Re: [dns-privacy] Warren Kumari's Discuss on draft-ietf-dprive-rfc7626-bis-06: (with DISCUSS and COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 08 October 2020 13:01 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87AF73A0DE0; Thu, 8 Oct 2020 06:01:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=aNnbBleH; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=hn3WY+9B
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GhKnjsazLRTO; Thu, 8 Oct 2020 06:01:19 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64FE53A0E23; Thu, 8 Oct 2020 06:01:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7542; q=dns/txt; s=iport; t=1602162079; x=1603371679; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=iDIm1Bqt/CgYo9oSR2O9KUD5JhgN1rzUYXKoCxbnFAw=; b=aNnbBleH5ID4xjbi23H4it/0XEQAgM12zzFA5S6+28nm7C0hHmj/5MhL pKMzmCHNkgKtYFvZxhBQdkRvTNap1gi/kSxwKJkN3f15DEvYelBzSrO2g iCi23/jY+c6vKWKXYmy8EBUyNj3dJPrcEydE+0OJ8OYfgXr+RT6tzd7vg A=;
IronPort-PHdr: =?us-ascii?q?9a23=3AZSbwvxapobm9vSFqBeXFHBj/LSx94ef9IxIV55?= =?us-ascii?q?w7irlHbqWk+dH4MVfC4el21QaXD4bG7vteiqzQvryzEWAD4JPUtncEfdQMUh?= =?us-ascii?q?IekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutZEDXq2ezqzgfBk?= =?us-ascii?q?a3OQ98PO+gHInUgoy+3Pyz/JuGZQJOiXK9bLp+IQ/wox/Ws5wdgJBpLeA6zR?= =?us-ascii?q?6arw=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CpAAC9DH9f/4UNJK1gHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgT0FAQELAYFRKSgHgUkvLIQ9g0YDjVCKEY5qgS6BJQNVCwE?= =?us-ascii?q?BAQ0BAS0CBAEBhEoCF4FzAiU2Bw4CAwEBCwEBBQEBAQIBBgRthVwMhXIBAQE?= =?us-ascii?q?BAgESEREMAQE3AQsEAgEIEQMBAgECAh8HAgICHxEVCAgCBAENBSKDBIJMAw4?= =?us-ascii?q?gAZ4DAoE5iGF2gTKDAQEBBYUZDQuCEAmBDioBgnGDa4EGgT6EEhuBQT+BESc?= =?us-ascii?q?cgk0+ghqCI4MXM4Itkwg8hyucHFIKgmiPWoYChQsDH6EvkxqNW44ohBkCBAI?= =?us-ascii?q?EBQIOAQEFgVsHLIFXcBUaSwGCPlAXAg2BGY0GDBcUbgEIgkOKVnQ3AgYBCQE?= =?us-ascii?q?BAwl8jUwBAQ?=
X-IronPort-AV: E=Sophos;i="5.77,350,1596499200"; d="scan'208";a="557300044"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Oct 2020 13:01:18 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 098D1Ii6031253 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 8 Oct 2020 13:01:18 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 8 Oct 2020 08:01:17 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 8 Oct 2020 08:01:17 -0500
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 8 Oct 2020 08:01:17 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mMnrXiotvHlKp0Kw2v8UNenBiu11c2XYjwi3lNU4S5fq9hVgiCG9mj5W5gWhBZxicFNZRwWQnpT4fMfeDH/dCRcNHMIB6YCxclThAUof7d10l+zbIlcyFi72xIX6c7J38rOcnN4D1xDuo5iLktfWaFPnX7JIXj1fxDGgwJl2lu0ZpIaxXhGw9iJeyVyNGg4+sOqzg/7XmaoE1ObcFHuNWyfpsnFULxkgo29cAevyE0iORRdYxivDvWziTiUxJFJ1tl+48EY7aZViRjGoeJJMlogzruEkP81aZiXejRBHcgyBDmkN6p54e8buAMeWSl4x0LG/jtnFd74jj9DGRo9JVg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iDIm1Bqt/CgYo9oSR2O9KUD5JhgN1rzUYXKoCxbnFAw=; b=jsCgtjShie3u+ke5sdF62xNEE4zueeQt+/xOEijDpast+bREVgUAZwk+oUOF4lEBjux+y80DHhNFJ2d8fLwLyy84vhsOJ8NKG3DuH6GxNk9kNVmaX5lex6zfRr23wO8qAirka1xFKzcSxA4S9lJZbDX+XE6oXWS+uHAawERzVr2hbi6dtTeAyN2X8FzYHOYU+tkkVerqLngjQvBfm6whcs4YkF75TgK7R1E3D5nUCRCeCAAnz6FS4Fu+sA+st2mk6oYPD7PQgRDyWN1ZP5GbO2YnjO2NjXcyIZX8DBQtX9lhItgrKTAtqtES7bKWC6ndghc+iLlE4UM6nEUc3tPZEQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iDIm1Bqt/CgYo9oSR2O9KUD5JhgN1rzUYXKoCxbnFAw=; b=hn3WY+9B2sd47mwAXpuGOkPWAaO6euO1KXdJNJCQ66yCdvmF4DiG3UI2kNTwJgUwsI043L+BSqIZV3KMUxO7J5g3ETpVvrbYpHm9Ju08KyXaEr+pxkQsSWfA3DyZtoU3n23ptJf7FUIQDGfFtZLBV5ggq9IQgu+ZppEHwid9RU0=
Received: from BN6PR11MB1844.namprd11.prod.outlook.com (2603:10b6:404:103::20) by BN7PR11MB2530.namprd11.prod.outlook.com (2603:10b6:406:ac::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.24; Thu, 8 Oct 2020 13:01:14 +0000
Received: from BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7]) by BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7%12]) with mapi id 15.20.3455.025; Thu, 8 Oct 2020 13:01:14 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Warren Kumari <warren@kumari.net>, Tim Wicinski <tjw.ietf@gmail.com>
CC: The IESG <iesg@ietf.org>, Brian Haberman <brian@innovationslab.net>, "draft-ietf-dprive-rfc7626-bis@ietf.org" <draft-ietf-dprive-rfc7626-bis@ietf.org>, DNS Privacy Working Group <dns-privacy@ietf.org>, "dprive-chairs@ietf.org" <dprive-chairs@ietf.org>
Thread-Topic: [dns-privacy] Warren Kumari's Discuss on draft-ietf-dprive-rfc7626-bis-06: (with DISCUSS and COMMENT)
Thread-Index: AQHWnOBPMOiMAHk+Fkq6NAecjElo86mMmkUAgAAKKICAADJJAIAA0uqAgAAB94CAACJigA==
Date: Thu, 8 Oct 2020 13:01:14 +0000
Message-ID: <AD588EF0-4D68-4BBF-A178-869367A288E6@cisco.com>
References: <160193413191.28964.1483642169279931217@ietfa.amsl.com> <59635c3f-e291-02bc-06a8-cbef46e38361@innovationslab.net> <CAHw9_iL8eq+sLXJaDLD9qzyk9CFhTcuKpC8D+LvAHZLdd2-MOg@mail.gmail.com> <20201007211615.GV956@denic.de> <CAHw9_iJa+-e9uP78yX+_pj0FUd94MTue6No7MPBGE3EAAcADtg@mail.gmail.com> <CADyWQ+F5Q1PR825H8eX0woNjosBAYt2QxmrsDR7fzaiWrJZd=w@mail.gmail.com> <CAHw9_iLfazXCJABSMpoRzZPR0u=WRzG2HcJqEhGa-kMbZeCk7g@mail.gmail.com>
In-Reply-To: <CAHw9_iLfazXCJABSMpoRzZPR0u=WRzG2HcJqEhGa-kMbZeCk7g@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
authentication-results: kumari.net; dkim=none (message not signed) header.d=none;kumari.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:4547:e946:96f1:ba38]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5f076992-4dca-4554-85c0-08d86b8a3d02
x-ms-traffictypediagnostic: BN7PR11MB2530:
x-microsoft-antispam-prvs: <BN7PR11MB2530C1E7E6627016D7B0FA31A90B0@BN7PR11MB2530.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fBGdsqEgFb1wzPoSC0Ez7wex/cwXh4XRTWzKsaUTGU4WPs6O22fHUrdXRBUhyOkNor86ylO0RPtivIwb9/K4S6wxb3cTyg0ZgIJzt9gNGNcRvWXBoWJNkpYjyI5iSG1307U+cwoY1IH18KvYZGS8EyjjN+WL0oeQU8MO3VgAMjHUma5826kYCf25f2Jt+IHiqaYFwjpdlNDliLOzH5s8vswfv0AFUWPcIw7SmtBsgbRcyqQkHaWwJHe0saA0RlYUfRIVvMhjniA1QfuiWG+I1KiAzrqgh9HDSHoOYC4STx9jQt87DAzXo5iWhUZ/PM5EoYg6XrKKZJVFqXYcWBmO+A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1844.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(396003)(39860400002)(376002)(346002)(136003)(2906002)(54906003)(110136005)(316002)(5660300002)(33656002)(6512007)(6486002)(4326008)(64756008)(66446008)(66556008)(66476007)(66946007)(478600001)(91956017)(76116006)(8936002)(53546011)(83380400001)(36756003)(8676002)(186003)(71200400001)(66574015)(86362001)(6506007)(2616005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: bNV5rz6uvYX25qj/iLHIa9ZeCoqyYuaN0ExuTlnmq68XjZ9hvwXG2h/+cJtiMOURz8V3/Iz6q3h7pbQJzeRAKALYEYnPWqAQEfyIxeSTeC5rhwRI4uJi63gHNMIahPvwtOj3Ppt2QtgzdHdO9SGQ40T29z0Azy5E6TfqNuXA2fOJ1nv4FWfiog6gNAb601KlV/fYAPD12PUqQAkmiIt2pWonov5hgxlpf/N2dYEnum4ALnXxJm+obMM5gaOxTdTz2aDrvBnovWd7Pu8SGVJEJFUcpLNdVsuXnBOIagH6NAymHp14Gi5TRmVeeVh+Zx8ADPYPdFJ+svQ/m7w1weKZovpQ6aG7/1y7G8ot4vBXPQYNzMTqVGVugY1Y/s7/IkgUVL8CPyGR8Do/fU+ywkXym/2wY18mKNy+aEehoKr1jVzTvZ1aCWR+SwWPsNQXGSjxypBHhCwrTtXxDPWLxOSoBuo3ZLqiJBb2SZ9V4GALIKncvTpkb5uA90+rsf8fRuABcLYeF3pUKyQmS2MtENxj85CNSeQLHjypRi/h+2Q0/2aY85U9Ai/OyQ6/Nq96mbwLAehhgxk8Lo5D8yVlniIK2VwMyekLhOLm7HTNpVObwwjof231J0CZvZAl+o/z+b4DXF0OaSX77OePlKr331DZCyfxZz0S5NYRNXpr/FJGrThQuUIlsdf373EypWQs4OYfyXzyNOfaXCSvChEozp5s2A==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <5C10844F98C16847940F416FABA1C662@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1844.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5f076992-4dca-4554-85c0-08d86b8a3d02
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2020 13:01:14.5379 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: j+VQJZ1fYqXuUsMoSGpEcTHvnvSnQUt70kcWHjMGhPMM4QHb0CT0+xdGq/t0Zk9ckuWSxV/yUVqQJzSS7FtSjw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2530
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/XjLiwWV7tjTkF4vh19rJcVXs0xc>
Subject: Re: [dns-privacy] Warren Kumari's Discuss on draft-ietf-dprive-rfc7626-bis-06: (with DISCUSS and COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2020 13:01:28 -0000

