IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00

"Dixon, Hugh" <Hugh.Dixon@sky.uk> Tue, 16 July 2019 11:50 UTC

Return-Path: <Hugh.Dixon@sky.uk>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C8E61200DE for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 04:50:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sky.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g3-U0qTW0dLC for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 04:50:38 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140058.outbound.protection.outlook.com [40.107.14.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A591912004D for <add@ietf.org>; Tue, 16 Jul 2019 04:50:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BrN2/Yv6DBdaHmkxUYw7YGiLCqtv2lrRhAS6LqB2nTHX8Op43ezKzeBPWAacg6YnE++lecY03l/+bqZF4zQPqD/ufIL1sPd6a4ryP89fdN7lQUu2FJ7GCbLkTZTDcAqkKV4oJOBWej/1iv5wAEhTsYqDKfEVJZf5wj4Omv1BykPOfMDa8Wiu8aHG8ssMPWPe6GXKeu0GESKfboecErtg297AVGYu/vEOYXFO/n5wVibUvZ4SUq0LoyX2O1OXX+yilfhHl+B7wj+1JGuxVMO4Kw4KwbekaTN/FhgVtcL7HzR88ERXfvuSrg15O7W37tkk5yXqVJxb4hCDpQF6NCkXKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MJ//613SI+pwd41IUYhtibiZujvlE7e119xUm7hSKpE=; b=GYPbxeXG3DaT7K3L4yed0FD9e9xycZBbgkXX07XrMrpqCxd0wGJQUhfHGswLaxCfVv9l6Si83cHDCbG31oDEFQ70IS3YqN959KByKYdbHZ5SY0KDcQ48dk8nUlW8dSjXaavQXOJCjq3biqpuD3CKusL+JLxsEHEluK8Mn5W7QURRFHWeHYOaSnlj50yYPza7HyONGPeigw8zFtujPSTg+/Uy8g8qU7aWg/lhJdiqVkD8ggIJIC8kItmkG+d2UyY2NWLzxskJPRHrKmV9l7ZICKbpALW3VhIw75cpaBwVw3YQ94wex6bItQZCBXgLOknypiAQyKM9+YUQ+jvw613Aww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=sky.uk;dmarc=pass action=none header.from=sky.uk;dkim=pass header.d=sky.uk;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MJ//613SI+pwd41IUYhtibiZujvlE7e119xUm7hSKpE=; b=iZtUSCeoFHU8ciH4DVHGxL4m7GVb4TcBxN9LcpFklgEAqXDjz0xNeAJd43vNWxQu7uq8x2vKK8JyGx6KqiBw8AoSVtvo/c5m1tyqaFtX+JkWk1sfnHWvRoQhaDOdf3wt9533DS4Y7yE4tP/myfr3stP4rZj7x4Y1jkjl9oJvOcE=
Received: from DB6PR0602MB2805.eurprd06.prod.outlook.com (10.172.248.15) by DB6PR0602MB3320.eurprd06.prod.outlook.com (10.170.212.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.14; Tue, 16 Jul 2019 11:50:35 +0000
Received: from DB6PR0602MB2805.eurprd06.prod.outlook.com ([fe80::251a:5b99:bf14:1921]) by DB6PR0602MB2805.eurprd06.prod.outlook.com ([fe80::251a:5b99:bf14:1921%5]) with mapi id 15.20.2073.012; Tue, 16 Jul 2019 11:50:35 +0000
From: "Dixon, Hugh" <Hugh.Dixon@sky.uk>
To: Alec Muffett <alec.muffett@gmail.com>
CC: "add@ietf.org" <add@ietf.org>
Thread-Topic: [EXTERNAL] Re: [Add] draft-grover-add-policy-detection-00
Thread-Index: AQHVOw9dnoSdkELwNk2T1hCmFh8Zf6bLqU6AgAF0rAD///6PAIAAF3UA
Date: Tue, 16 Jul 2019 11:50:34 +0000
Message-ID: <7938F8BD-8CE4-4DE7-A9E0-74CCDEDA9BDC@sky.uk>
References: <CAChr6SwEUz9MrdRA0bnv9f-oNi0oUHkfRKjd9-o6jwhuckLXdw@mail.gmail.com> <CAFWeb9LNdT=EYVKTsYDxcBCQKoQFNShKotYtWujt4U9GA-V1mg@mail.gmail.com> <CAFWeb9+eWKSKY9O2JLn9-0+Zq7hrD48F-y+Y4T-iRaaF0vtdOA@mail.gmail.com> <A45F4F74-D6C1-435A-A52F-C2DEA82E2999@sky.uk> <CAFWeb9JVBj+Yehup5q4v9X-7XDY+02frd-04AQGL2HoSLON2qA@mail.gmail.com>
In-Reply-To: <CAFWeb9JVBj+Yehup5q4v9X-7XDY+02frd-04AQGL2HoSLON2qA@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1b.0.190708
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hugh.Dixon@sky.uk;
x-originating-ip: [90.216.150.239]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 78649921-ec4d-4118-bc19-08d709e3d023
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DB6PR0602MB3320;
x-ms-traffictypediagnostic: DB6PR0602MB3320:
x-microsoft-antispam-prvs: <DB6PR0602MB3320DA2BBB4EFCD4686A2333E3CE0@DB6PR0602MB3320.eurprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0100732B76
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(376002)(136003)(396003)(366004)(346002)(189003)(199004)(124014002)(256004)(14444005)(64756008)(76116006)(8676002)(66446008)(53936002)(66946007)(5024004)(91956017)(81156014)(6436002)(446003)(6306002)(316002)(81166006)(11346002)(66556008)(58126008)(66476007)(66066001)(76176011)(71190400001)(71200400001)(2616005)(68736007)(54896002)(6486002)(6246003)(236005)(53546011)(3846002)(8936002)(2906002)(36756003)(33656002)(6506007)(6116002)(6512007)(5660300002)(99286004)(7736002)(186003)(102836004)(476003)(25786009)(478600001)(486006)(14454004)(229853002)(26005)(6916009)(86362001)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0602MB3320; H:DB6PR0602MB2805.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
received-spf: None (protection.outlook.com: sky.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: OWU0VC4xJvbg9T69iQHnoIuguoPvJicGu+Fq7e7A1SvD2kJeg89UFMG84D6AF/tPQkG1fGirtovoJN6ssz5AI3cWsiCC8yuHErd/LsCMlykYgYqxQQT4fpdMwOxFMEkn0wvA/Zd0O30tj8TONJ/4uQOndVSGsypo8JjW0MFEOjsYk+OmYGnImBCX2FLpCjXtw/LYxAqGenYg/sUe2GCus8p4UfwVUJhnMIvgdQmV/1opZDEPX6RGrBVM2ZXPhoYVOWt1yFteodOoS8z0UYV07EzAxhun7Si6z9rspzMK2wyrNHKcozYk+J7rGD1i3UFzVZ8EbKXSRj5zZT1kVM9P5mWfPjb7ffjelvVEyRUWHTqghGXyTLoiXkgOMWG+GPAjAtysBa92sg2BnUDd5nOc3+i3kKidc63gQ86x0vnTKus=
Content-Type: multipart/alternative; boundary="_000_7938F8BD8CE44DE7A9E074CCDEDA9BDCskyuk_"
MIME-Version: 1.0
X-OriginatorOrg: sky.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 78649921-ec4d-4118-bc19-08d709e3d023
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2019 11:50:34.8894 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hugh.dixon@sky.uk
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0602MB3320
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/qrQ0HG8MJDDVZU2FVsmb84NHWPs>
Subject: Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 11:50:41 -0000

