IETF Logo Mail Archive

Re: [Add] meeting hum: should the IETF take up this work?

Eric Orth <ericorth@google.com> Wed, 31 July 2019 15:58 UTC

Return-Path: <ericorth@google.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCAD21202B8 for <add@ietfa.amsl.com>; Wed, 31 Jul 2019 08:58:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oYHGCWHq9Mto for <add@ietfa.amsl.com>; Wed, 31 Jul 2019 08:58:57 -0700 (PDT)
Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B66F31202B5 for <add@ietf.org>; Wed, 31 Jul 2019 08:58:56 -0700 (PDT)
Received: by mail-wm1-x335.google.com with SMTP id g67so56208305wme.1 for <add@ietf.org>; Wed, 31 Jul 2019 08:58:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wc6DjdMhYtIkpeeS0lgmVVamzn5Yy5hLbsRhnE5KxzY=; b=Xu3lH2C6qCYflsz7DLar0mY78mf+ivJYIGM96i9iFQ8ZOOCmkI7sGnS5872d1a9T1L rY9gVntOUjzWp2+7p0d5hk+b0lZzE6uqBw7Q3Tq812sU/I3Ehs4B7SFjIHCIqUMpDaVE 4I2YNNmvlPhJ+D4oBlt6s+miKpFeA9lozFuVRZsMDru9XXyKNWdxGHvx3cNHT2iIodF1 FRjPUL6ZYjp5AK5axv/P5ZVr1yogwr9Ev2X+LXGiLpN7DWCis/1HYRHvUYvCeS7bmxPQ RTvBjQueNEYePGVDpHflG8hSbloAaecPPzjlNxbnnsy3Zllt4o4NsUnZf0GrboSmwbaK HEWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wc6DjdMhYtIkpeeS0lgmVVamzn5Yy5hLbsRhnE5KxzY=; b=CSvXEdhWB7vIzR367Afx6AJndvxTYhFqKA5Y+t1MSOF8Splj0kQmtBKwItGMFfL7UN 8zRM9IbpNAGygWVYTd5pOd5uLk9OANXTQUVrPDA8CI5WFT+bsPSTMOgIUm52HOW76NEy BEwWVG0cLGKOpnJW5DqeTUExFmpYjMLqp+NRYTGLonbouPHo6Tspi4aFPKDjtG4ocoXM ZIEan/vG72GUkbtZ48CN64BPdGiJj1OgYMn9dCNS7ysIFISDNLOsK9Qiv9iZht4MLd6o W7SNFsW6WSuBqbhwO9O6zDo4GrfypBsJFbNn7UuNTswhi8j8rd9e4JfUSVhM/M/BKNav QWyQ==
X-Gm-Message-State: APjAAAVLExd+xyK1B/AWAuwOtZRtzeoxvn1Y0xpYWqJZqTHyLmjlpcKc cbZXywSc+po6mmrQ5unhMJgHQ9dwKICdykdMd341ew==
X-Google-Smtp-Source: APXvYqxSOuH0OiZ6NGmvj7ogey2je+0O8ltmlHlRUeNix3fxSL+T5dnvYYalzhpT6iT1fbc7nzZXwPgCmagJLubcit4=
X-Received: by 2002:a7b:c106:: with SMTP id w6mr117476037wmi.80.1564588734826; Wed, 31 Jul 2019 08:58:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <AAEA003A-58DB-4FEE-81B2-BBFE9BBB2A37@rfc1035.com> <CAChr6SwA+HM4u5-xpUxQXPH8G8k7sfm6AETJJ019HE=bsq+OXA@mail.gmail.com> <8F094057-DFBC-4732-9DA4-BE46E7914C8A@rfc1035.com> <20190724165951.GB29051@laperouse.bortzmeyer.org> <821B448B-F7EA-46A5-837D-DA0E8C60643A@open-xchange.com> <d653d422-4a71-9fab-fd2e-b8ddaa476f91@nostrum.com> <488E2CE0-73D5-4B9E-A5AD-28FDCB95ED2A@cable.comcast.com> <CABcZeBPdf5Ce0W2y09ff2eF8yL37KLK4uUoeYs=7+YPMEtVnhg@mail.gmail.com> <FB0D3A9A-BE96-45CF-AD0F-E63ADEB7F97A@telefonica.com>
In-Reply-To: <FB0D3A9A-BE96-45CF-AD0F-E63ADEB7F97A@telefonica.com>
From: Eric Orth <ericorth@google.com>
Date: Wed, 31 Jul 2019 11:58:42 -0400
Message-ID: <CAMOjQcE1QyXLm0Jc9nE7V0Z=MESpLdcgptHwLAAYfU6BOdAt8Q@mail.gmail.com>
To: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
Cc: Eric Rescorla <ekr@rtfm.com>, "Livingood, Jason" <Jason_Livingood@comcast.com>, "add@ietf.org" <add@ietf.org>, Adam Roach <adam@nostrum.com>
Content-Type: multipart/alternative; boundary="000000000000c2d0de058efc3373"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/xyVUOkw1bbCiuXsB_FFzcNtQKiw>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 15:59:00 -0000

