IETF Logo Mail Archive

Re: [dns-privacy] [Last-Call] last call review of draft-ietf-dprive-rfc7626-bis-03

Eric Rescorla <ekr@rtfm.com> Fri, 10 January 2020 17:15 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 990F3120A76 for <dns-privacy@ietfa.amsl.com>; Fri, 10 Jan 2020 09:15:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nqwHwVa329-B for <dns-privacy@ietfa.amsl.com>; Fri, 10 Jan 2020 09:15:34 -0800 (PST)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADA1712025D for <dns-privacy@ietf.org>; Fri, 10 Jan 2020 09:15:33 -0800 (PST)
Received: by mail-lj1-x22a.google.com with SMTP id h23so2885068ljc.8 for <dns-privacy@ietf.org>; Fri, 10 Jan 2020 09:15:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AAuG+lkFEN+Gkt354PThqlP4NLLpVBbR+wnawFFR93k=; b=Lr0zBINr7+AC832fEh1JqPkWulR+uIX8co9z2owaNLEfXhJHcEtlLAiJTt60SvIEeN nmFfXdEQ5CE/P/YqKD3OctEKY5ETu99blp7cqwX2y9fK74uv7eZadX0w/Vn8Fbk7cHMZ Hs2cKeMMrbTPTQsUO+I8KCnNVbpHpLcSpvq/ERSDUJBtS4OLyCOkup5tKo961XFz8QbM mFDbNoVAKWRt2O+B2Nf1zWhI0VR59iLBYQo24wLsmOvUbfyOgt05UXtkxLiyerkMQfRv +TMhZHX7Ee+A44pUnM3nbK55q17/ULMK47kEnQh5RxbEPf1Omzl8F0k14jhAel5nZUxG z3uw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AAuG+lkFEN+Gkt354PThqlP4NLLpVBbR+wnawFFR93k=; b=iqptGbayl0/rFuBUt4aTo4rtM3qq7OhFJ0XgaS5kr9NQ18zAw/qMxnnAk6HjqeRMCf 1wJ5DMA8NSohuSFymEuKtbxe/6qlfLaF/IFqgap5En7Hrh9y7K+oqD8x4VOODqFLLEcp mjXOCbCMpQGqRvV+gQwMa+Zxqp+Ko0MsAQZADVjsSdgj3YPF+u+cGqh0h7entX3UMSOw Q0TEN7kGHZHs2YT8pWEpKTh7/CY78sm2+am9bjYtYqZydUEn2xT0moMZm1V0sljZCOO9 ojm2vWdvyYRZW4AKKXkw45NTtDtuspOJ1TW8Qc5LNW07QBUFaiV/3ixB7JfmpzBYsYQ3 pwww==
X-Gm-Message-State: APjAAAU4ai0aUEizDNDkSxTJu46xS915z6tkMcGzjaoEZVyYLENbVh+k mUI+G19tXZmlxMZa2QeTJBdGGmIQK1PoTywNLM41TA==
X-Google-Smtp-Source: APXvYqwRcRe0J3QlbMvL0+ldXLTgb2h64iKQCT1nEet1GehxIY8EEuh7U3MtWdOi2YYz1GPpAx/j4W05fJHOiMJNkRQ=
X-Received: by 2002:a2e:9e43:: with SMTP id g3mr3387316ljk.37.1578676531573; Fri, 10 Jan 2020 09:15:31 -0800 (PST)
MIME-Version: 1.0
References: <157504194893.4871.5551746255324168227@ietfa.amsl.com> <208AD30F-1213-4784-81FC-4AB76730CEC2@sinodun.com> <a02720cf-01b3-d61a-94d2-b3d0a399f107@cs.tcd.ie> <20191223220509.GK35479@kduck.mit.edu> <CAChr6SyAhA8V7AQHC67vTEmHWgd+gMzM-ZtFTkBDUhsvVQEC8A@mail.gmail.com> <614B534F-D62D-432C-A3E5-A01D9BF972AA@sinodun.com> <CAChr6SzbtzYPa8D6yFv+f74==6JFQtM+BVyPKR8NAiBG0p-icQ@mail.gmail.com> <187F7041-9537-4767-A824-DA8103356570@sinodun.com> <CABcZeBNscStJzpqZfmjstLFYtuvfKc2TMicK6xbag=DbztafCQ@mail.gmail.com> <20200110165508.GA8820@nic.fr>
In-Reply-To: <20200110165508.GA8820@nic.fr>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 10 Jan 2020 09:14:55 -0800
Message-ID: <CABcZeBNBm6WZYnxMbPi+twqf7CoBuyri8yoyNi9bzXrdcrkYmg@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: Sara Dickinson <sara@sinodun.com>, Rob Sayre <sayrer@gmail.com>, last-call@ietf.org, DNS Privacy Working Group <dns-privacy@ietf.org>, draft-ietf-dprive-rfc7626-bis.all@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e1469a059bcc456a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/kcTxlm_qeCIsAG56Ig5dob3bbhk>
Subject: Re: [dns-privacy] [Last-Call] last call review of draft-ietf-dprive-rfc7626-bis-03
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 17:15:37 -0000

On Fri, Jan 10, 2020 at 8:55 AM Stephane Bortzmeyer <bortzmeyer@nic.fr>
wrote:

> On Thu, Jan 09, 2020 at 10:29:29AM -0800,
>  Eric Rescorla <ekr@rtfm.com> wrote
>  a message of 181 lines which said:
>
> > > It means a standards compliant DoT implementation will have no
> > > client identifiers, a standards compliant DoH implementation is
> > > free to (and likely) to include them.
> > >
> >
> > [Citation needed]
>
> I'm not sure I understand your remark. Do you mean that Sara's
> sentence should be backed up with specific references? I mean, since
> DoH is HTTP and HTTP (unlike DNS) has a lot of headers that, together,
> can identify a client, is it enough to reference HTTP RFCs to support
> the claim?
>

1. I don't really know what "client identifiers" means. If it means "things
that identify the implementation" then that isn't really correct, because
the TLS ClientHello is quite characteristic.
2. "quite likely" is just speculation and given that Firefox, at least, is
removing the User-Agent string (
https://bugzilla.mozilla.org/show_bug.cgi?id=1543201), I think the evidence
actually points in the other direction.

If it's

-Ekr

v2.23.0 | Report a Bug | By Email