IETF Logo Mail Archive

Re: [Add] ADD Requirements Draft

Eric Rescorla <ekr@rtfm.com> Thu, 03 September 2020 01:24 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EF1D3A07FF for <add@ietfa.amsl.com>; Wed, 2 Sep 2020 18:24:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tfr3afQqyXp8 for <add@ietfa.amsl.com>; Wed, 2 Sep 2020 18:24:22 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C9683A0C3A for <add@ietf.org>; Wed, 2 Sep 2020 18:24:21 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id r13so1527151ljm.0 for <add@ietf.org>; Wed, 02 Sep 2020 18:24:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=d06+PII+Kc9pCKs2d64jaVMwY4xkfkoi9p66dj0KwAA=; b=SK85AuN6DbYnVR1B7NHW49qjRr9IPmcUCnE1APA4pZeltr3OeTcJBImF2L5c7agaKC 59weo+2FjuISTxXiHKsHcoSR9SnBFPO95qpCqQfX0oajjr0FFR/ucFADfTEIchEkKJtI HZ7k083x16X5sHMkZehsgslejkjy2HQ3KxwiGDHLoIwwz0SET19dvSvtsKNz+ZQgLz6D 1So41NohmskQ4g+5mYh0UeQCkzEpxjdDry22jwGfNvfHCGPUy9WdPpO+GJsJopb7R3fg t4xjpJTNsHGZ/KfnkxW0pN9V4oCaNm8UBoJVC1w0FGAkGTPECWwSzUTuDf6yB7serxxK ht8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d06+PII+Kc9pCKs2d64jaVMwY4xkfkoi9p66dj0KwAA=; b=DUgKoPuCpdt38OzYlOgiRBfFkxLuqK+1oy48VHCx7P3u/Tnu+leGfl+u5dMr93AWCj vQgyqJ7sDJ2ejM/iCxb5f5NI/U0HgpABknr3SEd39w0OBu69hO2WfhSSYZcJh5Q7tA0c /iKyfVQ6i33Z7g/Qup0jMMLUN6xfGMBvjTnPwgTIW5mlJaSTgBVeHNyKgew7tPTYHS/J EYgh9rTIO6GKqk9AIHK42SHDSrfpGdMe1IBygIcFIPcFOMi1zLsNKBu+jK9l9DjM7uwA lXaE+BxYdupDA1naX6EKe+6DkrEbyVAwtkk8grvR35Mw4b60bOLaTRcZev6w1uIzP6Km AN5g==
X-Gm-Message-State: AOAM532HUH8C4tsndW9aQ1wn0eNiOypAZYlCRbTvwk6J7TrItW9ISgrr dZe4rXpSP9quB/PnGezJRe7a18ZLi4Gaeu89X2gNHA==
X-Google-Smtp-Source: ABdhPJwbwQJVgFEgflfd9UPHCDT1RXauxo7FkvH1f59BJ0Fa+ko9lkBErGJgJT7QICif510/Om+XHuHjH6+ETYWnp9c=
X-Received: by 2002:a2e:8850:: with SMTP id z16mr330556ljj.184.1599096259517; Wed, 02 Sep 2020 18:24:19 -0700 (PDT)
MIME-Version: 1.0
References: <31194C90-6C0B-470C-8B14-79C12D2C5C0D@comcast.com> <CACJ6M14gXmEHc_fX8=GpKwRDn6C=R7LR06JG_Qg-cWR5agU9Hw@mail.gmail.com> <391E15D2-9208-4BA9-B01E-3673982DA6CE@apple.com> <CABcZeBMXvcF6PJWE+EkGVx1c9RXzO1XuB3xhrVKUJvUb=aus8A@mail.gmail.com> <4cd8a8c6-3516-4ad6-877c-9460d8096773@www.fastmail.com> <CAFpG3gfkrKGiuPRH1QvH+-w2H=N1ijtDpk5Oh=D2JOp-L4Q1+w@mail.gmail.com> <CABcZeBNhHcNAkVm=PNUvV8_vGVvDvJbaMVHB_w9zu63+ebQwpQ@mail.gmail.com> <CAFpG3gcAjHkh7boDwLq+sHpGtfB2WT0NbuuFqqBQs2M6BZkAOQ@mail.gmail.com> <CABcZeBMi-B7LKB6ipt6vLSZcF9OMLga8f+qydpZVOhOGQrttuQ@mail.gmail.com> <CAFpG3geQefT0=fN-6UFwDqLLqbb1XthHA=np4HPS2NfSO77csA@mail.gmail.com> <CABcZeBPmfe8Um38xFHoxw+26-YQxFUPN+p4aW9uzbPKGy1xz4g@mail.gmail.com> <CAFpG3gefyTcibzfQ-dzXKv5fKE=vwUktux0dz25wNL7_+tf7MA@mail.gmail.com> <CABcZeBMVcH74RYXZrLRNtHLi-xZgGxRHA2CsH6nbiz+5uGM32g@mail.gmail.com> <CAFpG3gcJeXyuJ4n8N6wyDvVJGkO1toVC4hUXjL6ACWg+sent+w@mail.gmail.com>
In-Reply-To: <CAFpG3gcJeXyuJ4n8N6wyDvVJGkO1toVC4hUXjL6ACWg+sent+w@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 02 Sep 2020 18:23:42 -0700
Message-ID: <CABcZeBNS7EEw+zX-rgOJpiBbqw6jn80uXSR60Mj-oCRwEnTAjQ@mail.gmail.com>
To: tirumal reddy <kondtir@gmail.com>
Cc: Christopher Wood <caw@heapingbits.net>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000082b1b305ae5e9cc9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/niowDsvABtXG0ie3q-XF2paBmNQ>
Subject: Re: [Add] ADD Requirements Draft
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2020 01:24:25 -0000

Tirumal,

I think this conversation has gone beyond the point where it is productive.

