IETF Logo Mail Archive

Re: [dns-privacy] Fwd: New Version Notification for draft-dickinson-dprive-bcp-op-00.txt

Puneet Sood <puneets@google.com> Wed, 18 July 2018 02:17 UTC

Return-Path: <puneets@google.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67D99130EDD for <dns-privacy@ietfa.amsl.com>; Tue, 17 Jul 2018 19:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.51
X-Spam-Level:
X-Spam-Status: No, score=-17.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ac-QXWYrzr1O for <dns-privacy@ietfa.amsl.com>; Tue, 17 Jul 2018 19:17:19 -0700 (PDT)
Received: from mail-ua0-x243.google.com (mail-ua0-x243.google.com [IPv6:2607:f8b0:400c:c08::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F040130E7B for <dns-privacy@ietf.org>; Tue, 17 Jul 2018 19:17:19 -0700 (PDT)
Received: by mail-ua0-x243.google.com with SMTP id q12-v6so1971962ual.2 for <dns-privacy@ietf.org>; Tue, 17 Jul 2018 19:17:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ltUb/lHuu8ZAPXZ/lK7E9mLZQx/2Rg5DtAT8OAH+bNY=; b=tLc4OtITz5gaTHncUfIJBQcTRTp3tsArcSONhesZoGEYyGXnrfTWLGsMCi3bT+MJpV AbfDSV5Atcp/29/ZDPKfijMKqgppGhJ84snMnP0BNXo4VQeXJYSsf3fWVqaeQGGq7Jw8 HFyKnbLzmnG88rhLUwX5jUovhjJZTNdC03tmlTi10fPPddSle/zMdaWDH4rBoGtnlWAV Tm1spjJNBOaf3FC/dDmUloqaNmXcrHrwELmeWzwAOmz/7KWfReZ6dyDHLgp+ftSRiL+E 2rRSXZufpwrAdUYDY0fkRceQqihtlecKnKgp4i+ouzchpn7HC923hjSGLozbjAdeUqy4 f3vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ltUb/lHuu8ZAPXZ/lK7E9mLZQx/2Rg5DtAT8OAH+bNY=; b=dUmNFKObYZWzM8U05y4oneNW9V5zDMycSA+IOgpHKswcaj3I9BCIuyDtJXLtVu9jP1 oDNT43EqfssFmAeDgqZ/c2c3GvbpCjBpBP2RYHEA85mHKkKA/5ephcAyMjfQu9u4YO1t EoTb9j6qN3JySDxWy2hWr5ytVUDuQ8CfFS5nqQsW5SQ6S2nItU8S/NAuje84CvbgV2CS fJtNfrXrA2sZCovetGhVXbchfyHDxERS7GtL1rv2QStZniha9Nftf6xCLGD8egFioWDx BUzHqPs1u6Ic1VIO/TX/vkyz5CYm39kcGI3q9XIm1e20f8g6Z3FAwOrWOcLoSQCUfLeV 0XQg==
X-Gm-Message-State: AOUpUlFPZLB3AVLXHcH2UGXW3M76diw/6uxUYiVUc5r9ACpp0tqMbtRt gCb2EgE1IUwrDzCsKPMfXdULwuDppjlYuLWCjOC0BqRo
X-Google-Smtp-Source: AAOMgpf3z19jxwSsZ+VHaWsKAWCpvaqA9+8HzQ22HiiUZmS8js5uU4GL5+ygxrrMbtoqgmDEFDQa6rjsYGw2fPpC0NE=
X-Received: by 2002:ab0:4e9d:: with SMTP id l29-v6mr2842409uah.126.1531880238121; Tue, 17 Jul 2018 19:17:18 -0700 (PDT)
MIME-Version: 1.0
References: <153055267381.16329.4426903227293791899.idtracker@ietfa.amsl.com> <E149DE2F-222A-4CE8-914A-D1ACB7FF5280@sinodun.com>
In-Reply-To: <E149DE2F-222A-4CE8-914A-D1ACB7FF5280@sinodun.com>
From: Puneet Sood <puneets@google.com>
Date: Tue, 17 Jul 2018 22:17:10 -0400
Message-ID: <CA+9_gVtjeOFvYSdo4yCRFFuR-M5fx09ZPC7Sv7rGjJJePF4xfw@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: dns-privacy@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/RHwTLkrFGLbmwL8XUkd2RI4FOt4>
Subject: Re: [dns-privacy] Fwd: New Version Notification for draft-dickinson-dprive-bcp-op-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 02:17:23 -0000

** Comments
* Section 5.3.1
> If operators do offer a service that sends the ECS options upstream
>   they should use the shortest prefix that is operationally feasible
>   (NOTE: the authors believe they will be able to add a reference for
>   advice here soon) and ideally use a policy of whitelisting upstream
>   servers to send ECS to in order to minimize data leakage.  Operators
>   should make clear in any policy statement what prefix length they
>   actually send and the specific policy used.
Whitelisting instead of automatically detecting ECS on authoritative
servers has much more overhead.

