IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: ADD Requirements Draft

Tommy Pauly <tpauly@apple.com> Thu, 03 September 2020 15:00 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46F7B3A0EF4 for <add@ietfa.amsl.com>; Thu, 3 Sep 2020 08:00:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DjluyRXvugOX for <add@ietfa.amsl.com>; Thu, 3 Sep 2020 08:00:11 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp03.apple.com (ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C32BF3A0ECA for <add@ietf.org>; Thu, 3 Sep 2020 08:00:11 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp03.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp03.apple.com (8.16.0.42/8.16.0.42) with SMTP id 083EwAX9012303; Thu, 3 Sep 2020 08:00:07 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=SSkoju5MoQqluwQ5mS5mfPrWObXqVsty9CS912aEMf0=; b=E8zQ/JuIEnzpMiu6Y0s2F6uFrsNdazGX7Vw6Rf1G5iQq4h5Xx1aHmAqia7tLC6LeFAXp bTjUaGU8DmorWD4WC12IQvrGT5wsLPIsHpJL6dAWMSv+ZhIBngwFBWkBguY6M5Sgbwv3 0iW+jfl97JupltpQQlvKYWZmPSt9cRu+ZiLgIzMrhV7CZEywGc9PLMkQLRjtSLHZFYgi wTgHceBmFknXqg/kf/WCKsk3g8+okHCqHHRcuuZFj3zNH4ewXW0uMWdYNQqXeEhxiDy+ 3EuwW2Wu+qWMAedYyhb3uxWd868j1Z4t3fil2Br2CarhunMAwaNH5rypu8Whk+XsMUdc /A==
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by ma1-aaemail-dr-lapp03.apple.com with ESMTP id 337p0vvkpr-10 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 03 Sep 2020 08:00:07 -0700
Received: from rn-mailsvcp-mmp-lapp03.rno.apple.com (rn-mailsvcp-mmp-lapp03.rno.apple.com [17.179.253.16]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPS id <0QG30004I8C6BAB0@rn-mailsvcp-mta-lapp04.rno.apple.com>; Thu, 03 Sep 2020 08:00:06 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp03.rno.apple.com by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) id <0QG300A0087LF000@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Thu, 03 Sep 2020 08:00:06 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 6a851ae06bdcf8d0a2f580511df70408
X-Va-E-CD: 5b6f69fd9ba8e6ef1b93e6453c4aa22f
X-Va-R-CD: 31826f0992eb3a9728309e2a52dfa6b9
X-Va-CD: 0
X-Va-ID: 2065b8e4-6237-49b3-928f-56de28a8c372
X-V-A:
X-V-T-CD: 6a851ae06bdcf8d0a2f580511df70408
X-V-E-CD: 5b6f69fd9ba8e6ef1b93e6453c4aa22f
X-V-R-CD: 31826f0992eb3a9728309e2a52dfa6b9
X-V-CD: 0
X-V-ID: d39bcfb9-7e1e-4e93-be5b-705514db50bf
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-03_07:2020-09-03, 2020-09-03 signatures=0
Received: from localhost.localdomain (unknown [17.235.45.106]) by rn-mailsvcp-mmp-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPSA id <0QG300VC38C4BX10@rn-mailsvcp-mmp-lapp03.rno.apple.com>; Thu, 03 Sep 2020 08:00:05 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <4A648DCC-3C23-4845-8F2B-673F177EDC62@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_E0590BB9-D46D-454F-8D49-D573AFD314AA"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.0.3.2.26\))
Date: Thu, 03 Sep 2020 08:00:03 -0700
In-reply-to: <CAFpG3geue3Vv+vmWPJSX0Uk7w=o6j56oUfbpNZa6tmDD7Sf9Mw@mail.gmail.com>
Cc: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>, ADD Mailing list <add@ietf.org>, Christopher Wood <caw@heapingbits.net>
To: tirumal reddy <kondtir@gmail.com>
References: <31194C90-6C0B-470C-8B14-79C12D2C5C0D@comcast.com> <CACJ6M14gXmEHc_fX8=GpKwRDn6C=R7LR06JG_Qg-cWR5agU9Hw@mail.gmail.com> <391E15D2-9208-4BA9-B01E-3673982DA6CE@apple.com> <CABcZeBMXvcF6PJWE+EkGVx1c9RXzO1XuB3xhrVKUJvUb=aus8A@mail.gmail.com> <4cd8a8c6-3516-4ad6-877c-9460d8096773@www.fastmail.com> <CAFpG3gfkrKGiuPRH1QvH+-w2H=N1ijtDpk5Oh=D2JOp-L4Q1+w@mail.gmail.com> <CABcZeBNhHcNAkVm=PNUvV8_vGVvDvJbaMVHB_w9zu63+ebQwpQ@mail.gmail.com> <CAFpG3gcAjHkh7boDwLq+sHpGtfB2WT0NbuuFqqBQs2M6BZkAOQ@mail.gmail.com> <CABcZeBMi-B7LKB6ipt6vLSZcF9OMLga8f+qydpZVOhOGQrttuQ@mail.gmail.com> <CAFpG3geQefT0=fN-6UFwDqLLqbb1XthHA=np4HPS2NfSO77csA@mail.gmail.com> <CABcZeBPmfe8Um38xFHoxw+26-YQxFUPN+p4aW9uzbPKGy1xz4g@mail.gmail.com> <CAFpG3gefyTcibzfQ-dzXKv5fKE=vwUktux0dz25wNL7_+tf7MA@mail.gmail.com> <CABcZeBMVcH74RYXZrLRNtHLi-xZgGxRHA2CsH6nbiz+5uGM32g@mail.gmail.com> <DM6PR00MB0783D4A658BE3BA8EBD6533BFA2E1@DM6PR00MB0783.namprd00.prod.outlook.com> <07B4108E-07BC-4755-96FB-31D43DCDC19C@apple.com> <CAFpG3geue3Vv+vmWPJSX0Uk7w=o6j56oUfbpNZa6tmDD7Sf9Mw@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.0.3.2.26)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-03_07:2020-09-03, 2020-09-03 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/wnZLMmxZzm12LFeQHID-j6v7cPc>
Subject: Re: [Add] [EXTERNAL] Re: ADD Requirements Draft
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2020 15:00:14 -0000