I do not believe that users are going to be able to meaningfully consume
either real world identity information ("This is run by company X") or
privacy policy information about resolvers. We've tried that in several
other domains and it hasn't worked, and I don't think going through why in
a lot of detail is going to illuminate the situation here. But more to the
point, I think you're hearing that client vendors aren't interested, so
standardizing this would not help. If you want to continue to propose this,
I suggest that you find some set of clients which would consume it, at
which point a discussion of the merits of this idea will be more useful.

-Ekr



On Wed, Sep 2, 2020 at 5:32 AM tirumal reddy <kondtir@gmail.com> wrote:

> Please see inline
>
> On Tue, 1 Sep 2020 at 22:16, Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>>
>> On Tue, Sep 1, 2020 at 4:10 AM tirumal reddy <kondtir@gmail.com> wrote:
>>
>>> Hi Eric,
>>>
>>> Please see inline
>>>
>>> On Fri, 28 Aug 2020 at 19:08, Eric Rescorla <ekr@rtfm.com> wrote:
>>>
>>>>
>>>>
>>>> On Fri, Aug 28, 2020 at 12:35 AM tirumal reddy <kondtir@gmail.com>
>>>> wrote:
>>>>
>>>>> On Thu, 27 Aug 2020 at 18:46, Eric Rescorla <ekr@rtfm.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Aug 26, 2020 at 10:15 PM tirumal reddy <kondtir@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Eric,
>>>>>>>
>>>>>>> Please see inline
>>>>>>>
>>>>>>> On Wed, 26 Aug 2020 at 16:50, Eric Rescorla <ekr@rtfm.com> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> As I said when you first proposed this in an ADD meeting, I do not
>>>> believe that anything of this kind is viable.
>>>>
>>>
>>>> 1. Certificates tied to a legal entity have not been effective, which
>>>> is why browsers are removing EV.
>>>>
>>>
>>> The draft does not propose using EV certificates for encrypted DNS
>>> servers, please see
>>> https://tools.ietf.org/html/draft-reddy-add-server-policy-selection-05#section-4 for
>>> more details.
>>>
>>
>> It proposes something similar, which I expect to have the same drawbacks.
>>
>
> Can you please explain the drawbacks for further discussion ?
>
>
>>
>>
>> 2. There is ample evidence that users do not read privacy policies.
>>>>
>>>
>>> The DNS server privacy statement is much more simpler compared to a
>>> typical privacy statement by a
>>> content service provider (see
>>> https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-14#section-6).
>>>
>>
>> I don't think that makes it significantly more likely that people will
>> read it.
>>
>
> It varies from person to person. People may not read the privacy
> statements because they visit several domains in a day. The DNS operators a
> user will use will be very few, for example an user may want to use a
> discovered resolver in selected networks like Enterprise or Home network.
> Further, encrypted DNS resolver publishing the privacy statement URL is a
> best practise similar to the way OS mandating apps to publish privacy
> policy.
>
>
>>
>>
>> Further, automated analysis of a privacy statement is possible using deep
>>> learning (https://pribot.org/files/Polisis_USENIX_Security_Paper.pdf).
>>> You can explore polisis and pritbot at https://pribot.org to explore
>>> the analysis of privacy statements by several organizations..
>>>
>>
>> I took a quick look at this tool and while it appears to be interesting
>> work, it does not produce output which I think is likely for users to
>> actually assimilate. For instance here is what it does with McAfee's policy:
>>
>> https://pribot.org/polisis/?company_url=mcafee.com&_id=59d8f9c4e3dd0c4e24555c1d&category=first-party-collection-use
>>
>
> The summary page is quite easy for end users to review the
> positives/negatives to watch out for and it also highlights the relevant
> text in a large privacy document (see
> https://pribot.org/polisis/?company_url=http%3A%2F%2Fmcafee.com&_id=59d8f9c4e3dd0c4e24555c1d&category=assessment).
> The DNS server privacy statement is much more simpler compared to a typical
> privacy statement for deep learning to identify if the server is
> privacy-friendly.
>
>
>>
>> We've already run this experiment of machine readable privacy policies
>> once with P3P and I don't see a reason to think this will be any different
>>
>
> No, the draft does not discuss any machine readable privacy policies other
> than conveying the privacy statement URL.
>
>
>>
>> Taking a step back here: is there any client with significant usage that
>> would be interested in consuming this kind of policy when published by a
>> resolver? If so, I'd like to hear from them about their needs. If not, it
>> doesn't seem worth discussing further.
>>
>
> The draft only discusses conveying resolver information and does not
> discuss any machine parsable privacy policy.
>
> -Tiru
>
>
>>
>> -Ekr
>>
>>

v2.23.0 | Report a Bug | By Email