* Section 6.2.5. Comparison
For the comparison tables [8, 9] on github, I will discuss with you
directly about Google Public DNS.

** Minor Comments

* Section 5.2.1
> Data access should be minimized to only those personal who require
>       access to perform operational duties.
personal -> personnel

* Section 5.3.2
> At the time of writing there are no standardized or widely recognized
>    techniques to preform such obfuscation or bulk pre-fetches.
preform -> perform

On Mon, Jul 2, 2018 at 1:59 PM Sara Dickinson <sara@sinodun.com> wrote:
>
> Hi All,
>
> An update to draft-dickinson-bcp-op (with a minor name change generating a -00 version) is now available.
>
> The major differences to draft-dickinson-bcp-op-00 are :
>
> * Reworked the Terminology, Introduction and Scope
> * Added Document section
> * Reworked the Recommendations section to describe threat mitigations, optimizations and other options.
> * Split the recommendations up into 3 subsections: on the wire, at rest and upstream
> * Added much more information on data handling and IP address pseudonymization and anonymization
> * Added more details and comparison of some existing policy/privacy policies
> * Applied virtually all of Amelia Andersdotter's suggested changes.
>
> When re-writing this draft in terms of privacy threats and mitigations it became clear that a ‘bis' to RFC7626 that included threat assessments from all the privacy related work that has happened since it was written (e.g. DNS-over-TLS) would be very helpful. That bis document is also now available (see below) and going forward the hope is the these two will be companion documents with RFC7626-bis describing the threats and the BCP describing the mitigations.
>
> When reviewing, please note that due to time constraints I haven’t managed to get the cross references to the very latest draft versions updated in the documents, but will do so when draft submission re-opens.
>
> Best regards
>
> Sara.
>
>
> Begin forwarded message:
>
> From: internet-drafts@ietf.org
> Subject: New Version Notification for draft-dickinson-dprive-bcp-op-00.txt
> Date: 2 July 2018 at 18:31:13 BST
> To: "Sara Dickinson" <sara@sinodun.com>, "Benno J. Overeinder" <benno@nlnetlabs.nl>, "Benno Overeinder" <benno@NLnetLabs.nl>, "Allison Mankin" <allison.mankin@gmail.com>, "Roland M. van Rijswijk-Deij" <roland.vanrijswijk@surfnet.nl>, "Roland van Rijswijk-Deij" <roland.vanrijswijk@surfnet.nl>
>
>
> A new version of I-D, draft-dickinson-dprive-bcp-op-00.txt
> has been successfully submitted by Sara Dickinson and posted to the
> IETF repository.
>
> Name: draft-dickinson-dprive-bcp-op
> Revision: 00
> Title: Recommendations for DNS Privacy Service Operators
> Document date: 2018-07-02
> Group: Individual Submission
> Pages: 32
> URL:            https://www.ietf.org/internet-drafts/draft-dickinson-dprive-bcp-op-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-dickinson-dprive-bcp-op/
> Htmlized:       https://tools.ietf.org/html/draft-dickinson-dprive-bcp-op-00
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-dickinson-dprive-bcp-op
>
>
> Abstract:
>   This document presents operational, policy and security
>   considerations for DNS operators who choose to offer DNS Privacy
>   services.  With the recommendations, the operator can make deliberate
>   decisions which services to provide, and how the decisions and
>   alternatives impact the privacy of users.
>
>   This document also presents a framework to assist writers of DNS
>   Privacy Policy and Practices Statements (analogous to DNS Security
>   Extensions (DNSSEC) Policies and DNSSEC Practice Statements described
>   in [RFC6841]).
>
>
>
>
> Begin forwarded message:
>
> From: internet-drafts@ietf.org
> Subject: New Version Notification for draft-bortzmeyer-dprive-rfc7626-bis-00.txt
> Date: 2 July 2018 at 18:54:30 BST
> To: "Sara Dickinson" <sara@sinodun.com>, "Stephane Bortzmeyer" <bortzmeyer+ietf@nic.fr>
>
>
> A new version of I-D, draft-bortzmeyer-dprive-rfc7626-bis-00.txt
> has been successfully submitted by Sara Dickinson and posted to the
> IETF repository.
>
> Name: draft-bortzmeyer-dprive-rfc7626-bis
> Revision: 00
> Title: DNS Privacy Considerations
> Document date: 2018-07-02
> Group: Individual Submission
> Pages: 22
> URL:            https://www.ietf.org/internet-drafts/draft-bortzmeyer-dprive-rfc7626-bis-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-bortzmeyer-dprive-rfc7626-bis/
> Htmlized:       https://tools.ietf.org/html/draft-bortzmeyer-dprive-rfc7626-bis-00
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-bortzmeyer-dprive-rfc7626-bis
>
>
> Abstract:
>   This document describes the privacy issues associated with the use of
>   the DNS by Internet users.  It is intended to be an analysis of the
>   present situation and does not prescribe solutions.
>
>
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email