[dnsext] Re: EDNS client IP should be opt-in (Was: I-D ACTION:draft-vandergaast-edns-client-ip-00.txt

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 02 February 2010 12:53 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 857F53A6926; Tue, 2 Feb 2010 04:53:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.238
X-Spam-Level:
X-Spam-Status: No, score=-106.238 tagged_above=-999 required=5 tests=[AWL=0.011, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nUoKBbMpeMNZ; Tue, 2 Feb 2010 04:53:14 -0800 (PST)
Received: from psg.com (psg.com [147.28.0.62]) by core3.amsl.com (Postfix) with ESMTP id C83753A6920; Tue, 2 Feb 2010 04:53:14 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1NcI9w-000Dr0-0Q for namedroppers-data0@psg.com; Tue, 02 Feb 2010 12:47:12 +0000
Received: from [2001:660:3003:2::4:11] (helo=mx2.nic.fr) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <bortzmeyer@nic.fr>) id 1NcI9t-000DqI-Ez for namedroppers@ops.ietf.org; Tue, 02 Feb 2010 12:47:09 +0000
Received: from mx2.nic.fr (localhost [127.0.0.1]) by mx2.nic.fr (Postfix) with SMTP id 8F63B1C0159; Tue, 2 Feb 2010 13:47:08 +0100 (CET)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx2.nic.fr (Postfix) with ESMTP id 8B7471C0113; Tue, 2 Feb 2010 13:47:08 +0100 (CET)
Received: from bortzmeyer.nic.fr (batilda.nic.fr [192.134.4.69]) by relay2.nic.fr (Postfix) with ESMTP id 8932C7B0034; Tue, 2 Feb 2010 13:47:08 +0100 (CET)
Date: Tue, 02 Feb 2010 13:47:08 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Carlo Contavalli <ccontavalli@google.com>
Cc: namedroppers@ops.ietf.org
Subject: [dnsext] Re: EDNS client IP should be opt-in (Was: I-D ACTION:draft-vandergaast-edns-client-ip-00.txt
Message-ID: <20100202124708.GA8477@nic.fr>
References: <7c31c8cc1001271556w4918093er6e94e07cb92c4dc4@mail.gmail.com> <4B66E441.6090104@nic.cz> <4966825a1002010729m32b5ccfel94f7cb09d8b5e458@mail.gmail.com> <20100202113421.GA31244@nic.fr> <4966825a1002020355s41a182edvbc2fc8045af4a36e@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <4966825a1002020355s41a182edvbc2fc8045af4a36e@mail.gmail.com>
X-Operating-System: Debian GNU/Linux 5.0.3
X-Kernel: Linux 2.6.26-2-686 i686
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.18 (2008-05-17)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>

On Tue, Feb 02, 2010 at 11:55:05AM +0000,
 Carlo Contavalli <ccontavalli@google.com> wrote 
 a message of 21 lines which said:

> > Yes, they have to, if they want to keep the SAME level of privacy
> > as today (not solve every privacy problem, just keep the CURRENT
> > level). That's the biggest problem with the proposal.

> I sincerely do not understand this comment.

I rewrote it, trying to make it clearer:

Today, if an end-client (the user's machine) wants to keep the SAME
level of privacy as today (not solving every privacy problem, just
keeping the CURRENT level), this end-client has to add a dummy
edns-client-ip with the wildcard address 0.0.0.0/0 (section
8.1). Otherwise, the resolver may, without the consent of the user,
add a real edns-client-ip (section 4.1) revealing the end-client
address. So, EDNS client IP indication is opt-out but should be
opt-in. And end-clients (stub resolvers) must be upgraded to
opt-out. That's the biggest problem with the proposal.