On Wed, Jul 31, 2019 at 11:26 AM Diego R. Lopez <
diego.r.lopez@telefonica.com> wrote:

> On 31/07/2019, 16:25, "Add on behalf of Eric Rescorla" <
> add-bounces@ietf.org on behalf of ekr@rtfm.com> wrote:
>
>
>
>
>
>
>
> On Tue, Jul 30, 2019 at 2:49 PM Livingood, Jason <
> Jason_Livingood@comcast.com> wrote:
>
> On 7/25/19, 10:12 AM, "Add on behalf of Adam Roach" <add-bounces@ietf.org
> on behalf of adam@nostrum.com> wrote:
> > You can see, for example, Cloudflare's associated privacy
>     policy at
> https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/firefox/
>
> [JL] This speaks to the DNS query/response. But with DoH, this is
> contained inside of an HTTP envelope, so to speak, which has much more rich
> tracking - noted at https://www.cloudflare.com/privacypolicy/ under
> website visitors (which I presume applies to all HTTP transactions).
>
>
>
> No, this is not our understanding. Rather, the privacy policy for DoH
> covers every aspect of DoH, including the HTTP portion. The Cloudflare
> Privacy Policy is a separate policy for CF websites and does not govern the
> resolver.
>
>
>
>
>
> So the confluence of DNS and HTTP here seems interesting to better
> understand and document as TRR-style policies evolve. Since there is an
> HTTP server involved in DoH, presumably all the normal HTTP log items are
> seen & processed and can be logged, like user agent, cookies, and so on.
>
>
>
> Firefox doesn't send cookies for DoH. We do send User-Agent, and we could
> look at removing that, but given TLS ClientHello fingerprinting, that's
> probably not adding a huge amount of additional information.
>

Chrome has similar behavior.  DoH requests do not send or accept cookies
and are blocked from sharing sockets/connections/etc with any requests that
do.  Recent work has also minimized other standard headers, eg setting
user-agent to simply "Chrome" and accept-language to "*".

Similar privacy mitigations and considerations for DoH/DoT/etc may be
useful to document in an Informational or BCP.  Best if applications
implementing these protocols make informed decisions around privacy
practices.


>
>
> -Ekr
>
>
>
> This implies the combination Firefox/Cloudflare does not pose a
> significant privacy risk. Fair enough. But the general case of
> whatever-the-app using a hardwired DOH resolver remains, much the same as
> the archetypal coffeeshop resolver compared to well-behaved,
> contract-bounded ISPs.
>
>
>
> --
>
> "Esta vez no fallaremos, Doctor Infierno"
>
>
>
> Dr Diego R. Lopez
>
> Telefonica I+D
>
> https://www.linkedin.com/in/dr2lopez/
>
>
>
> e-mail: diego.r.lopez@telefonica.com
>
> Tel:         +34 913 129 041
>
> Mobile:  +34 682 051 091
>
> ----------------------------------
>
>
>
>
>
>
> [JL] In addition, I suspect a concern (for the very high scale centralised
> DoH platforms) is not just the per-user privacy policy but also what
> aggregated business intelligence a global scale platform would be able to
> develop (e.g. of a population of 500M users, how many have queried for *.
> netflix.com in the past N hours, by country, ASN, user agent, etc.),
> relative to competitors or potential competitors. So I suspect these
> concerns may arise, at least for platforms of very high scale /
> penetration.
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>
>
> ------------------------------
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
>
> The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo
> da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou
> cópia sem autorização pode estar proibida em virtude da legislação vigente.
> Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique
> imediatamente por esta mesma via e proceda a sua destruição
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email