Re: [Doh] New Privacy Considerations Section Proposal
Patrick McManus <pmcmanus@mozilla.com> Wed, 20 June 2018 23:03 UTC
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DE37130EDE for <doh@ietfa.amsl.com>; Wed, 20 Jun 2018 16:03:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zjbdnhz9Ops1 for <doh@ietfa.amsl.com>; Wed, 20 Jun 2018 16:03:18 -0700 (PDT)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id 4E851130F07 for <doh@ietf.org>; Wed, 20 Jun 2018 16:03:18 -0700 (PDT)
Received: from mail-ot0-f178.google.com (mail-ot0-f178.google.com [74.125.82.178]) by linode64.ducksong.com (Postfix) with ESMTPSA id E34B83A042 for <doh@ietf.org>; Wed, 20 Jun 2018 19:03:16 -0400 (EDT)
Received: by mail-ot0-f178.google.com with SMTP id l15-v6so1400870oth.6 for <doh@ietf.org>; Wed, 20 Jun 2018 16:03:16 -0700 (PDT)
X-Gm-Message-State: APt69E3NjOzwc5OtLhS+SfX9spxNnm28pFxU8mxq5N0tGRDpfwCpy7Iz gZf4qdx4gR8ErI7J06Nrwz2GoGw6Wqhsj93hch0=
X-Google-Smtp-Source: ADUXVKIdx36L8qIhzrGSMuXuQUjaiKIPmKk/Rgu7KwBqVBnU6utNfT0ELaxsZjRZ/MANQBWGYP2gUFl339iRKJ0baGA=
X-Received: by 2002:a9d:1bd6:: with SMTP id v22-v6mr14943886otv.85.1529535796586; Wed, 20 Jun 2018 16:03:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4a:8a32:0:0:0:0:0 with HTTP; Wed, 20 Jun 2018 16:03:15 -0700 (PDT)
In-Reply-To: <CA+9kkMDt03Uv6UvtZw=mvo=+6dprGqUDMkC7Ef6bd=kb6vX_Fg@mail.gmail.com>
References: <CAOdDvNpY4NpvSKW_D__jztDD_wkaRsJna9L+Br+hdnDnQ8w5SQ@mail.gmail.com> <CA+9kkMDt03Uv6UvtZw=mvo=+6dprGqUDMkC7Ef6bd=kb6vX_Fg@mail.gmail.com>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Wed, 20 Jun 2018 19:03:15 -0400
X-Gmail-Original-Message-ID: <CAOdDvNrjZu-q63DUhNjf7fYjNux2ewv4DTZkGPvFRrGfBBJFMA@mail.gmail.com>
Message-ID: <CAOdDvNrjZu-q63DUhNjf7fYjNux2ewv4DTZkGPvFRrGfBBJFMA@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Patrick McManus <pmcmanus@mozilla.com>, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d3af34056f1acd00"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/190prGOljOiZX_q7JPvyHq5ByAs>
Subject: Re: [Doh] New Privacy Considerations Section Proposal
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2018 23:03:30 -0000
On Wed, Jun 20, 2018 at 6:14 PM, Ted Hardie <ted.ietf@gmail.com> wrote: > Repeating the comment I made at Github: > > Is there a reason not to make a recommendation for the case of a DOH-only > service? The current text says: > > Implementations of DoH clients and servers need to consider the benefit > and privacy impact of all these features, and their deployment context, > when deciding whether or not to enable them. > > Would you consider a recommendation like "For DOH clients which do not > intermingle DOH requests with other HTTP suppression of these headers and > other potentially identifying headers is an appropriate data minimization > strategy."? > > there are some practical problems there. Big picture you need to weigh the reasons these things get used in your implementation decisions. Its not like TLS didn't know they had built a tracker with session tickets, yet dprive recommended its use anyhow :) every http feature has a reason an implementation might want want it in doh. cookies can do useful things for auth. new compression algorithms (which create a fingerprint on introduction just as surely as UA does) enable better performance. etc.. UA strings have kept the web runinng, for good and bad, across many unanticipated bugs for many years.. I'm not saying those arguments win the day but its not really DoH's place to change the properties of HTTP. Alt-Service provides great load balancing and protocol evolution, but its basically a cache with a tracking implication too. It is an important goal of this work to leverage the HTTP ecosystem - stripping out all the HTTP parts and leaving a tunnel doesn't give it any value. The picture is also complicated by the end to end message semantics of http headers and how they interact with the hop to hop transport semantics of the client or server. i.e. the notion of intermingle is not e2e, but headers are. That's not really a driver, but something to keep in mind when considering the limitations of text. I'm more inclined in general to use words along the lines of "should use the minimal set of data that can achieve the desired feature set." if that's helpful, but I'm not eager to start working through individual design decisions.
- Re: [Doh] New Privacy Considerations Section Prop… Adam Roach
- Re: [Doh] New Privacy Considerations Section Prop… Adam Roach
- Re: [Doh] New Privacy Considerations Section Prop… Ted Hardie
- Re: [Doh] New Privacy Considerations Section Prop… Ted Hardie
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Sara Dickinson
- Re: [Doh] New Privacy Considerations Section Prop… Eric Rescorla
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Sara Dickinson
- Re: [Doh] New Privacy Considerations Section Prop… Sara Dickinson
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Howard Chu
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Howard Chu
- Re: [Doh] New Privacy Considerations Section Prop… Mateusz Jończyk
- Re: [Doh] New Privacy Considerations Section Prop… bert hubert
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Sara Dickinson
- Re: [Doh] New Privacy Considerations Section Prop… Daniel Stenberg
- Re: [Doh] New Privacy Considerations Section Prop… Howard Chu
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Hewitt, Rory
- Re: [Doh] New Privacy Considerations Section Prop… Adam Roach
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] [Ext] New Privacy Considerations Sectio… Ted Hardie
- Re: [Doh] [Ext] New Privacy Considerations Sectio… Paul Hoffman
- Re: [Doh] New Privacy Considerations Section Prop… Ted Hardie
- [Doh] New Privacy Considerations Section Proposal Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Loganaden Velvindron