Thank you all for the review (catching a good point) and even more for the quick resolution

-éric

-----Original Message-----
From: iesg <iesg-bounces@ietf.org> on behalf of Warren Kumari <warren@kumari.net>
Date: Thursday, 8 October 2020 at 14:59
To: Tim Wicinski <tjw.ietf@gmail.com>
Cc: The IESG <iesg@ietf.org>rg>, Brian Haberman <brian@innovationslab.net>et>, "draft-ietf-dprive-rfc7626-bis@ietf.org" <draft-ietf-dprive-rfc7626-bis@ietf.org>rg>, DNS Privacy Working Group <dns-privacy@ietf.org>rg>, "dprive-chairs@ietf.org" <dprive-chairs@ietf.org>
Subject: Re: [dns-privacy] Warren Kumari's Discuss on draft-ietf-dprive-rfc7626-bis-06: (with DISCUSS and COMMENT)

    On Thu, Oct 8, 2020 at 8:51 AM Tim Wicinski <tjw.ietf@gmail.com> wrote:
    >
    > Warren
    >
    >    There are many ways in which supposed "private"
    >    resources currently leak. A few  examples are  DNSSEC NSEC zone walking;
    >    passive-DNS services; etc.
    >
    > with the references added in. and changing the section title

    Thank you very much, that will work for me.
    I really do think that this was an important point, and thank you (and
    the WG!) for addressing it.

