 Oct 2019 12:25:21 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 6CFDE2B03; Mon, 7 Oct 2019 11:58:19 +0200 (CEST)
From: Michael Richardson <mcr@sandelman.ca>
To: ADD Mailing list <add@ietf.org>
cc: Paul Wouters <paul@nohats.ca>
In-reply-to: <alpine.LRH.2.21.1910051351420.26913@bofh.nohats.ca>
References: <157009854908.16293.4269133049514081713.idtracker@ietfa.amsl.com> <CAFpG3gdpYASvfz_ey=fsh6+8LQ11EJGyU-dVxH7_1QmVeiAQKg@mail.gmail.com> <alpine.LRH.2.21.1910051351420.26913@bofh.nohats.ca>
Comments: In-reply-to Paul Wouters <paul@nohats.ca> message dated "Sat, 05 Oct 2019 13:58:01 -0400."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 07 Oct 2019 11:58:19 +0200
Message-ID: <28989.1570442299@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/hFZnupKGBn-V4XLx7RfeW_eeFC8>
X-Mailman-Approved-At: Mon, 07 Oct 2019 07:06:46 -0700
Subject: Re: [Add] Fwd: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 12:25:26 -0000
Paul Wouters <paul@nohats.ca> wrote: >> We have >> published https://tools.ietf.org/html/draft-reddy-dprive-dprive-privacy-policy-00 that >> discusses a mechanism for the DNS server to communicate its >> cryptographically signed privacy policy information to a DNS >> client. By evaluating the DNS privacy policy and the signatory, the >> DNS client can choose to select or avoid a DoT/DoH server if it >> doesn't comply with the client's privacy expectations. > Section 10 Security Considerations describes well why I think this is > not a good idea. Publishing a privacy policy in a computer consumable > way has no relationship to the actual DNS server's privacy policy used. > This is not a technical wire problem to solve with an RFC. It is a > social-economic issue. Can we trust vendor X? And vendor X making > claims in JSON about this isn't useful from a technical point of view, > no matter how or where and with what such statements are (self)signed. Of course vendor X probably can't say anything trust-worthy about itself. Depending upon one's relationship with X one may be in a position to believe statements from it and take appropriate action. For instance, if X is your employer and your BYOD is paying attention to this statement, then you might decide to refrain from visiting NSFW site FOO. Or decide to use LTE. But, we anticipate that vendor X would have the implementation of their policy reviewed regularly by some other endorser Y. We have been in contact with a few entities that have done these kinds of reviews of DoT systems in the past, but at this point I don't think we have a shared understanding of goals yet. Section 6... The PAT is cryptographically signed by the domain hosting the DNS server and OPTIONALLY BY A THIRD PARTY WHO PERFORMED PRIVACY AND SECURITY AUDIT OF THE DNS SERVER. The privacy policy information will be attested using "Organization Validation" (OV) or "Extended Validation" (EV) certificates to avoid bad actors taking advantage of this mechanism to advertise DNS-over-TLS and DNS-over-HTTPS servers for illegitimate and fraudulent purposes meant to trick DNS clients into believing that they are using a legitimate DNS-over-TLS or DNS- over-HTTPS server hosted to provide privacy for DNS transactions. Alternatively, the DNS client will have to be configured to trust the leaf of the signer of the PAT object. That is, trust of the signer MUST NOT be determined by validating the signer via the OS or browser trust chain because that would allow any arbitrary entity to operate a DNS server and assert any sort of privacy policy. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
- [Add] Fwd: New Version Notification for draft-red… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Michael Richardson
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… Michael Richardson
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… Michael Richardson
- Re: [Add] Fwd: New Version Notification for draft… Paul Wouters
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy