IETF Logo Mail Archive

Re: [Add] Fwd: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-00.txt

Paul Wouters <paul@nohats.ca> Wed, 09 October 2019 14:05 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98F05120154 for <add@ietfa.amsl.com>; Wed, 9 Oct 2019 07:05:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8IWTqaNfXIWU for <add@ietfa.amsl.com>; Wed, 9 Oct 2019 07:05:12 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 340A8120142 for <add@ietf.org>; Wed, 9 Oct 2019 07:05:12 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 46pGFK367jz3WV; Wed, 9 Oct 2019 16:05:09 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1570629909; bh=Pwdyib2yrfenJy+Fp0nXFPvJXn8IOp0GWbXj9jcXPIg=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=kboVBsVXwP7BAewrjQGffplxDn1Ve7PLg8I0e1Mc1t8DZevQTeTxlPvbcXRuBe+mY XyOWqXZft3RVSpqSYhR3qYQzSQwyHQ58XyFMEIydsseywP60N47brK1yWLsG/UM+kp mndeocoJS1lWc6PQ5huG3hB/YqRSWp+6NjrC9iJk=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id DmzUrHNvYT7B; Wed, 9 Oct 2019 16:05:07 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 9 Oct 2019 16:05:07 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id C804E607F1DF; Wed, 9 Oct 2019 10:05:06 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id C68BD23FE47; Wed, 9 Oct 2019 10:05:06 -0400 (EDT)
Date: Wed, 09 Oct 2019 10:05:06 -0400
From: Paul Wouters <paul@nohats.ca>
To: tirumal reddy <kondtir@gmail.com>
cc: ADD Mailing list <add@ietf.org>
In-Reply-To: <CAFpG3ge=zF0W1PzZjc=ysxVzir4tMVa=8ZHs5qyxg4NbE73SPw@mail.gmail.com>
Message-ID: <alpine.LRH.2.21.1910090954170.30131@bofh.nohats.ca>
References: <157009854908.16293.4269133049514081713.idtracker@ietfa.amsl.com> <CAFpG3gdpYASvfz_ey=fsh6+8LQ11EJGyU-dVxH7_1QmVeiAQKg@mail.gmail.com> <alpine.LRH.2.21.1910051351420.26913@bofh.nohats.ca> <CAFpG3gfLLkdZt-b+r=8RY8a+yoJx2tzQOevnOLkNQSm9g9QuDw@mail.gmail.com> <alpine.LRH.2.21.1910070925260.8046@bofh.nohats.ca> <CAFpG3ge=zF0W1PzZjc=ysxVzir4tMVa=8ZHs5qyxg4NbE73SPw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/l2Xf-9LMC7R-kKlZXsul79c3Tmo>
Subject: Re: [Add] Fwd: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2019 14:05:15 -0000

On Tue, 8 Oct 2019, tirumal reddy wrote:

>       How and how would any enforcement system work for a variety of DNS
>       providers all over the world? ISPs? hotels? coffeeshops? Mobile
>       providers? Will there be an industry standard org? How will this
>       not devolve into government sanctioned mandatory DNS providers on
>       my mobile device?
> 
> Users may or may not trust the attached network and the DNS server provided by the network (e.g, a public
> network). It is similar to the way users disable VPN in specific trusted networks (e.g., Enterprise network)
> and VPN is enabled by default in all other networks.  

The user can already do that, without any help from the local network.
If someone configures a VPN or a DoT/DoH, they do not need the local
network for anything except passing a captive portal. I don't understand
what you are adding here.

Trust relationships of networks are:

1) I don't need to trust them, so I don't
2) I am forced to trust them, so I do.

In the case of an enterprise network like 2) they can already
pre-install the CA certs I need to trust on connecting to the
network (see the IETF network do something similar there)

> No. If the privacy requirements of the endpoint are not met, the DNS client can discard using the discovered
> DNS server in the attached network, and connect to a public DNS resolver meeting the endpoint privacy
> preserving data policy requirements. 

Again, it is the other way around. Users should not need or want to
trust the local network. My laptop mostly connects to completely unknown
networks with zero trust _or_ a trusted enterprise network. What are
these networks that a user should "trust to filter or log their DNS for
them" ?

> The proposed mechanism also helps the DNS client to automatically learn updates to the privacy claims by a DNS
> server and avoids the need for users to periodically manually review the privacy statement. 

Again, this is fixing a problem that I do not think exists. Why should I
trust or not trust this network with DNS to begin with? Their privacy
policy update will not change that for me. Either, they were already too
weak for me to trust, so I don't care about their DNS privacy policy
update, or I trusted them already, in which case it seems I trust them
more than my own trusted DNS - AKA I'm forced to trust them (an
enterprise network).

> The privacy policy information helps make the decision whether the DNS provider can be trusted or not. 

No it does not. It can only tell me when I for sure cannot trust them.
Since I did not audit their logging, I can never be sure to trust them.

It's like saying a privacy policy will select whether I use HTTP:// or
HTTPS://. That is not the question. The question is why would I ever
use HTTP:// ?

>       I'm still not convinced this statement is wrong. And additionally can
>       see some serious harmful effects into mandatory censorship if this kind
>       of system becomes mandatory on people's devices.
> 
> I disagree, the proposal helps the user to choose a DNS server that best supports the desired privacy
> policies.

I either have a really good DNS provider that I fully trust up my
sleeve, or I don't. If I do, I don't need the local network one.
If I don't, I have no choice but the use the local network one.

> DNS clients do not need to fallback to clear text DNS, and can use the DoT/DoH server provided by
> the local network.

Then why should I ever take a risk that this local network has a privacy
policy that does not actually match its implementation?

> Further, it also provides a mechanism to securely signal to the DNS client that the
> attached network performs DNS filtering. 

You cannot signal securely unless I have a trust anchor already on my
device that would be used. If this is a CA-type store of hundreds of
trust anchors, I cannot really trust them for this decision over a
personally selected known safe choice. If it is enterprise specific,
we already have mechanisms in place for securely obtaining updated DNS
mechanisms. Like via VPN using RFC 8598.

Paul

v2.23.0 | Report a Bug | By Email