Re: [Doh] New Privacy Considerations Section Proposal

[Patrick McManus <pmcmanus@mozilla.com>]

On Thu, Jun 21, 2018 at 7:08 AM, nusenu <nusenu-lists@riseup.net> wrote:

>
>
> So because a comprehensive treatment is hard and obviously not the primary
> goal of the
> document a comparative statement of the privacy implications of DoH wrt
> other DNS protocols
> from Sara's text is no longer mentioned at all?
>
>
I feel like it is absolutely mentioned!

The text makes clear that issues arise at the IP, TCP, TLS, and HTTPS
layers.

UDP-based DNS suffers from IP issues, TCP-based DNS suffers from TCP and IP
based issues, DNS over TLS suffers from IP, TCP, and TLS  based issues, and
DoH adds HTTP issues to the mix. The DoH spec is going to focus on DoH.. if
another document would like to comprehensively discuss all of this that's
fine by me but its not practical to do here.

I'll add a small clarifying bit to the text for people to try out - but
this is already most of the text.


> I'd like to understand the reasoning for NOT including specific privacy
> friendly
> recommendations in the document, because currently the document mentions
>

DoH uses and requires HTTP but does not redefine it. DoH is not a mere
tunnel for DNS and applications should leverage what features fit their
needs. The specification(s) for those features are where you need to look
to make a decision or you turn things over to a library.

the high level issues but doesn't give specific advise on what to do about
> it
> - the implementors are basically on their own -
>

this is non-normative considerations text - it is highlighting what you
need to consider. The primary consideration is that you are now in the HTTP
ecosystem. A couple other messages have asked to highlight that the HTTP
ecosystem is different than the DNS ecosystem and I'm fine with including
that.