IETF Logo Mail Archive

Re: [Add] Trust and control on the Internet (was Re: fixing coffee shop brokenness with DoH)

Andrew Campling <andrew.campling@419.consulting> Wed, 24 July 2019 17:28 UTC

Return-Path: <andrew.campling@419.consulting>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A8CC12028E for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 10:28:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ODol6RdjoJST for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 10:28:27 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110089.outbound.protection.outlook.com [40.107.11.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81535120112 for <add@ietf.org>; Wed, 24 Jul 2019 10:28:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EVMVKctwMkzQvqYBLUBrUdkqxu/1hYM7VBcgbXnej+Zxx9lPTSG0+j80d+neV8HUjl8cXPmjtM1yXveQkU/KaKr7NqGtMhLwIR+NuzfNNf8D6vB1Ir4fOl/DzOMELq2l3gP8kTax/YmCVKBFsn9yaN54YjoG/EOMl1CmqnmsbYSceEpLZf/zLHyOeXWQx1dZyTqUSGJD0EpHyaxhC/ggUVRn4E6EomlcN/ZCTF8TfkphYKWu3J1dB+do//WjiDLp3ECo+jPX4TUL7EZSDv7rYA/MY9bjGal4sIdZ5+lrUk0kKdszXs5E99m6vvHhSW3wZrgDtAlujGrMRCGux/2NSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rOipAXss9iRqEQuFA4hH4akwgtAB5H6Y2g0NXaKCizc=; b=OhQEWLPIw1v7L5ViJXjN/VKiSEQSMsbaTjdjHHnq4qxYvdkjwoGR5b2TiCBCaIWM0KNZp6NDlcWKOjRl2fEbLhzPg2XKV1ChvATiBHn2bNYBUxRO9HfbWzGDViY22XmJ/ugxL678j80VWFmlKtIHYUmwEelgZHl45o6ZPuRvB4FHHO3AsN4RUEVuTr3CVlcjd1PEhSUGaeTMVqKnH+s/dA8uHGbt39QmG1Wcw5OTrHJSonStZaKyy/MVO4+QUOZVORH1491eSFKqmrEdi6UZziY9TwKSa/e1SiKIvNjACcVLEEp1q2c0F1wgu2hRtGxdAzGJZOJF0AqftbDAiXFYBQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=419.consulting;dmarc=pass action=none header.from=419.consulting;dkim=pass header.d=419.consulting;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rOipAXss9iRqEQuFA4hH4akwgtAB5H6Y2g0NXaKCizc=; b=AxRQQUjvur5FmG2HZPo8qx5pPHsRL4esUP5XuybWKxty8xV57eOgiByWrrnOtdyKMsoGmZxAknVa5w9XD1Oij13GfBf4K/O3s4YFb3/lLNUUMH/ka/yaxNuG6YNLiZ4aRJNHVRG372Hmraty8zX8LCksdHxQr5oQbIp6/F3ZHXs=
Received: from LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM (20.176.138.146) by LO2P265MB1054.GBRP265.PROD.OUTLOOK.COM (20.176.142.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2094.16; Wed, 24 Jul 2019 17:28:24 +0000
Received: from LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM ([fe80::387c:9c12:531b:b7bd]) by LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM ([fe80::387c:9c12:531b:b7bd%3]) with mapi id 15.20.2094.013; Wed, 24 Jul 2019 17:28:24 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: Ted Lemon <mellon@fugue.com>, Vittorio Bertola <vittorio.bertola@open-xchange.com>
CC: "Diego R. Lopez" <diego.r.lopez@telefonica.com>, "add@ietf.org" <add@ietf.org>
Thread-Topic: [Add] Trust and control on the Internet (was Re: fixing coffee shop brokenness with DoH)
Thread-Index: AQHVQjIHD6PaFV1IHkeon9N66zo/yKbZ+cBQ
Date: Wed, 24 Jul 2019 17:28:23 +0000
Message-ID: <LO2P265MB1327525D53227F9DE91EEBADC2C60@LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114E23910C@GAALPA1MSGUSRBF.ITServices.sbc.com> <14DF8769-A817-4C06-9140-80198518244F@akamai.com> <CAChr6SzH1EycAr5n+dK5BQcG=0Zsw66qE=8Rptvq7SEoEvQQ=Q@mail.gmail.com> <E5A0DAE2-A718-41EA-B490-58ABD0F31CF2@rfc1035.com> <CAChr6SzvUZS4Ru_SttiZgWtjwBuLrzc_fdewq9w-Ts+Rq_oNHw@mail.gmail.com> <9E8BD2C4-D750-4B8C-BA34-AC4425F2951D@gmail.com> <CAChr6Szo+1x6BnU2XH2A0o7CTQrQhFVPYezR7KQVLw-nWToULg@mail.gmail.com> <MN2PR21MB12134C6B57220E1B8BF5C811FAC60@MN2PR21MB1213.namprd21.prod.outlook.com> <CABtrr-Ue6rAom3ubJc_tPbn37T8HPGPabzX=CxT9UmiicbUtXQ@mail.gmail.com> <520325278.24189.1563973538937@appsuite-gw1.open-xchange.com> <E957E29E-66A9-4F49-8456-C2BBF9693928@fugue.com> <D36D6250-3B75-433E-B37B-BEC73F7C92DF@telefonica.com> <555968666.24560.1563980206283@appsuite-gw1.open-xchange.com> <B6666564-E91E-40A8-9A5F-3B17F60A480D@fugue.com>
In-Reply-To: <B6666564-E91E-40A8-9A5F-3B17F60A480D@fugue.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=andrew.campling@419.consulting;
x-originating-ip: [2a00:23c4:a499:2e00:556b:1ff3:ab8e:d0bc]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 02e1c3e5-0759-434f-b054-08d7105c54b9
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:LO2P265MB1054;
x-ms-traffictypediagnostic: LO2P265MB1054:
x-microsoft-antispam-prvs: <LO2P265MB1054F355CC811CF394825B98C2C60@LO2P265MB1054.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0108A997B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(376002)(396003)(346002)(39830400003)(366004)(34096005)(199004)(189003)(446003)(14454004)(508600001)(81156014)(486006)(99286004)(6436002)(53936002)(236005)(68736007)(25786009)(8936002)(11346002)(81166006)(476003)(9686003)(54896002)(6306002)(14444005)(790700001)(6116002)(2906002)(55016002)(256004)(44832011)(71200400001)(71190400001)(33656002)(186003)(66946007)(52536014)(4326008)(46003)(76116006)(110136005)(66556008)(66476007)(316002)(64756008)(66446008)(5660300002)(54906003)(76176011)(8676002)(6246003)(86362001)(7736002)(74316002)(53546011)(6506007)(102836004)(7696005)(229853002)(46492003); DIR:OUT; SFP:1101; SCL:1; SRVR:LO2P265MB1054; H:LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: 419.consulting does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: +UNMwjxqJlgcsiqMs6QrkCpb4TEGWHmoQmYzh+7PIoSlDhIs5M8AHglxQwhKG1IxmvCTwEF/SClNAYzgVJCLXkM42ZUTlP0/FeY3DYNwQVQ1BsuJPFuEKJ62pQ6Gw3fVdjACzsv31po0l4I/CLLwlgcxh81V1q5qIzOK56vEQ+ehuZz0tf6vsQY4NvNAehFi8cUkp73ZpJVAWen8igqE+nJa7z5235ACQRit15vn0PblMGNOBi52OcfplRuJVe+VFFsVIvXNmboQ+QYZdXDUCyZGSveyvDa2/+F1aFBQ7/z+do76/jxKXtC/b/S3YA6V1PDbN6vYP7LL3TEI4s3QdFNHDZob5/YW0V6UUYiqHeUt0KAIAdiHpFvBbAm9Q/lqxbLTH40HlsxA6X4DO3ARu3aopX8HaXw6FJtVv7hWl2A=
Content-Type: multipart/alternative; boundary="_000_LO2P265MB1327525D53227F9DE91EEBADC2C60LO2P265MB1327GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-Network-Message-Id: 02e1c3e5-0759-434f-b054-08d7105c54b9
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2019 17:28:23.9376 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: andrew.campling@419.consulting
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P265MB1054
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/9lb0Th3QlCuqT1CpbO2Hc-FDoN0>
Subject: Re: [Add] Trust and control on the Internet (was Re: fixing coffee shop brokenness with DoH)
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 17:28:29 -0000

