IETF Logo Mail Archive

Re: [dns-privacy] [Last-Call] Review of draft-ietf-dprive-rfc7626-bis-03

Vittorio Bertola <vittorio.bertola@open-xchange.com> Tue, 31 December 2019 16:33 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCAD31200E5; Tue, 31 Dec 2019 08:33:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ZTLZIFba8OZ; Tue, 31 Dec 2019 08:33:33 -0800 (PST)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D15581200D6; Tue, 31 Dec 2019 08:33:32 -0800 (PST)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id 2049F6A26A; Tue, 31 Dec 2019 17:33:28 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1577810008; bh=LLRfxj+EqZftf7XTy5R74eezuz4bgdi+lkx2E7STA1Y=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=GZpHKccEPY/gmRr64wkPjnExbF8rZ0oVQEeE1poR2UrhObMUXUQKcehJ1G/LWpGhD XCrrWvOm+D7X9qv2CU3F4S/Mtscrp80tMbAyNiljFXjNhko+/W/l/fWbv76GAiTIjz aZlTWWyLxXzagSMJAQKghHGt6UHvJcXW6XgznGH/6ojNs5hQ5Sv/RNl+itJk5c0NyS h36ImZMhwzmjQlxM3wEjkms080VXwkAcsCm0Culg/9lu066Ns0lu64fCAgoDqSYFcK iJqt4QRuJonk4+Hf/318LcoAAWUGaT1YP82SLetanq/IVkz+GKrZQVmIzdnDg05F5Y rbowZ/efi91RA==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 07ACE3C01C0; Tue, 31 Dec 2019 17:33:28 +0100 (CET)
Date: Tue, 31 Dec 2019 17:33:27 +0100
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Eric Rescorla <ekr@rtfm.com>, Sara Dickinson <sara@sinodun.com>
Cc: last-call@ietf.org, DNS Privacy Working Group <dns-privacy@ietf.org>
Message-ID: <1197055602.9153.1577810007912@appsuite-gw1.open-xchange.com>
In-Reply-To: <CABcZeBO2eNo6d2PVd4DCiGCMgrZdmBrCkfKb9i7bx7ay4E0yAA@mail.gmail.com>
References: <4639bd67-6fca-47d1-aaeb-85fcd0394f46@www.fastmail.com> <029D8BB9-CE93-486A-BDF2-6D0720E59109@sinodun.com> <CABcZeBO2eNo6d2PVd4DCiGCMgrZdmBrCkfKb9i7bx7ay4E0yAA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.3-Rev3
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/TxfD7EjBgpVe2JjIxWu1Tiw2uQI>
Subject: Re: [dns-privacy] [Last-Call] Review of draft-ietf-dprive-rfc7626-bis-03
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Dec 2019 16:33:35 -0000


Il 31/12/2019 15:45 Eric Rescorla <ekr@rtfm.com> ha scritto:




On Wed, Dec 18, 2019 at 7:07 AM Sara Dickinson < sara@sinodun.com> wrote:

Suggest:

OLD:
“Users of encrypted transports are also highly likely to re-use sessions for multiple DNS queries to optimize performance (e.g. via DNS pipelining or HTTPS multiplexing). Certain configuration options for encrypted transports could also in principle fingerprint a user or client application.  For example: …."

NEW:
“Implementations that support encrypted transports are also highly likely to re-use sessions for multiple DNS queries to optimize performance (e.g. via DNS pipelining or HTTPS multiplexing). Default configuration options for encrypted transports could in principle fingerprint a specific client application. For example:…

I don't generally think that documents like this ought to predict how implementers will behave, so I would remove this text entirely.

On the surface, this actually seems like quite a good setting for *not* using TLS session resumption (or TFO, or 0-RTT). Consider a browser, in which you're likely going to want to connect to the DoH server on startup and keep that connection open as long as you are doing just about anything that would cause DNS resolution. You might disconnect when you go really idle, but then you could get warm again quickly when the user re-engages, at which point you probably can just accept an extra RT (remember that user response is quite slow). This isn't something that we have spent a lot of time optimizing, I don't think, so I suspect there's still a fair bit of work to do to figure out the best pattern. In any case, making recommendations here seems premature.
As I understood it, the purpose of this document is to map possible DNS-related privacy issues, and not necessarily to address them with recommendations (and in that case you are right that there might be a privacy vs performance tradeoff). So the starting point here was to state that a privacy risk exists, even if we are not ready to make recommendations (which may come in the future in a "7626ter" document) or even to assess whether the risk is big enough to even need recommendations (which, I agree, will greatly depend on what implementers will do).

On the other hand, I think there is agreement (is there?) that encrypted DNS protocols introduce specific tracking opportunities deriving from how they open and reuse connections and from other features of the encrypted transport mechanism, so it would be weird to omit this risk from the analysis.

-- 

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy

v2.23.0 | Report a Bug | By Email