Re: [dns-privacy] Adaptive DNS Privacy and Oblivious DoH
Tommy Pauly <tpauly@apple.com> Fri, 01 November 2019 22:40 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 888F1120828 for <dns-privacy@ietfa.amsl.com>; Fri, 1 Nov 2019 15:40:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id heBQrFSiBIsj for <dns-privacy@ietfa.amsl.com>; Fri, 1 Nov 2019 15:40:55 -0700 (PDT)
Received: from nwk-aaemail-lapp01.apple.com (nwk-aaemail-lapp01.apple.com [17.151.62.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35C67120AD8 for <dns-privacy@ietf.org>; Fri, 1 Nov 2019 15:40:55 -0700 (PDT)
Received: from pps.filterd (nwk-aaemail-lapp01.apple.com [127.0.0.1]) by nwk-aaemail-lapp01.apple.com (8.16.0.27/8.16.0.27) with SMTP id xA1MbpZi024067 for <dns-privacy@ietf.org>; Fri, 1 Nov 2019 15:40:54 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=sender : from : content-type : mime-version : subject : date : references : to : in-reply-to : message-id; s=20180706; bh=NkYWXpk5uRk2ORoZCtNVq81Ea6DCsEDTUUvHNBnND1I=; b=DiZLWuOmC8TxpZXdEjduqZIYu0HnhpBiBSmtzMIXlp1AAxz1ASoH1JI9tay0lssC0+c9 grLoXh8CbiHdoXUvJEIgonn8lAVqMt1yaqyIPMqcxPRe2hTqPeZ85pdQ3fC3rdoEnPNp ZSg1dwbHvvibYuqTXRS3JgzUHT2ekiK4GRbUdzCRh7IMUok2Mjrel0ReHqS2aAuirTBe nPC7dTPLd59dCHGj/zqxhldUIIHKykic0rgUhSesqvFJHhThzM/TEt54iJOH2hOoAPEp c3nmI+6/1U7CE790yixiPu/k7XmZn/g1Xyru9gqg8WhTvX3csYYXVqcnWfbV2KVeDLDC YA==
Received: from mr2-mtap-s02.rno.apple.com (mr2-mtap-s02.rno.apple.com [17.179.226.134]) by nwk-aaemail-lapp01.apple.com with ESMTP id 2vxwfb4qus-8 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <dns-privacy@ietf.org>; Fri, 01 Nov 2019 15:40:54 -0700
Received: from nwk-mmpp-sz13.apple.com (nwk-mmpp-sz13.apple.com [17.128.115.216]) by mr2-mtap-s02.rno.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPS id <0Q0B00A3XB0588C0@mr2-mtap-s02.rno.apple.com> for dns-privacy@ietf.org; Fri, 01 Nov 2019 15:40:53 -0700 (PDT)
Received: from process_milters-daemon.nwk-mmpp-sz13.apple.com by nwk-mmpp-sz13.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) id <0Q0B00400ATQPO00@nwk-mmpp-sz13.apple.com> for dns-privacy@ietf.org; Fri, 01 Nov 2019 15:40:53 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 145619abd9e6a5d6fba35ed6f39071aa
X-Va-E-CD: 9d1bea20dc3f20f2eff5978ff3b97e9f
X-Va-R-CD: 071c4b3d842a0acf642e52d3766deddf
X-Va-CD: 0
X-Va-ID: 1daf513f-a6a3-4cbc-9bcf-222c43f9b4aa
X-V-A:
X-V-T-CD: 145619abd9e6a5d6fba35ed6f39071aa
X-V-E-CD: 9d1bea20dc3f20f2eff5978ff3b97e9f
X-V-R-CD: 071c4b3d842a0acf642e52d3766deddf
X-V-CD: 0
X-V-ID: b26bff6b-3bcd-43ce-b2ff-ad900738830c
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-11-01_08:,, signatures=0
Received: from [17.234.78.139] by nwk-mmpp-sz13.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPSA id <0Q0B00MHNB041880@nwk-mmpp-sz13.apple.com> for dns-privacy@ietf.org; Fri, 01 Nov 2019 15:40:53 -0700 (PDT)
Sender: tpauly@apple.com
From: Tommy Pauly <tpauly@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_D9A0F0B0-A681-4952-9AEB-C34196B58B33"
MIME-version: 1.0 (Mac OS X Mail 13.0 \(3594.4.17\))
Date: Fri, 01 Nov 2019 15:40:51 -0700
References: <F835A0C6-19DA-4728-B0B0-59A4C2F4F5F5@apple.com>
To: dns-privacy@ietf.org
In-reply-to: <F835A0C6-19DA-4728-B0B0-59A4C2F4F5F5@apple.com>
Message-id: <A5D68E26-0281-41BC-8709-2DC229647C1A@apple.com>
X-Mailer: Apple Mail (2.3594.4.17)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-11-01_08:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/cZUda8-xDujjG2Z6zeY3PYIYLEE>
Subject: Re: [dns-privacy] Adaptive DNS Privacy and Oblivious DoH
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 22:40:58 -0000
Hello DNS Privacy, We've posted new versions of our drafts on discovering designated DoH servers, and Oblivious DoH: https://tools.ietf.org/html/draft-pauly-dprive-adaptive-dns-privacy-01 https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-01 We got a lot of good input via email and on the GitHub. Some of the main changes in these versions are: - Don't reserve a SVCB SvcParamKey yet (https://github.com/tfpauly/draft-pauly-adaptive-dns-privacy/issues/60) - Change the Oblivious DoH proxying mechanism to specify the target in the HTTP path query (https://github.com/tfpauly/draft-pauly-adaptive-dns-privacy/issues/64) - Derive a nonce from client random values (https://github.com/tfpauly/draft-pauly-adaptive-dns-privacy/pull/74) Open issues that are tagged with "DISCUSS" can be found here. Please chime in if you have opinions! https://github.com/tfpauly/draft-pauly-adaptive-dns-privacy/labels/discuss Thanks, Tommy Name: draft-pauly-dprive-adaptive-dns-privacy Revision: 01 Title: Adaptive DNS: Improving Privacy of Name Resolution Document date: 2019-11-01 Group: Individual Submission Pages: 25 URL: https://www.ietf.org/internet-drafts/draft-pauly-dprive-adaptive-dns-privacy-01.txt Status: https://datatracker.ietf.org/doc/draft-pauly-dprive-adaptive-dns-privacy/ Htmlized: https://tools.ietf.org/html/draft-pauly-dprive-adaptive-dns-privacy-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-pauly-dprive-adaptive-dns-privacy Diff: https://www.ietf.org/rfcdiff?url2=draft-pauly-dprive-adaptive-dns-privacy-01 Abstract: This document defines an architecture that allows clients to dynamically discover designated resolvers that offer encrypted DNS services, and use them in an adaptive way that improves privacy while co-existing with locally provisioned resolvers. These resolvers can be used directly when looking up names for which they are designated. These resolvers also provide the ability to proxy encrypted queries, thus hiding the identity of the client requesting resolution. Name: draft-pauly-dprive-oblivious-doh Revision: 01 Title: Oblivious DNS Over HTTPS Document date: 2019-11-01 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/internet-drafts/draft-pauly-dprive-oblivious-doh-01.txt Status: https://datatracker.ietf.org/doc/draft-pauly-dprive-oblivious-doh/ Htmlized: https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-pauly-dprive-oblivious-doh Diff: https://www.ietf.org/rfcdiff?url2=draft-pauly-dprive-oblivious-doh-01 Abstract: This document describes an extension to DNS Over HTTPS (DoH) that allows hiding client IP addresses via proxying encrypted DNS transactions. This improves privacy of DNS operations by not allowing any one server entity to be aware of both the client IP address and the content of DNS queries and answers. > On Oct 4, 2019, at 10:34 AM, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote: > > Hello DNS Privacy, > > We’ve published a set of new drafts that define what we’re calling “Adaptive DNS Privacy”. This is an approach to using technologies like DoH to improve privacy of name resolution without breaking the functionality provided by local network resolvers. It also does not require placing trust in one or more fixed resolvers, but instead allows server deployments to dynamically indicate which resolvers are designated for their zones. > > From the perspective of an operating system vendor (for myself, iOS and macOS), the goal is to use this approach to DNS privacy in the system stub resolver such that it can be safely and automatically used by all applications. > > The first draft is “Adaptive DNS: Improving Privacy of Name Resolution”. > https://tools.ietf.org/html/draft-pauly-dprive-adaptive-dns-privacy <https://tools.ietf.org/html/draft-pauly-dprive-adaptive-dns-privacy> > > This covers the overall architecture for both clients and server deployments. This includes: > > • A mechanism for clients to discover DoH resolvers that are “designated” for certain names or zones, using a DNSSEC-signed SVCB record (https://tools.ietf.org/html/draft-nygren-dnsop-svcb-httpssvc <https://tools.ietf.org/html/draft-nygren-dnsop-svcb-httpssvc>). > • An algorithm for clients to select which resolver to use for a given name based on precedence (defining how VPNs, local network resolvers, designated cloud-based resolvers, and Oblivious DoH lookups coexist). > • A mechanism for local networks to advertise their rules and capabilities using a provisioning domain (https://tools.ietf.org/html/draft-ietf-intarea-provisioning-domains <https://tools.ietf.org/html/draft-ietf-intarea-provisioning-domains>); this allows the advertisement of a locally-designated DoH server, a list of names or zones over which the local network claims authority, and an indication of filtering requirements. > > The second draft is “Oblivious DNS Over HTTPS”, which we refer to as ODoH. > https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh <https://tools.ietf.org/html/draft-pauly-dprive-oblivious-doh> > > Inspired by Oblivious DNS (https://tools.ietf.org/html/draft-annee-dprive-oblivious-dns <https://tools.ietf.org/html/draft-annee-dprive-oblivious-dns>), this draft adds an extension to DoH for encrypting queries such that a resolver cannot know both the client’s IP address and the content of the DNS query. In contrast to Oblivious DNS, ODoH uses HTTP proxying to unlink query sources and destinations. (ODoH also uses HPKE (https://tools.ietf.org/html/draft-irtf-cfrg-hpke) for query public key encryption.) > > Please take a read through the documents and provide feedback. We’re eager to iterate on these goals with the community. > > You can also provide feedback and input on the GitHub repo: https://github.com/tfpauly/draft-pauly-adaptive-dns-privacy. > > If you are interested in working on implementing any of these protocols, please reach out for interop testing, etc. > > Best, > Tommy, Chris, Eric, and Patrick > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy
- [dns-privacy] Adaptive DNS Privacy and Oblivious … Tommy Pauly
- Re: [dns-privacy] Adaptive DNS Privacy and Oblivi… Tommy Pauly
- Re: [dns-privacy] Adaptive DNS Privacy and Oblivi… Stephane Bortzmeyer
- Re: [dns-privacy] Adaptive DNS Privacy and Oblivi… Tommy Pauly
- Re: [dns-privacy] Adaptive DNS Privacy and Oblivi… Stephane Bortzmeyer