IETF Logo Mail Archive

Re: [Add] meeting hum: should the IETF take up this work?

Eric Rescorla <ekr@rtfm.com> Wed, 31 July 2019 15:55 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EC8D1203D2 for <add@ietfa.amsl.com>; Wed, 31 Jul 2019 08:55:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0-haTWgxZbW for <add@ietfa.amsl.com>; Wed, 31 Jul 2019 08:55:19 -0700 (PDT)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E807F1203A0 for <add@ietf.org>; Wed, 31 Jul 2019 08:55:18 -0700 (PDT)
Received: by mail-lj1-x22e.google.com with SMTP id k18so66100996ljc.11 for <add@ietf.org>; Wed, 31 Jul 2019 08:55:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=LpWu7dtU1laGRfv+FHpZqmq9HHS6aS3IEbz+V9z+n+A=; b=ZxbERRVUSr1jfhIxYtAjitk0O7G60dF413MdST2C7glEev1D/ejOGL11tjp3cbJuII UICF+rAF00c8SCRFJdb42vXZLru993SgQwX2gEN3ZJdBTK7R+EMwNjMj3BZdsyrc7Dd1 qqiqN8tTSEUme5kGB7lLI9gWdryybQ6fw1ZFtH8YGRTXSYgPLwogIMcOOilp2m16tpuC +uNIy/UaBP8ZptXQeITwWFEoYIWTXhSlEn8TbUJJbNZke193u9qOo8AEllbdZAqUeL33 oBWn6FfN3pq5+q7x/WqY9VFzImZGn73/byCQE7C/1gw3kcgHQTjVHmwtt74+6VhSZIoG /TWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=LpWu7dtU1laGRfv+FHpZqmq9HHS6aS3IEbz+V9z+n+A=; b=mqkg9PulQUvbXWFCO3dXKSaAG1wHzO8ti+cHaJo15678fKScr/OKdbEH+rN6UI7H2k TWUqga/fpOqQyZSuexbUsvToDtsJ0tf0O+aBZs5GlzSXlr52oi2O4vkDs8kGmTucwE/H xM5bmYx2K9bglBz419mu4po33uR6SjT7dQZbbL5Erhx+GG3++C64kpV/anv1wg6xGCOL EOpAcShqM21FT2CKqPPRkcjTRgnL43YjE1oZWW5ZKkMYwy4sHoPlSHt5RnwHjZkQEnUD eFonV4TiQu4CJl8043DVaKcwINJAb0Z0P1TceaZDp0OyBmeJ26iaBdpjzQGrpUfdtzsn ccyg==
X-Gm-Message-State: APjAAAWsfycq3EYV1470juhZ83gYcZIW0SjVLRCJR34Sjm+IhyyrvzBo JZuWJ3vhEX5MQVfo6OfZmAqEMuvZ2QR0iltFVso=
X-Google-Smtp-Source: APXvYqx7bLZEHnY2xKSErshNYgq8QcXJxaitb9rHFgEowfV8rm6VTtjGDIVwix0nPaLH/RO8cemmjnPu3z+OFDGq6Gs=
X-Received: by 2002:a2e:9b84:: with SMTP id z4mr48358708lji.75.1564588517084; Wed, 31 Jul 2019 08:55:17 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <AAEA003A-58DB-4FEE-81B2-BBFE9BBB2A37@rfc1035.com> <CAChr6SwA+HM4u5-xpUxQXPH8G8k7sfm6AETJJ019HE=bsq+OXA@mail.gmail.com> <8F094057-DFBC-4732-9DA4-BE46E7914C8A@rfc1035.com> <20190724165951.GB29051@laperouse.bortzmeyer.org> <821B448B-F7EA-46A5-837D-DA0E8C60643A@open-xchange.com> <d653d422-4a71-9fab-fd2e-b8ddaa476f91@nostrum.com> <488E2CE0-73D5-4B9E-A5AD-28FDCB95ED2A@cable.comcast.com> <CABcZeBPdf5Ce0W2y09ff2eF8yL37KLK4uUoeYs=7+YPMEtVnhg@mail.gmail.com> <FB0D3A9A-BE96-45CF-AD0F-E63ADEB7F97A@telefonica.com>
In-Reply-To: <FB0D3A9A-BE96-45CF-AD0F-E63ADEB7F97A@telefonica.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 31 Jul 2019 08:54:39 -0700
Message-ID: <CABcZeBPJWzeVJc3sVTNzM0_+KVj88yHT+cwoUzuoTcxh2utwTA@mail.gmail.com>
To: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
Cc: "Livingood, Jason" <Jason_Livingood@comcast.com>, "add@ietf.org" <add@ietf.org>, Adam Roach <adam@nostrum.com>
Content-Type: multipart/alternative; boundary="000000000000c7df36058efc2662"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/lPI7H5RPnKMybKHO_lcuaAHB_kk>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 15:55:28 -0000

