IETF Logo Mail Archive

Re: [Doh] New Privacy Considerations Section Proposal

Howard Chu <hyc@symas.com> Thu, 21 June 2018 11:22 UTC

Return-Path: <hyc@symas.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D62A6131221 for <doh@ietfa.amsl.com>; Thu, 21 Jun 2018 04:22:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id um2y9ulkrllr for <doh@ietfa.amsl.com>; Thu, 21 Jun 2018 04:22:05 -0700 (PDT)
Received: from zmcc-5-mx.zmailcloud.com (zmcc-5-mx.zmailcloud.com [52.201.171.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C22131245 for <doh@ietf.org>; Thu, 21 Jun 2018 04:22:05 -0700 (PDT)
Received: from zmcc-5-mta-1.zmailcloud.com (zmcc-5-mta-1.zmailcloud.com [104.197.37.127]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by zmcc-5-mx.zmailcloud.com (Postfix) with ESMTPS id EB4B9405D5; Thu, 21 Jun 2018 06:31:03 -0500 (CDT)
Received: from zmcc-5-mta-1.zmailcloud.com (localhost [127.0.0.1]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTPS id A3800C08EC; Thu, 21 Jun 2018 06:22:04 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id 957E8C04A9; Thu, 21 Jun 2018 06:22:04 -0500 (CDT)
X-Virus-Scanned: amavisd-new at zmcc-5-mta-1.zmailcloud.com
Received: from zmcc-5-mta-1.zmailcloud.com ([127.0.0.1]) by localhost (zmcc-5-mta-1.zmailcloud.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id caskUp35npw1; Thu, 21 Jun 2018 06:22:04 -0500 (CDT)
Received: from [192.168.1.204] (unknown [83.136.45.97]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTPSA id AEA2CC08F0; Thu, 21 Jun 2018 06:22:03 -0500 (CDT)
To: Adam Roach <adam@nostrum.com>, Patrick McManus <pmcmanus@mozilla.com>, Ted Hardie <ted.ietf@gmail.com>
Cc: DoH WG <doh@ietf.org>
References: <CAOdDvNpY4NpvSKW_D__jztDD_wkaRsJna9L+Br+hdnDnQ8w5SQ@mail.gmail.com> <CA+9kkMDt03Uv6UvtZw=mvo=+6dprGqUDMkC7Ef6bd=kb6vX_Fg@mail.gmail.com> <CAOdDvNrjZu-q63DUhNjf7fYjNux2ewv4DTZkGPvFRrGfBBJFMA@mail.gmail.com> <c67dc5cb-f6a5-4352-da59-71c4bb9ff98b@nostrum.com>
From: Howard Chu <hyc@symas.com>
Message-ID: <fc01b1ca-c0ca-88af-abf4-5fcfc1d954a3@symas.com>
Date: Thu, 21 Jun 2018 12:22:01 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0 SeaMonkey/2.53a1
MIME-Version: 1.0
In-Reply-To: <c67dc5cb-f6a5-4352-da59-71c4bb9ff98b@nostrum.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/6n0Wl0mZ_UA4xkLQBku_mLgojk8>
Subject: Re: [Doh] New Privacy Considerations Section Proposal
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 11:22:19 -0000

Adam Roach wrote:
> [as an individual]
> 
> I agree with Patrick's analysis here, and think the proposed text (plus the 
> "minimal set of data" statement below) is likely to serve the purpose well. In 
> particular, I agree with Patrick that the various features that have been 
> cited so far each serve a useful purpose, and that such purposes may have a 
> place in DoH deployments. Giving implementors a heads up about the privacy 
> trade-offs seems appropriate. Mandating (MUST or SHOULD) that DoH runs over a 
> minimal profile of HTTP seems to remove several of the advantages of using 
> HTTP at all.

That's overstating things. It seems the primary benefit is being able to hide 
DoH traffic within standard HTTPS traffic, making it more difficult to filter 
out at firewalls. That benefit remains, even if barebones HTTP requests are used.

>> On Wed, Jun 20, 2018 at 6:14 PM, Ted Hardie <ted.ietf@gmail.com 
>> <mailto:ted.ietf@gmail.com>> wrote:
>>
>>     Repeating the comment I made at Github:
>>
>>     Is there a reason not to make a recommendation for the case of a
>>     DOH-only service? The current text says:
>>
>>     Implementations of DoH clients and servers need to consider the benefit
>>     and privacy impact of all these features, and their deployment context,
>>     when deciding whether or not to enable them.
>>
>>     Would you consider a recommendation like "For DOH clients which do not
>>     intermingle DOH requests with other HTTP suppression of these headers
>>     and other potentially identifying headers is an appropriate data
>>     minimization strategy."?

I would expect this to be the common case - most of the time, clients' HTTP(s) 
traffic will be to a wide variety of web servers, but only a single DNS/DoH 
server. And that particular DNS/DoH server is unlikely to be serving any 
interesting web pages for any clients. As such, the frequency of intermingled 
connections should be low-to-zero.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

v2.23.0 | Report a Bug | By Email