IETF Logo Mail Archive

Re: [Doh] Privacy Considerations Text (#2)

Sara Dickinson <sara@sinodun.com> Tue, 26 June 2018 16:50 UTC

Return-Path: <sara@sinodun.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1E2313111F for <doh@ietfa.amsl.com>; Tue, 26 Jun 2018 09:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oqFbUdn3cuQl for <doh@ietfa.amsl.com>; Tue, 26 Jun 2018 09:50:39 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5A35131115 for <doh@ietf.org>; Tue, 26 Jun 2018 09:50:38 -0700 (PDT)
Received: from [2001:b98:204:102:fffa::409] (port=55553) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <sara@sinodun.com>) id 1fXrAn-0002Ep-AK; Tue, 26 Jun 2018 17:50:37 +0100
From: Sara Dickinson <sara@sinodun.com>
Message-Id: <2BA95ED9-629A-44CD-A91E-0176F171D4E3@sinodun.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E40D5A11-374A-444B-834C-36507CEA3673"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Date: Tue, 26 Jun 2018 17:50:30 +0100
In-Reply-To: <CAOdDvNqWjE22Uss6ZWhtZgg9LZw1dSRCOxsU9C1UqwaMS0vx7w@mail.gmail.com>
Cc: DoH WG <doh@ietf.org>
To: Patrick McManus <pmcmanus@mozilla.com>
References: <CAOdDvNpGSw6SP6COgJuJR_y2i1BjPWy3_i14vCYUP3jq6=zGuQ@mail.gmail.com> <0c003af5-6258-6de5-fdaf-161402c60b4d@riseup.net> <DAE6BABB-668E-4AAA-9BAC-4CFEADB2358D@sinodun.com> <CAOdDvNqWjE22Uss6ZWhtZgg9LZw1dSRCOxsU9C1UqwaMS0vx7w@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.8.2)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/6ghm8ky-rIRZSggKAYB0vcUuvW8>
Subject: Re: [Doh] Privacy Considerations Text (#2)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jun 2018 16:51:00 -0000


> On 26 Jun 2018, at 00:40, Patrick McManus <pmcmanus@mozilla.com> wrote:
> 
> Hi Sara,

> 
> Using HTTPS as a transport therefore introduces
> + new privacy concerns over DNS over UDP, TCP or TLS (RFC7858) with regard to
> + additional data that may be visible to a DoH server compared to a DNS resolver.
> 
> 
> I do agree that HTTP adds additional considerations, which is what the existing text describes. But I don't agree with this sentence which, significantly through the use of therefore, indicates HTTPS has client identifiers and other transports do not.

Thats a pretty defensive reading of this given the 3 paragraphs that precede it… it is intended to illustrate that the delta from DNS-over-UDP/TCP/TLS to DoH introduces _additional_ transport client identifiers, which it does. 

> 
> The previous several paragraphs have enumerated client identifiers also present in IP (therefore UDP), TCP, and TLS. Everything that transports wireformat.
> 
> What if, instead, we add a new first paragraph to the "In the server" section along the lines of
> 
> "The original DNS wireformat contains no client identifiers, however various transports of the DNS wireformat do provide data that can be used for request correlation. HTTPS presents new considerations for correlation ranging from explicit HTTP cookies to implicit fingerprinting of the unique set and ordering of request headers.”

But I can live with this suggested text… we could say ‘standard’ (at the time or writing) here because RFC7871 (EDNS Client Subnet) is actually only an Informational RFC and ‘original’ could be read to imply there are later identifiers defined. 

> 
>  
> + ### HTTP Specific considerations (#HTTPconsiderations)
> 
> 
> I think this is largely what the paragraph that begins "The DoH protocol design allows applications to fully leverage.." is conveying. Maybe it can move towards what you are thinking.. wdyt of:
> 
> 
> The DoH protocol design allows applications to fully leverage the HTTP
> ecosystem, including features not enumerated here. Utilizing the full
> set of HTTP features enables DoH to be more than an HTTP tunnel, but
> also opens implementations up to the full set of privacy
> considerations of HTTP.

I’d like to see this say ‘at the cost of opening up implementations to the..’ to fully recognise the trade off but otherwise I think we are as converged as we are ever going to be :-) 

Thanks

Sara.

v2.23.0 | Report a Bug | By Email