IETF Logo Mail Archive

Re: [Add] Fwd: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-00.txt

tirumal reddy <kondtir@gmail.com> Tue, 08 October 2019 15:27 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5FA11200B1 for <add@ietfa.amsl.com>; Tue, 8 Oct 2019 08:27:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pYzQdVjchG2e for <add@ietfa.amsl.com>; Tue, 8 Oct 2019 08:26:58 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEC5C120096 for <add@ietf.org>; Tue, 8 Oct 2019 08:26:57 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id v2so37316894iob.10 for <add@ietf.org>; Tue, 08 Oct 2019 08:26:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+RIo3VDxXjpPIkIeefCOQHurldSenYjymSjTAOwYFMU=; b=CeJkOCGeksB+FuSuA44HQNFNflm7qq2rkm+n8HE33w7flLI83oeGL7bgQ6RKhD4Jti 5KoNN44bXULivvbZAbAp2Z0oX9JUzWGkoaDz5jCOXfQvkgWZwsu8paT6df0aBjCdWCp7 c+89jQ/n+RLejKzCa+ky3EgwDJn8mxFPSx4hwyhCvQgtA/rPAy3fn+oNXBQONtb8evO+ mSDAZhUkjfUYS9+EOLULJ5qENUAzGF6qA5NFXlclmSaftU91nZ8xD+CJhxxYbcQ4Kcpf rmdWO/NB5dqo7B8Ma26qrkzUDfiNW6V0Ue4EtrGLJYZ0aM0YprzNlKevK8tvl5qJJGf1 dxVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+RIo3VDxXjpPIkIeefCOQHurldSenYjymSjTAOwYFMU=; b=KzackobEQHUMzUcdDIjmuVEphts7MKCmAFHvMmgoeB8EokA1Ip8F8aKygcXsnoq914 wvd642EJ1uac+UVdN/jYArAis5cx2sQURIEabAWsNUyBMN4RjKJTFIc1t6EDIw2JO8uP LjzR0SCeoMfkK0AxfsAYM3cSbRWL+SvYct6ofZdb34ljnYlr91aaBW2yDQvtqbDgt4t7 SkbZL7NYHHva39lcVF8y3ku0ApvZr3vkgkz6zXxfHny1/30ItIb4x1csslohcicQf78H ZMZ6W5HZrg9yV5vU5rd1L0ADslOprzy/qkgVxrveISxhlvLGW3n36NJd3AbH1lhvhSw+ W/tw==
X-Gm-Message-State: APjAAAXeChG4Zgzu+3tE04tB8tmpL2uD50vrAmVz3HSwJRqWp2hQUaB6 NJG5YNkcA4p9Fie5bUEQMFRg2CoMp6AeNNrvUWu2Tcl7tjY=
X-Google-Smtp-Source: APXvYqzAQW7LTFPYyeN8INt7qM1Xc2nG6hmRkDTRJLJ9SPi3vHjG7BTUCWKom9wnzFnoIM8ElsAI5lh8R/MeiBDMDk0=
X-Received: by 2002:a05:6638:294:: with SMTP id c20mr32511147jaq.77.1570548417033; Tue, 08 Oct 2019 08:26:57 -0700 (PDT)
MIME-Version: 1.0
References: <157009854908.16293.4269133049514081713.idtracker@ietfa.amsl.com> <CAFpG3gdpYASvfz_ey=fsh6+8LQ11EJGyU-dVxH7_1QmVeiAQKg@mail.gmail.com> <alpine.LRH.2.21.1910051351420.26913@bofh.nohats.ca> <CAFpG3gfLLkdZt-b+r=8RY8a+yoJx2tzQOevnOLkNQSm9g9QuDw@mail.gmail.com> <alpine.LRH.2.21.1910070925260.8046@bofh.nohats.ca>
In-Reply-To: <alpine.LRH.2.21.1910070925260.8046@bofh.nohats.ca>
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 08 Oct 2019 16:26:45 +0100
Message-ID: <CAFpG3ge=zF0W1PzZjc=ysxVzir4tMVa=8ZHs5qyxg4NbE73SPw@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007ff90e059467cc2a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/wCXyJK7cI8h0tQ_LarIVvCuf-H4>
X-Mailman-Approved-At: Wed, 09 Oct 2019 00:36:59 -0700
Subject: Re: [Add] Fwd: New Version Notification for draft-reddy-dprive-dprive-privacy-policy-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Oct 2019 15:27:01 -0000