[gah – can’t get mail client to indent-and-mark quoted content properly..  sorry – using bullets … ]

From: Alec Muffett <alec.muffett@gmail.com>
Date: Tuesday, 16 July 2019 at 12:26
To: "Dixon, Hugh" <Hugh.Dixon@sky.uk>
Cc: "add@ietf.org" <add@ietf.org>
Subject: Re: [EXTERNAL] Re: [Add] draft-grover-add-policy-detection-00

On Tue, 16 Jul 2019, 11:31 Dixon, Hugh, <Hugh.Dixon@sky.uk<mailto:Hugh.Dixon@sky.uk>> wrote:
Hi Alec –
Hi Hugh!

Given that this is at its core (just) a protocol for asking (any) DNS server whether it has a filtering policy, won’t “non-compliant software” will be the sort of software which does not beacon?

·         That's kinda the whole point; the problem is that innocent people might try using Firefox to access Twitter from Turkey during a civil rights crackdown, their Firefox-implementing-this-mechanism will give them away as trying to evade Government blocking of Twitter, and they will end up arrested or worse.
Doesn’t requesting TBD.arpa signal intent-to-comply rather than the other way around?  I don’t quite get the link between “.. their Firefox-implementing-this-mechanism ..” and “..trying to evade .. blocking ..”. At any rate, it’s a draft policy-discovery protocol not an implementation guide, no?


·         Not everyone is in a position to welcome or appreciate upstream DNS filtering "for their own good" - for instance, this example from Turkey:
The proto doesn’t say that – it just drafts a possible mechanism for any DNS resolver to indicate to the caller that there is policy.  Could be for lots of reasons, and users with device/os/app admin intent and rights might well not check it, act on it, not act on it, sometimes act on it/interact with it.



·         It would seem regressive of Mozilla's principles to assist someone getting identified & thrown in jail for non-compliance with repressive blocking; not to mention - to repeat - the other obvious possibility is that any IP address which beacons-out a lookup of TBD.arpa will immediately be blackholed / firewalled, again to dissuade people from fact-checking their government's spokespeople.
I don’t get (see above) why a check for TBD.arpa indicates intent to subvert.  I was thinking [intent to subvert] <=> [not checking TBD.arpa] ..?

H

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD

v2.23.0 | Report a Bug | By Email