    I've just changed my ballot from DISCUSS to YES; it's an important
    foundational document, and useful for level-setting.


    Thanks again,
    W


    >
    > tim
    >
    >
    > On Wed, Oct 7, 2020 at 8:16 PM Warren Kumari <warren@kumari.net> wrote:
    >>
    >> On Wed, Oct 7, 2020 at 5:16 PM Peter Koch <pk@denic.de> wrote:
    >> >
    >> > Hi Warren,
    >> >
    >> > On Wed, Oct 07, 2020 at 04:39:54PM -0400, Warren Kumari wrote:
    >> >
    >> > > 4.1.  The Public Nature of DNS Data
    >> > >
    >> > >    It is often stated that "the data in the DNS is public".  This sentence
    >> > >    makes sense for an Internet-wide lookup system,  and there
    >> > >    are multiple facets to the data and metadata involved that deserve a
    >> > >    more detailed look.  First, access control lists (ACLs) and private
    >> > >    namespaces notwithstanding, the DNS operates under the assumption
    >> > >    that public-facing authoritative name servers will respond to "usual"
    >> > >    DNS queries for any zone they are authoritative for without further
    >> > >    authentication or authorization of the client (resolver).  Due to the
    >> > >    lack of search capabilities, only a given QNAME will reveal the
    >> > >    resource records associated with that name (or that name's non-
    >> > >    existence).  In other words: one needs to know what to ask for, in
    >> > >    order to receive a response. However, there are many ways in
    >> > >    in which supposed "private" resources leak, including DNSSEC
    >> > >   NSEC zone walking [REF]; passive-DNS services [ref]; employees
    >> > >   taking their laptops home (where they may use a different resolver),
    >> > >   and refreshing names which should only exist in their enterprise
    >> > > environment, etc.
    >> >
    >> > I think this text is mixing too many aspects that are (or should eventually be)
    >> > covered in other parts of the document.
    >>
    >> The document is in IESG eval -- there is no more "eventually".
    >>
    >>
    >> > The antipodes are _not_ 'public'
    >> > and 'secret'.  The purpose of that section was to exactly counter the
    >> > too narrow perception that 'all data in the DNS is public' (which by the
    >> > way, was a usual counter argument to NSEC3) to help motivate the need
    >> > for further dealing with DNS privacy.
    >>
    >> I fully agree that we need to explain the need for DNS privacy -- but
    >> to my mind the original text does the opposite - it provides the
    >> illusion that you can put private info in the DNS and (realistically)
    >> expect it to stay that way. I fully agree with your below that things
    >> like passive dns is not a feature of the DNS, but it *is* a way that
    >> records that people might assume to be private leak.
    >>
    >> Yes, I do fully understand that the primary purpose of this is to
    >> discuss the privacy needs / implications of leaking in *transactions*,
    >> but this section seems to pooh-pooh the risks of exposing "private"
    >> names...
    >>
    >>
    >> Tim's suggestion (coupled with changing the section title) would be
    >> fine with me...
    >>
    >> W
    >>
    >> > It does not suggest to store secrets
    >> > in the DNS.  The original text, I believe - biased as might be - did and does clearly
    >> > differentiate betweeen residual data and transactions.  'passive DNS'
    >> > is not a feature of the DNS - it is a by-product and, from the perspective
    >> > of privacy, to be addressed under 'risks'.
    >> >
    >> > -Peter
    >>
    >>
    >>
    >> --
    >> I don't think the execution is relevant when it was obviously a bad
    >> idea in the first place.
    >> This is like putting rabid weasels in your pants, and later expressing
    >> regret at having chosen those particular rabid weasels and that pair
    >> of pants.
    >>    ---maf



    -- 
    I don't think the execution is relevant when it was obviously a bad
    idea in the first place.
    This is like putting rabid weasels in your pants, and later expressing
    regret at having chosen those particular rabid weasels and that pair
    of pants.
       ---maf