Re: [DNSOP] EDNS0 clientID is a wider-internet question
Paul Wouters <paul@nohats.ca> Tue, 25 July 2017 08:22 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9248F127978 for <dnsop@ietfa.amsl.com>; Tue, 25 Jul 2017 01:22:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BD_2kshX1dcD for <dnsop@ietfa.amsl.com>; Tue, 25 Jul 2017 01:22:34 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F6BB1200F3 for <dnsop@ietf.org>; Tue, 25 Jul 2017 01:22:34 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3xGrnz2PHxz3Nr for <dnsop@ietf.org>; Tue, 25 Jul 2017 10:22:31 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1500970951; bh=7/+pvcqn6OkN+ivsLEyd7tqp201lOkodNHBzXcFSvRk=; h=Date:From:To:Subject:In-Reply-To:References; b=aw6/YU0++smls2ZCNnqWzuwghxbSzzBV+LGEPVZ2sPyXyEYi3E4vX9ldGeMgBzWE2 fF7mtcsnDJ/wZGUdl1K1rF1unUe9xd6mP0e8H2EFc/hxDh1BJUebxbAja/ojn1hU9n kmQ32ALD7UqAJNeASqfEgPfXG3/QGfEdWUxBgo4g=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id jPd6vxl0lXQt for <dnsop@ietf.org>; Tue, 25 Jul 2017 10:22:30 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <dnsop@ietf.org>; Tue, 25 Jul 2017 10:22:29 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id C8B9630AFA2; Tue, 25 Jul 2017 04:22:28 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca C8B9630AFA2
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id B1FF240D3592 for <dnsop@ietf.org>; Tue, 25 Jul 2017 04:22:28 -0400 (EDT)
Date: Tue, 25 Jul 2017 04:22:28 -0400
From: Paul Wouters <paul@nohats.ca>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <5976FC55.10301@redbarn.org>
Message-ID: <alpine.LRH.2.21.1707250412390.19091@bofh.nohats.ca>
References: <CAKr6gn1mZ7VTfM_wtpFX-G95wg-bWRA_YciZScFvr-YX8eYdWg@mail.gmail.com> <CAPt1N1nutxneiZg1JR90O5vRXVs+0WHvRtHpwCRyn4bXpf6g4A@mail.gmail.com> <CAL9jLaZrsiGZUPJzT1bZG-K2mTt3wP=x05-_Qp=rRh8uaBjS4g@mail.gmail.com> <5D73941C-B108-4A14-AEE5-7A28BCA94373@nohats.ca> <8d27cf2a-a883-7186-11bb-eeacd0bce68c@eff.org> <5976FC55.10301@redbarn.org>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bIYsjt-R1RXvsibHeYdDLGMNrSg>
Subject: Re: [DNSOP] EDNS0 clientID is a wider-internet question
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2017 08:22:35 -0000
On Tue, 25 Jul 2017, Paul Vixie wrote: > users believe that the recursive name server operator has aligned interests, > and for that reason one shouldn't say "it's easy to bypass" but rather > "end-user cooperation is required." So if 8.8.8.8 and your local ISP's nameserver do this to track you, what choice does an average enduser have? > this is about CDN. as in, how to decide which address record set to give > a dns client, given that all you know is the recursive server address, > yet you're trying to implement policy for an expected tcp session that > might immediately follow. This draft, unlike ECS, is about pinning individual users and tracking them. You saying this is needed for an optimized CDN based TCP stream is not fairly covering the use case of gathering PII. Because this option trasmits information that is meant to identify specific clients You should really have said "This draft attempts to link the DNS query to the individual TCP stream following to identify the specific user, to then apply specific filtering/censoring/protecting policies to the identified individual users (eg children, dissidents) for their own good". If you just wanted CDN optimalization, the ISP recursive server could simply use ECS. Paul
- [DNSOP] EDNS0 clientID is a wider-internet questi… George Michaelson
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Ted Lemon
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Suzanne Woolf
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Robert Edmonds
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Christopher Morrow
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Paul Wouters
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Paul Wouters
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Jacob Hoffman-Andrews
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Paul Vixie
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Ted Lemon
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Christopher Morrow
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Christopher Morrow
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Barry Raveendran Greene
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Jacob Hoffman-Andrews
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Paul Vixie
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Robert Edmonds
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Barry Raveendran Greene
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Paul Vixie
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Robert Edmonds
- Re: [DNSOP] EDNS0 clientID is a wider-internet qu… Paul Vixie