IETF Logo Mail Archive

Re: [dns-privacy] Last Call: <draft-ietf-dprive-rfc7626-bis-03.txt> (DNS Privacy Considerations) to Informational RFC

Sara Dickinson <sara@sinodun.com> Thu, 23 January 2020 13:15 UTC

Return-Path: <sara@sinodun.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E10B1200CE; Thu, 23 Jan 2020 05:15:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0DXNqQp10udu; Thu, 23 Jan 2020 05:15:18 -0800 (PST)
Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 669251200D6; Thu, 23 Jan 2020 05:15:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=mythic-beasts-k1; h=To:Date:From:Subject; bh=FDzX71PL5OfhRoBa8xrOimZgUmB7oMJ4tLSbFbAJU/o=; b=J2V04xEgt5Nak2gTtj32EBvGv2 EQzE5O+wSv4IgPjWQ5QYt4t935VDN836j9UPDctq4zXnADW1duYPHRjG88G3L2bGA55rSdFrs79y0 1V6MSObJ3vYkqKXHu7oheRuTGLWL9Ftthyz74W4slak7kHylkQnfQ3ukS3r8AAehFLVoKphq6q6Xv reGyy79t3dRJmYQrD9SybDjFJvTwnkCCNA9bWU8Q+XIQyuh2EFSLwdDRYripidCObgBt3CXf8h+0a HUIBj1+hmJqsaj4EN/mZ9ZLC4WI72sDpfKqfu1xbcfHoRR9AgSCfFdZnowJKsHtN48RkmA6F+Q3kj W0/Sb3Tg==;
Received: from [2001:b98:204:102:fffa::2] (port=60636) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <sara@sinodun.com>) id 1iucKK-0000Cz-7s; Thu, 23 Jan 2020 13:15:16 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Sara Dickinson <sara@sinodun.com>
In-Reply-To: <6.2.5.6.2.20200101181705.081679d0@elandnews.com>
Date: Thu, 23 Jan 2020 13:15:04 +0000
Cc: DNS Privacy Working Group <dns-privacy@ietf.org>, Brian Haberman <brian@innovationslab.net>, draft-ietf-dprive-rfc7626-bis@ietf.org, dprive-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <5C842DC4-0D89-4348-B810-9441F381B588@sinodun.com>
References: <157412591286.14148.8912544206473080519.idtracker@ietfa.amsl.com> <6.2.5.6.2.20200101181705.081679d0@elandnews.com>
To: S Moonesamy <sm+ietf@elandsys.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Xs9_E7Ek6W2ZPqkt20b3U11nOgc>
Subject: Re: [dns-privacy] Last Call: <draft-ietf-dprive-rfc7626-bis-03.txt> (DNS Privacy Considerations) to Informational RFC
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 13:15:20 -0000


> On 2 Jan 2020, at 06:45, S Moonesamy <sm+ietf@elandsys.com> wrote:
> 
> Hello,
> 
> There are currently four (IETF) working groups focused on DNS with three of them having privacy as part of their charter.  I read draft-ietf-dprive-rfc7626-bis-03 as I was looking for a document which might be related to those topics.

Comments here are based on the content of the -04 draft. 

> 
> Section 1 of the draft has a tutorial of how DNS works.  What is the audience for this draft?
> 
> Section 3.1 of the draft discusses about the claim that "the data in the DNS is public".  The claim is supported [1] by one of the authors of the draft.  The draft states that the claim makes sense.  What is the meaning of the "data in the DNS"?  Does "is public" mean that the "data" is not confidential?

Both previously answered by Stephane.

> 
> Section 3.2 discusses what a user does and use a DNS query related to email as an example.  Is the MUA expected to validated the MX RR or is it the role of the MSA?

I think questions of validation are out of scope for this draft.

> 
> Section 3.4.1 discusses the lack of confidentiality in the design of DNSSEC and equates privacy-aware with "secured against surveillance".  Mixing the pervasive monitoring and privacy aspects creates ambiguity.  For example, encrypting all the entire DNS communication chain with adequate security mechanisms could mitigate pervasive monitoring concerns.  However, that does not address privacy concerns as there is still entities which are able to collect and process those DNS queries for secondary purposes.

The draft contains sections on both the wire encryption (3.4) and handling of data in the servers (3.5) which between them cover these two aspects. Do you have a specific suggestion for changes to the draft?

> 
> The choice of resolvers was previously made by the network on which the user was connected.  Recently, the Internet Engineering Steering Group approved the standardization of a mechanism so that the choice can be made by a web browser.  The data from the DNS query is, with some exceptions, automatically transferred to a foreign jurisdiction.  The draft mentions in Section 3.5.1.1 that the entities running networks might have a strong, medium, or weak privacy policy.  However, it misses a crucial aspect  with respect to privacy policies, which is the redress mechanism available to the user.

Since such mechanisms would vary at least by region and certainly by organisation so I’m not sure what can be said here. Do you have specific text to suggest on this topic? 

> 
> Section 3.5.1.3 states that user privacy can also be at risk if the network operator blocks access to some remote recursive server.  It could be argued that it might be a filtering (or censorship) technique.  However, it does not have an impact on user privacy unless there is an identifier which can be traced back to the user.

Section 3.5.1.3 states: 

“User privacy can also be at risk if there is blocking (by local
   network operators or more general mechanisms) of access to remote
   recursive servers that offer encrypted transports when the local
   resolver does not offer encryption and/or has very poor privacy
   policies."

and “This is a form of Rendezvous-Based Blocking as described in Section 4.3 of [RFC7754].”

which I think cover both of your issues. Otherwise, please suggest text.

> 
> If I understood Section 3.5.1.5.2. correctly, the move to DNS over HTTPS created more privacy issues because HTTPS functionality was favored at the expense of privacy.

To quote from Section 3.5.1.5.2:
“Utilizing the full set of HTTP features enables DoH to be more than an HTTP tunnel, but it is at the cost of opening up implementations to the full set of privacy considerations of HTTP."

> 
> Section 3.6 of the draft states that the IAB privacy and security program has some work in progress.  Given that it has been over four years, could an update be provided about that work in progress?

Looking back, this text was introduced into the original I-D before RFC7624 was published and wasn’t updated. Suggest:

OLD: “The IAB privacy and security program also have a work in progress [RFC7624] that considers such inference-based attacks in a more general framework.”

OLD: “The IAB privacy and security program has also produced [RFC7624] that considers such inference-based attacks in a more general framework."

> 
> Section 5 discusses legalities within a European Union context and concluded that there are no specific laws for DNS data in any country.  Did the working group conduct a worldwide study to find evidence of that?

The text says “to our knowledge’; no DPRIVE or IETF review comment to date (or errata to RFC7626) has contradicted this statement so I think it is a fair representation of the community knowledge on this matter. If you are aware of such a law please suggest text. 

Best regards

Sara.

v2.23.0 | Report a Bug | By Email