On Mon, 7 Oct 2019 at 14:32, Paul Wouters <paul@nohats.ca> wrote:

> On Mon, 7 Oct 2019, tirumal reddy wrote:
>
> >       Section 10 Security Considerations describes well why I think this
> is
> >       not a good idea. Publishing a privacy policy in a computer
> consumable
> >       way has no relationship to the actual DNS server's privacy policy
> >       used.
> >
> > No, the privacy policy also conveys a URL that points to the human
> readable privacy policy formation of the DNS
> > server. Public DNS resolvers have published privacy policy statements
> (for example, see
> >
> https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/).
> If a firm violates the privacy
> > claims, it will most likely face penalty (similar to FTC imposing fine
> on facebook).
>
> How and how would any enforcement system work for a variety of DNS
> providers all over the world? ISPs? hotels? coffeeshops? Mobile
> providers? Will there be an industry standard org? How will this
> not devolve into government sanctioned mandatory DNS providers on
> my mobile device?
>

Users may or may not trust the attached network and the DNS server provided
by the network (e.g, a public network). It is similar to the way users
disable VPN in specific trusted networks (e.g., Enterprise network) and VPN
is enabled by default in all other networks.


> >       This is not a technical wire problem to solve with an RFC. It is a
> >       social-economic issue. Can we trust vendor X? And vendor X making
> >       claims in JSON about this isn't useful from a technical point of
> >       view, no matter how or where and with what such statements are
> >       (self)signed.
> >
> > Not really, you probably missed the privacy consideration section. User
> consent is mandatory to use the discovered DoT/DoH
> > servers, the section says the following:
>
> How would that not become another "we use cookies, are you okay" screen
> for which I have no choice but to say "yes"?
>

No. If the privacy requirements of the endpoint are not met, the DNS client
can discard using the discovered DNS server in the attached network, and
connect to a public DNS resolver meeting the endpoint privacy preserving
data policy requirements.

The proposed mechanism also helps the DNS client to automatically learn
updates to the privacy claims by a DNS server and avoids the need for users
to periodically manually review the privacy statement.


>
> >    Users are expected to indicate to their system in some way that they
> >    trust certain PAT signers (e.g., if working for Example, Inc., the
> >    user's system is configured to trust example.com signing the PAT).
>
> How is that done on my iphone? If I install vendor X application, I
> already have to trust them (and google or android, etc). Another screen
> of "terms and services" the enduser is forced to scroll through?
>
> >    Separately, the user is expected to indicate to their system their
> >    PAT privacy requirements (e.g., logging, etc.).  By doing so, thee DNS
> >    client can automatically discover local DNS-over-TLS or DNS-over-
> >    HTTPS server, validate the PAT signature and check if the PAT
> >    complies with user's privacy needs, prior to using that DNS-over-TLS
> >    or DNS-over-HTTPS server for DNS queries.
>
> All of these things come down to one thing. Do you trust the DNS
> provider or not. It's really a binary decision. Dividing this up
> in a dozen options isn't helping the average user.
>

The privacy policy information helps make the decision whether the DNS
provider can be trusted or not.


>
> >       It's a great topic for consumer advocay organisations, the EFF or
> >       ACLU or EU commisioners. I do not think this is a technical problem
> >       needing a technical standard from the IETF. And any automated
> >       consumption of this leading to changed DNS client behaviour would
> >       be dangerous.
>
> I'm still not convinced this statement is wrong. And additionally can
> see some serious harmful effects into mandatory censorship if this kind
> of system becomes mandatory on people's devices.
>

I disagree, the proposal helps the user to choose a DNS server that best
supports the desired privacy policies. DNS clients do not need to fallback
to clear text DNS, and can use the DoT/DoH server provided by the local
network. Further, it also provides a mechanism to securely signal to the
DNS client that the attached network performs DNS filtering.

Cheers,
-Tiru


> Paul
>

v2.23.0 | Report a Bug | By Email