On Jul 24, 2019, at 4:05 PM, Ted Mellon <mellon@fugue.com<mailto:mellon@fugue.com> > wrote:

>  Vittorio, I think it’s important to make a distinction between “who you might choose to trust” and “who you are forced to trust.”

>  In order to run an app, if the app is able to make https connections, you are forced to trust the app.   This is true whether you are aware that you are trusting it or not, and regardless of your attitude toward your service provider.

Whilst not disputing the logic of being forced to trust the app, experience tells us that we are unwise to do so as there are sadly numerous instances where that trust is betrayed; I note for example the settlement today of the most recent Facebook privacy case in the US.  In a number (most?) cases where trust is betrayed, data monetisation appears to be a motivating factor and we should note that centralisation has the potential to magnify the data monetisation opportunity.

>  This is what I am getting at.   This is completely orthogonal to the question of “whose resolver would I choose to trust?”

>  What DoH does, but what any app can do whether DoH is present or not, is to make it possible to trust someone other than your service provider.  Without some covert channel that the service provider can’t block, the user does not have this choice.

The second sentence in this paragraph is incorrect – there are mechanisms that can provide the user with choice of DNS resolution without being covert, albeit also allowing the service provider to block the mechanism should it choose to do so.

>  But really, the user doesn’t have this choice anyway.   It’s the app that has this choice.   The user may hope that the app does what the user wants, but the user probably can’t validate that leap of faith.

>  We in the IETF do not have the ability to prevent the app from bypassing the ISP’s resolver.   It’s totally pointless to talk about whether or not we should do this.

Whilst the IETF might not have the ability to prevent abuses, I believe that it ought to avoid providing a standardised way of enabling these abuses if at all possible and, as a minimum, should ensure that it also provides mechanisms to allow the user (specifically the device administrator) to express their preferences and communicate those preferences to apps.  Published best practice should be that those preferences are respected by apps in all circumstances except where relevant regulations/legislation makes this impossible to do so legally.


Andrew

v2.23.0 | Report a Bug | By Email