On Wed, Jul 31, 2019 at 8:25 AM Diego R. Lopez <diego.r.lopez@telefonica.com>
wrote:

> On 31/07/2019, 16:25, "Add on behalf of Eric Rescorla" <
> add-bounces@ietf.org on behalf of ekr@rtfm.com> wrote:
>
>
>
>
>
>
>
> On Tue, Jul 30, 2019 at 2:49 PM Livingood, Jason <
> Jason_Livingood@comcast.com> wrote:
>
> On 7/25/19, 10:12 AM, "Add on behalf of Adam Roach" <add-bounces@ietf.org
> on behalf of adam@nostrum.com> wrote:
> > You can see, for example, Cloudflare's associated privacy
>     policy at
> https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/
>
> [JL] This speaks to the DNS query/response. But with DoH, this is
> contained inside of an HTTP envelope, so to speak, which has much more rich
> tracking - noted at https://www.cloudflare.com/privacypolicy/ under
> website visitors (which I presume applies to all HTTP transactions).
>
>
>
> No, this is not our understanding. Rather, the privacy policy for DoH
> covers every aspect of DoH, including the HTTP portion. The Cloudflare
> Privacy Policy is a separate policy for CF websites and does not govern the
> resolver.
>
>
>
>
>
> So the confluence of DNS and HTTP here seems interesting to better
> understand and document as TRR-style policies evolve. Since there is an
> HTTP server involved in DoH, presumably all the normal HTTP log items are
> seen & processed and can be logged, like user agent, cookies, and so on.
>
>
>
> Firefox doesn't send cookies for DoH. We do send User-Agent, and we could
> look at removing that, but given TLS ClientHello fingerprinting, that's
> probably not adding a huge amount of additional information.
>
>
>
> -Ekr
>
>
>
> This implies the combination Firefox/Cloudflare does not pose a
> significant privacy risk. Fair enough. But the general case of
> whatever-the-app using a hardwired DOH resolver remains, much the same as
> the archetypal coffeeshop resolver compared to well-behaved,
> contract-bounded ISPs.
>

This seems to be assuming a number of facts about how ISPs behave that are
not in evidence.

-Ekr


>
> --
>
> "Esta vez no fallaremos, Doctor Infierno"
>
>
>
> Dr Diego R. Lopez
>
> Telefonica I+D
>
> https://www.linkedin.com/in/dr2lopez/
>
>
>
> e-mail: diego.r.lopez@telefonica.com
>
> Tel:         +34 913 129 041
>
> Mobile:  +34 682 051 091
>
> ----------------------------------
>
>
>
>
>
>
> [JL] In addition, I suspect a concern (for the very high scale centralised
> DoH platforms) is not just the per-user privacy policy but also what
> aggregated business intelligence a global scale platform would be able to
> develop (e.g. of a population of 500M users, how many have queried for *.
> netflix.com in the past N hours, by country, ASN, user agent, etc.),
> relative to competitors or potential competitors. So I suspect these
> concerns may arise, at least for platforms of very high scale /
> penetration.
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>
>
> ------------------------------
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
>
> The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo
> da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou
> cópia sem autorização pode estar proibida em virtude da legislação vigente.
> Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique
> imediatamente por esta mesma via e proceda a sua destruição
>

v2.23.0 | Report a Bug | By Email