> On Sep 3, 2020, at 3:10 AM, tirumal reddy <kondtir@gmail.com> wrote:
> 
> On Wed, 2 Sep 2020 at 01:27, Tommy Pauly <tpauly@apple.com <mailto:tpauly@apple.com>> wrote:
> Agreed. From my perspective as a client vendor, I don’t see a likely path to consuming this kind of policy. This is one of the reasons I’ve argued that we should have in our requirements a limitation that the entity that provides DNS should be one that the client already has a relationship with—we don’t need any new explanation of policy, we’re relying on existing relationships.
> 
> Existing relationships are definitely useful in certain scenarios but not in all. For example:
> 
> a) I don't think it is possible for every ISP and Enterprise network in the world to approach each and every Browser and OS vendor to be pre-configured with network provided encrypted DNS servers. 

It’s not about the relationship of the OS or the browser with the entities that can provide DNS services, it’s the relationship of the *user* with those entities. I do not want to have any pre-configuration for any resolver in my OS.

> 
> b) Secure discovery most likely avoids the need to have the discovered DNS server pre-configured in OS/Browser. However, as we all know secure discovery is not possible in some deployments. If the discovered server is not pre-configured, client/user needs to know the resolver information of the discovered server. In case of insecure discovery, the client should have checks to avoid connecting to an encrypted DNS server hosted by an attacker.

Secure discovery—or at least authenticated discovery over a secure channel—is indeed the right way to do things. We should be designing and standardizing mechanisms that raise the bar for security over the status quo, and ensure that we are not making avenues of attack easier.

