Re: [Add] meeting hum: should the IETF take up this work?

Adam Roach <> Thu, 25 July 2019 15:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 72341120183 for <>; Thu, 25 Jul 2019 08:28:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.968
X-Spam-Status: No, score=-1.968 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id S5T6Fr2uMWae for <>; Thu, 25 Jul 2019 08:28:20 -0700 (PDT)
Received: from ( [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0B19F1200EC for <>; Thu, 25 Jul 2019 08:28:11 -0700 (PDT)
Received: from Orochi.local ([]) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id x6PFS7Jt063539 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 25 Jul 2019 10:28:09 -0500 (CDT) (envelope-from
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=default; t=1564068490; bh=vpOcr++tmhleGWFhmourdgeA3dHRvqEH53hKLezSu9w=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=WipdPzJaLQMeyQ+l7caDuy6PZx3ochmCvIw8B7um3h50hC3nUuIGY4K0R6UNheHh+ tkmmy3l8abnI98kskgUa/itETMwEt68tA0rIoaEFT9Gnpd6oChUL6uapqj76AeH7KW grRZH1cmZv+jo3sRx76BakR031akJAe1Elr/FXLM=
X-Authentication-Warning: Host [] claimed to be Orochi.local
To: Vittorio Bertola <>
References: <> <> <> <> <> <> <> <>
From: Adam Roach <>
Message-ID: <>
Date: Thu, 25 Jul 2019 11:28:07 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------644F36481A635CF5C0879584"
Content-Language: en-US
Archived-At: <>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Jul 2019 15:28:25 -0000

On 7/25/19 10:51, Vittorio Bertola wrote:
>> Il 25 luglio 2019 16:11 Adam Roach <> ha scritto:
>> I'm going to pre-reply to a frequent response that the lack of direct
>> contractual relationship between users and Cloudflare is problematic.
>> Even if you don't trust Mozilla's contractual agreement with Cloudflare
>> to provide protection here, I would think that FTC v. Facebook (2019)
>> [1] should serve as a pretty vivid illustration of what happens when a
>> US company operates outside its published privacy policy.
> However, privacy policies by private companies can be overridden by laws and other juridical instruments within the applicable jurisdiction, forcing the operator to give access to data to national law enforcement and security agencies (in the US, that is especially easy for non-US citizens). Same for other parts of your TRR clauses - you may commit not to block anything, but if President Trump shows up with an order that requires blocking DNS resolution for the domain name of a specific foreign company (a case that, honestly, does not seem so unlikely), you will be forced to implement it no matter what you think.
> This is not meant to challenge your commitment to privacy, but it's just how it is, and it is the reason why people in other parts of the world - even the privacy activists that dislike their local network and would love to get an alternative - are not too happy with your declared approach of redirecting queries by default to a different jurisdiction that, in their view, offers less privacy protection than their own.
Sure. That's a different objection than the surveillance capitalism 
concern that I was responding to, and I'm not sure there's *any* 
jurisdiction on the planet that is immune from such concerns [1] [2] [3] 

In terms of worries about queries from citizens of EU countries being 
sent to servers that are subject to US jurisdiction: we don't have 
immediate plans to implement DNS-over-HTTPS (DoH) in Firefox outside of 
North America. We are currently exploring potential DoH partners in 
Europe that would be employed for the benefit of European users.

/a ____ [1]