IETF Logo Mail Archive

Re: [dns-privacy] Datatracker State Update Notice: <draft-ietf-dprive-rfc7626-bis-04.txt>

Vittorio Bertola <vittorio.bertola@open-xchange.com> Wed, 13 May 2020 10:27 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAE1B3A102D; Wed, 13 May 2020 03:27:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LapUFPKk4YLL; Wed, 13 May 2020 03:27:25 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5307A3A1008; Wed, 13 May 2020 03:27:25 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx4.open-xchange.com (Postfix) with ESMTPS id 03C246A30A; Wed, 13 May 2020 12:27:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1589365643; bh=njb+V/TcsOnO/cxtV4KXqnl/8YtREIb1FihfCXINcfk=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=kyO0DU1F6bMT+fek9dF+9vdsLmabc1wwuMfgq22edIuucUwMUHcutIWk8IMtNtwik u2LZhUQ5vv1E6iyn262ZxSF9+0pBT8w8SKbmGQMspzzxcgsunSxPybE8bbwe/93S2g WhNw2HJDgOR2AOJmzrSniWuUGmqJBCwRkykpGjc86dF2Hhd1b9PfVVje/3R5t/EEsx 0eidEdVK8JDnGhVY6zIGgr9b96xquE6ukAvwFZqbmYFnyoP9qL8WFqcwdlbuAH/0p2 c/lf/b0QOD8tqJDya0D7bSp70bJDSlGloB8Ajy54mMyXf1A7tVjkAvCceSmRumi99P R6lhIhlsOQO9A==
Received: from appsuite-gw2.open-xchange.com (appsuite-gw2.open-xchange.com [10.20.28.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id E79EF3C00A6; Wed, 13 May 2020 12:27:22 +0200 (CEST)
Date: Wed, 13 May 2020 12:27:22 +0200
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>, "draft-ietf-dprive-rfc7626-bis@ietf.org" <draft-ietf-dprive-rfc7626-bis@ietf.org>, "dprive-chairs@ietf.org" <dprive-chairs@ietf.org>
Message-ID: <1724219952.33277.1589365642855@appsuite-gw2.open-xchange.com>
In-Reply-To: <20200512151805.GA13200@sources.org>
References: <CABcZeBPP6J=a=hW6BLcMnKawupa3RjjpYAzgZ317=ryLy39n+A@mail.gmail.com> <8CEFE3CB-A88C-4BBC-95B8-9850142DB5EE@sinodun.com> <CABcZeBPF41eq-HYXdYScx7bqYyUO7-oH6zWKqj7Ka23u8x_E4A@mail.gmail.com> <ACA9854E-00B7-4776-A850-E5069C672121@cisco.com> <CABcZeBOxN7iNTLFUw7JDc4ZGH_u4awys3g52de29CuOyQv2JUQ@mail.gmail.com> <C8B168D0-F719-405F-892F-14573A7C568D@sinodun.com> <CABcZeBPGAgqSPKWXKaL6kK5CYzgK+RmwFrMwhc6ED7aGnV_ayA@mail.gmail.com> <8AB227E2-F968-47C4-9EB6-40A988263892@sinodun.com> <4fc44293-cdd9-24b7-cf26-1451a3652f73@huitema.net> <541315765.30668.1589285684382@appsuite-gw2.open-xchange.com> <20200512151805.GA13200@sources.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.3-Rev8
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Hgn-Rs-GnSZV_3ZioPoAPGHE-P4>
Subject: Re: [dns-privacy] Datatracker State Update Notice: <draft-ietf-dprive-rfc7626-bis-04.txt>
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 10:27:28 -0000


> Il 12/05/2020 17:18 Stephane Bortzmeyer <bortzmeyer@nic.fr> ha scritto:
> 
> Yes, and I think I know now the root of the problem. 7626bis tries to
> go too far and, instead of discussing the DNS protocol and its privacy
> issues, now goes into end hosts and discuss what is done inside the
> machine, and what should be done. This is certainy interesting, and it
> certainly has consequences on privacy, user control, etc but:
> 
> 1) It is a bit outside IETF's domain, since it is not inside the
> network,

I disagree. There are IETF documents that provide policy-level analysis of complex technical issues and do so throughout the entire network architecture, both in terms of layers and in terms of hosts. For example, RFC 7754 has an entire section devoted to what happens within the endpoints and within applications that run on them.

Also, RFC 6973, which is the document that this draft tries to apply, has an entire section of the guidelines (7.2) that instructs to discuss issues of user control, which is what 6.1.1.2 deals with. Actually, the first point of the section is:

      "What controls or consent mechanisms does the
       protocol define or require before personal data or identifiers
       are shared or exposed via the protocol?  If no such mechanisms or
       controls are specified, is it expected that control and consent
       will be handled outside of the protocol?"

There even is an explicit reference to discussing how control and consent is handled outside of the protocol.

> 2) There is clearly no consensus inside IETF about it.

This is a different matter. However, there is also no consensus on dropping this part - certainly I would not agree. It does not make sense to have a "DNS Privacy Considerations" document that ignores parts of the problem. These issues are so interlinked that there is no clear single "more privacy" switch. Each of the technical solutions, both within the protocol and within its clients, could provide more or less privacy depending on a number of other considerations, some of which are not about technical protocol design but are nonetheless relevant. Either you analyze them in full, or the analysis is going to be incorrect and misleading.

> My personal opinion is now that the best way out of the problem is to
> drop discussions about internal (to the end host) issues.

Again, I disagree. The solution is to find reasonable compromise text that can be acceptable for all while not making anyone really happy. What was in the last draft seemed to me quite near to that goal.

-- 
 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy

v2.23.0 | Report a Bug | By Email