Tommy

> 
> Cheers,
> -Tiru
>  
> 
> Thanks,
> Tommy (Pauly)
> 
>> On Sep 1, 2020, at 10:11 AM, Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org <mailto:Jensen.Thomas=40microsoft.com@dmarc.ietf.org>> wrote:
>> 
>> ekr> Taking a step back here: is there any client with significant usage that would be interested in consuming this kind of policy when published by a resolver?
>> 
>> Speaking for myself: no. The user either understands the implications and has pre-configured a resolver of their choice, or they don't and expect DNS to just work. Until DNS server choice is an everyday user concept akin to music streaming app choice (or at least wireless network choice), that will continue to be the case.
>> 
>> Thanks,
>> Tommy
>> 
>> From: Add <add-bounces@ietf.org <mailto:add-bounces@ietf.org>> on behalf of Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>>
>> Sent: Tuesday, September 1, 2020 9:46 AM
>> To: tirumal reddy <kondtir@gmail.com <mailto:kondtir@gmail.com>>
>> Cc: ADD Mailing list <add@ietf.org <mailto:add@ietf.org>>; Christopher Wood <caw@heapingbits.net <mailto:caw@heapingbits.net>>
>> Subject: [EXTERNAL] Re: [Add] ADD Requirements Draft
>>  
>> 
>> 
>> On Tue, Sep 1, 2020 at 4:10 AM tirumal reddy <kondtir@gmail.com <mailto:kondtir@gmail.com>> wrote:
>> Hi Eric,
>> 
>> Please see inline
>> 
>> On Fri, 28 Aug 2020 at 19:08, Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote:
>> 
>> 
>> On Fri, Aug 28, 2020 at 12:35 AM tirumal reddy <kondtir@gmail.com <mailto:kondtir@gmail.com>> wrote:
>> On Thu, 27 Aug 2020 at 18:46, Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote:
>> 
>> 
>> On Wed, Aug 26, 2020 at 10:15 PM tirumal reddy <kondtir@gmail.com <mailto:kondtir@gmail.com>> wrote:
>> Hi Eric,
>> 
>> Please see inline
>> 
>> On Wed, 26 Aug 2020 at 16:50, Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote:
>> 
>> 
>> As I said when you first proposed this in an ADD meeting, I do not believe that anything of this kind is viable.  
>> 
>> 1. Certificates tied to a legal entity have not been effective, which is why browsers are removing EV.
>> 
>> The draft does not propose using EV certificates for encrypted DNS servers, please see https://tools.ietf.org/html/draft-reddy-add-server-policy-selection-05#section-4 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-reddy-add-server-policy-selection-05%23section-4&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215760305&sdata=zwTj9VSEumHDnBDlWRQySYQf2lljLOE7aG%2FcNJKWx%2Bk%3D&reserved=0> for more details. 
>> 
>> It proposes something similar, which I expect to have the same drawbacks.
>> 
>> 
>> 2. There is ample evidence that users do not read privacy policies.
>> 
>> The DNS server privacy statement is much more simpler compared to a typical privacy statement by a 
>> content service provider (see https://tools.ietf.org/html/draft-ietf-dprive-bcp-op-14#section-6 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-dprive-bcp-op-14%23section-6&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215770297&sdata=Aon0Ne%2FXFeIqNAPGMS5g0t%2FpPaqrg9bs3OTDJzK3wn8%3D&reserved=0>). 
>> 
>> I don't think that makes it significantly more likely that people will read it.
>> 
>> 
>> Further, automated analysis of a privacy statement is possible using deep learning (https://pribot.org/files/Polisis_USENIX_Security_Paper.pdf <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpribot.org%2Ffiles%2FPolisis_USENIX_Security_Paper.pdf&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215770297&sdata=btIZBlgmsG2b9zCE6pSjQt7q%2FteV6HVT8fakqd08sWQ%3D&reserved=0>). You can explore polisis and pritbot at https://pribot.org <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpribot.org%2F&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215780290&sdata=DluH1rTl9DL%2Blcmt0nb5jhy9H6i1QyJwGJhBkT3x%2FoM%3D&reserved=0> to explore the analysis of privacy statements by several organizations.. 
>> 
>> I took a quick look at this tool and while it appears to be interesting work, it does not produce output which I think is likely for users to actually assimilate. For instance here is what it does with McAfee's policy:
>> https://pribot.org/polisis/?company_url=mcafee.com&_id=59d8f9c4e3dd0c4e24555c1d&category=first-party-collection-use <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpribot.org%2Fpolisis%2F%3Fcompany_url%3Dmcafee.com%26_id%3D59d8f9c4e3dd0c4e24555c1d%26category%3Dfirst-party-collection-use&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C4f39107a43f8461cc8c808d84e96ac6c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637345757215780290&sdata=gL%2BUOJ3dykOrd316WbZH5HpswalaWAKHscWQspcHM7w%3D&reserved=0>
>> 
>> We've already run this experiment of machine readable privacy policies once with P3P and I don't see a reason to think this will be any different
>> 
>> Taking a step back here: is there any client with significant usage that would be interested in consuming this kind of policy when published by a resolver? If so, I'd like to hear from them about their needs. If not, it doesn't seem worth discussing further.
>> 
>> -Ekr
>> 
>> -- 
>> Add mailing list
>> Add@ietf.org <mailto:Add@ietf.org>
>> https://www.ietf.org/mailman/listinfo/add <https://www.ietf.org/mailman/listinfo/add>

v2.23.0 | Report a Bug | By Email