Re: [Add] meeting hum: should the IETF take up this work?

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 27 July 2019 14:49 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 884BB120018 for <add@ietfa.amsl.com>; Sat, 27 Jul 2019 07:49:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hr30yDSe1dk4 for <add@ietfa.amsl.com>; Sat, 27 Jul 2019 07:49:04 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D30E12000E for <add@ietf.org>; Sat, 27 Jul 2019 07:49:04 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id B1D833818D for <add@ietf.org>; Sat, 27 Jul 2019 10:48:42 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 3F4A25D3 for <add@ietf.org>; Sat, 27 Jul 2019 10:49:02 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: add@ietf.org
In-Reply-To: <CAChr6SwPue5VO8mP1YhZ_5jcbUBuQKK9rWTJsf7bWRpAQN9hGg@mail.gmail.com>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <AAEA003A-58DB-4FEE-81B2-BBFE9BBB2A37@rfc1035.com> <CAChr6SwA+HM4u5-xpUxQXPH8G8k7sfm6AETJJ019HE=bsq+OXA@mail.gmail.com> <8F094057-DFBC-4732-9DA4-BE46E7914C8A@rfc1035.com> <20190724165951.GB29051@laperouse.bortzmeyer.org> <821B448B-F7EA-46A5-837D-DA0E8C60643A@open-xchange.com> <d653d422-4a71-9fab-fd2e-b8ddaa476f91@nostrum.com> <25583.1564181379@dooku.sandelman.ca> <CAHbrMsCd_0xAsFYAVyO=Jo-t_Zw0WE9j=fNphQsAkL-_TwVf1w@mail.gmail.com> <CAChr6SwPue5VO8mP1YhZ_5jcbUBuQKK9rWTJsf7bWRpAQN9hGg@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
X-Attribution: mcr
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Sat, 27 Jul 2019 10:49:02 -0400
Message-ID: <708.1564238942@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/zxLo-SHY06N93OdFoRDQF5CVuH0>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jul 2019 14:49:07 -0000

Rob Sayre <sayrer@gmail.com> wrote:
    >> On Fri, Jul 26, 2019 at 6:49 PM Michael Richardson <mcr+ietf@sandelman.ca>
    >> wrote:
    >> 
    >>> Does Mozilla have a policy/proceedure to vet the privacy policy
    >>> of DoT/DoH providers?  Maybe Mozilla is considering this?
    >>> 
    >> 
    >> Yes, they've published their minimum criteria here:
    >> https://wiki.mozilla.org/Security/DOH-resolver-policy#Privacy_Requirements

Does this result in an explicit pinning/listing of the TRR into a list, or
does it result in a certificate being issued?

    > Without getting into specifics, many ISPs use their DNS traffic as fuel for
    > an ad network and/or sell the data on, and thus wouldn't meet those
    > requirements. Whether that's a good or bad thing is probably outside the
    > already-vague scope of this mailing list.

Agreed, but if the enterprises and others have reasons (malware) to want
their own anchors, the question becomes what do they need to get on the
approved list.

    > That's one reason I don't think the IETF should get involved at the moment,
    > and why terms like "policy" or "operational requirements" can be
    > problematic.

In my mind, the IETF can have a standard way to express the policies of
a given DoH server is, without actually endorsing any specific policy.

-- 
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [