Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-reid-doh-operator

"Winfield, Alister" <Alister.Winfield@sky.uk> Fri, 22 March 2019 10:15 UTC

Return-Path: <Alister.Winfield@sky.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE485130DE7; Fri, 22 Mar 2019 03:15:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sky.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZ-f59Pcdyjx; Fri, 22 Mar 2019 03:15:27 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00052.outbound.protection.outlook.com [40.107.0.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A80E1277CE; Fri, 22 Mar 2019 03:15:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HxVBawOSphV6gw0FQy193+CJyd9FujnQxLyeUxQaA0M=; b=YmfQbXNZpPSZmWBoKXs80T6zIZjMz6NC2LU/uszqYw9p4MSyAz/8sO8DPMBjfdRgeP1HQr69F0Y/CbeI1ujqK7geDF9oVnXVFJzcHcGRfHNR8DDPI+LDsKcH/5z70FkN4yOjTAnyEUJfnLIv5ozfQlEdWceLvcaJa2IbjwfpMiE=
Received: from DB6PR0601MB2184.eurprd06.prod.outlook.com (10.168.51.153) by DB6PR0601MB2600.eurprd06.prod.outlook.com (10.168.81.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.18; Fri, 22 Mar 2019 10:15:24 +0000
Received: from DB6PR0601MB2184.eurprd06.prod.outlook.com ([fe80::5cb7:e589:692e:7d93]) by DB6PR0601MB2184.eurprd06.prod.outlook.com ([fe80::5cb7:e589:692e:7d93%9]) with mapi id 15.20.1709.015; Fri, 22 Mar 2019 10:15:24 +0000
From: "Winfield, Alister" <Alister.Winfield@sky.uk>
To: "sthaug@nethelp.no" <sthaug@nethelp.no>, Eric Rescorla <ekr@rtfm.com>
CC: "wjhns1@hardakers.net" <wjhns1@hardakers.net>, "dnsop@ietf.org" <dnsop@ietf.org>, "doh@ietf.org" <doh@ietf.org>, "huitema@huitema.net" <huitema@huitema.net>, "vittorio.bertola=40open-xchange.com@dmarc.ietf.org" <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Thread-Topic: [EXTERNAL] Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator
Thread-Index: AQHU4I/VE8PoA/cXcUq2YgtFmtL6X6YXbzKA
Date: Fri, 22 Mar 2019 10:15:23 +0000
Message-ID: <32A78B0C-52B6-46E5-A46F-D63D21DEC52C@sky.uk>
References: <04C556AF-D3B3-41A5-B119-8FE5F81FB9A7@huitema.net> <1878722055.8877.1553241201213@appsuite.open-xchange.com> <CABcZeBPmpN-cEPK92QQW3bkvc41Cx5g7B_YuUXCJK3j1qF995Q@mail.gmail.com> <20190322.101434.307385973.sthaug@nethelp.no>
In-Reply-To: <20190322.101434.307385973.sthaug@nethelp.no>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.17.0.190309
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alister.Winfield@sky.uk;
x-originating-ip: [90.216.150.239]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9fda620d-dcdf-4e41-d2d2-08d6aeaf4c38
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:DB6PR0601MB2600;
x-ms-traffictypediagnostic: DB6PR0601MB2600:
x-microsoft-antispam-prvs: <DB6PR0601MB26000591DB055ECFA9725325E3430@DB6PR0601MB2600.eurprd06.prod.outlook.com>
x-forefront-prvs: 09840A4839
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(136003)(366004)(376002)(346002)(199004)(189003)(8936002)(6506007)(81166006)(229853002)(81156014)(8676002)(74482002)(305945005)(33656002)(97736004)(106356001)(14444005)(5024004)(105586002)(256004)(3846002)(4326008)(72206003)(6116002)(14454004)(7736002)(102836004)(478600001)(5660300002)(53936002)(476003)(26005)(2906002)(6512007)(76176011)(68736007)(486006)(316002)(99286004)(25786009)(36756003)(66066001)(82746002)(186003)(2501003)(71190400001)(54906003)(71200400001)(6246003)(6486002)(93886005)(11346002)(86362001)(446003)(83716004)(2616005)(58126008)(6436002)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0601MB2600; H:DB6PR0601MB2184.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: sky.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 01Fd8tZLF4VI9EEIaoBnGWqIu0KCpJXA8yGWRxZegC3cEbWu9YEsHajNcTp4pRIfl02NQx3Pp/QTTDoMNwTk9I83RVDnUPS/uYv0CnuWKUyNRO74RDYKdIyUv1Yt1s/PQm7oCqi40ZoNgk0+6SbFXNCaA+plscH/14d5PBJGgfWNLcukFwf4+QT7WXIB+uqIL2/MknHadS/hDsPpBhMIOi8e+LXWTm2eQedr8b9iPKukErk4FlZdMCazvgAcLgxzZxW6hFn8sNlVX4UvRQ5bai8IhS6Axs4sAk8kEE1sxGPZHgWwW2Xvco2K0FvyeEgx2ZCFHWUsxA+Z2o3oYnVYfrAvZWJyo4zfBGOjzz2bzoANfbVb9S+0Dq23ZgBIp5oPC/iTORZGXuY81E9bOTPd5xgdUGcrCipg/6wq/mxdyNY=
Content-Type: text/plain; charset="utf-8"
Content-ID: <57CC57CEE3C5894DB698F350C089EE8C@eurprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sky.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 9fda620d-dcdf-4e41-d2d2-08d6aeaf4c38
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2019 10:15:23.9815 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0601MB2600
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/fWk582pI2rYawl3UQy86f2R96_E>
Subject: Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 10:15:30 -0000

Okay sorry perhaps I should put it differently...

Don't overplay the privacy provided by DoH it has no effect on the DNS provider so any hint of 'privacy' should be caveated by stating its only as private as the company and country in which that company is founded, and where it operates servers. This is where the clients behaviour is of interest. If it chooses a company's service without giving the user an explicit choice its potentially setting it to be less 'private' than the local providers DNS.  This is particularly true in the EU and countries that have strong data protection laws.

Note, I'm not actually anti-DoH. I, however,  don't want it oversold, nor do I want the implementation to ignore real impacts and risks. I include here the risk of unintended consequences many of which will end up making the 'bad' you are trying to fix worse than it is now.

Alister

PS: I know that people use google et al already for DNS. This, however, is a protocol that places privacy front and centre, so it's much more important that clients are clear about what privacy its providing and what privacy it can't provide.

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD