IETF Logo Mail Archive

Re: [DNSOP] RDBD (Related Domains By DNS)

Martin Thomson <mt@lowentropy.net> Wed, 04 March 2020 23:25 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF64A3A0BC0 for <dnsop@ietfa.amsl.com>; Wed, 4 Mar 2020 15:25:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=pwE0pC58; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=jjPEFOia
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C89la8NN_yvG for <dnsop@ietfa.amsl.com>; Wed, 4 Mar 2020 15:25:54 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F6613A0BBF for <dnsop@ietf.org>; Wed, 4 Mar 2020 15:25:54 -0800 (PST)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 3808221F55 for <dnsop@ietf.org>; Wed, 4 Mar 2020 18:25:52 -0500 (EST)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Wed, 04 Mar 2020 18:25:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=UjT/71LRdBqqDNF7eIcoMuWvUvACRC+ JQ3BH8xloRoA=; b=pwE0pC58p3aX29vQy3kbVgLWqF48UkI25Thuj0PCWrS/1f8 awDgM/0I24x66JSmQ8oK942M9A0TXyc2D4hwngjmuJCiQAA+A/njZGJwgn1gc8s8 7XBCX68I0vyr/rtURCNDU3VjhJlORlMCVaNm/aOCtXx52+QUByADVcby5KsOA8d0 QEGjW5JR3QEml1Fk0BXXJBNnOG6WEaJSpwRk7u8lhjnPK12b+QrvvZBG+05J8Jx6 7U0NPQvXWOmVujZh2K4TCzYCRnKnJlsnpRJNCY9LA2SYMuKyg00OqVU1Dp28k4wy zrXFGQfBo63Z2ik3rrG/3G3tbAmIrlzI26IftTA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=UjT/71 LRdBqqDNF7eIcoMuWvUvACRC+JQ3BH8xloRoA=; b=jjPEFOiatS5s0JYTQdTfed UomrFvFuAGleXzGVN/InZW50j1cDB3j3pvAdmX5O9Z8ngVbX+u517X/8xKloIjQA x4TCycMrQXpftrXg33Eelb+u2J2L6uP48s+mWaZEM+p2jzTxcLmTqJb4RaSHrNRH khYv6yCC9KlWHn2z15isu2S1OeNYvpYuSCRKxXU+7pNYQAcMeuj/l9rth6DBAqRI BFPduLncH+Eu1iw/BYjBDKDEjz7ii2TW1x9ThO7EO+ukrMSS9BU/C+lXUTjuyQ81 9wMgVuOBdweS8zI5P31V0hdKmO0jvP8A1y+ZkfWAQ95a+GiWFdJ8Ca2u2IuxhS/A ==
X-ME-Sender: <xms:_zhgXlM3mUx6wPUYUhkB0IfACrq_Y84eRsIGWufHI4YfQvrvo8A2sA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedruddtledgtdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucffohhmrghinhepihgvthhfrdhorhhgpdhgihhthh husgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr ohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:_zhgXoROUnogRb7SvxVQugHIjoEUQvyOA_EP9bmcDhNMLsLleoiWdQ> <xmx:_zhgXr7p0N71NRRjwLl3JazV8ARDxWQZCBztOb2pnEyVRJ8gMO1uNA> <xmx:_zhgXsXrTZrp2E2lPZbsW8V76mWIP7RgZ-Zsm-1FORPmPR6U7r_OeA> <xmx:ADlgXkEztw-a28wkt2ziLVOa4wtVMgEeLctvwumen7H0IQVhpOALLw>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7A7C1E00A6; Wed, 4 Mar 2020 18:25:51 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-986-gfc2d493-fmstable-20200304v3
Mime-Version: 1.0
Message-Id: <f9ac27bb-1d28-4354-9b29-8c028e2731df@www.fastmail.com>
In-Reply-To: <SN6PR11MB263815A3157874070BE86908F7E40@SN6PR11MB2638.namprd11.prod.outlook.com>
References: <SN6PR11MB263815A3157874070BE86908F7E40@SN6PR11MB2638.namprd11.prod.outlook.com>
Date: Thu, 05 Mar 2020 10:25:33 +1100
From: Martin Thomson <mt@lowentropy.net>
To: dnsop@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/PVW2cIXXnzhmmpVS5AkIVKueDKI>
Subject: Re: [DNSOP] RDBD (Related Domains By DNS)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 23:25:56 -0000

On Wed, Mar 4, 2020, at 06:11, Brotman, Alex wrote:
> https://datatracker.ietf.org/doc/draft-brotman-rdbd/

As I think I mentioned before, there is similar work going on at higher layers of the stack.  See https://github.com/krgovind/first-party-sets

That work acknowledges a number of things, most critically what policy decisions might be made as a result of these declarations.  The policies that are bound to these declarations could determine the shape of the design.

In that work, the question of whether declarations can be trusted has turned out to be a massive problem.  The relevant policy being contemplated is the sharing of Web state (e.g., cookies).  In that context, there are incentive structures in place that lead to the strong possibility that some entities would willingly declare a "relationship" with others just to circumvent certain aspects of applicable policies.  That in turn means that the design of the system has to take this style of abuse into account.

To me, that indicates that knowing something about the policies that would be applied is not incidental to the work.

Separately, it appears as though there is no ready means of disavowal other than expiration of the records.  Having a means for repudiation of declarations would be good.

v2.23.0 | Report a Bug | By Email