Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertola-bcp-doh-clients

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 14 March 2019 01:18 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78750124B19; Wed, 13 Mar 2019 18:18:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vb-FDKVv-Uaa; Wed, 13 Mar 2019 18:17:59 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAE06124184; Wed, 13 Mar 2019 18:17:58 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id D71A7BEB5; Thu, 14 Mar 2019 01:17:55 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MSVgF1jf-Nil; Thu, 14 Mar 2019 01:17:54 +0000 (GMT)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D4068BEAF; Thu, 14 Mar 2019 01:17:53 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1552526274; bh=9B90PJeS+V3ymSM5zgfJgDDZXvTNiz1NFGhzKaVzSa0=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=cSm5XC8YXnvaM+UkMP+NNI+6M08P8e1weUC2oAzp+t5dz1Mz5+1vIKtYZiSPoZbk+ Q2e02W8EvOFhJLVKb0COOot/IWK2HiRuq2hTtGa8vG5H25BuBkau99YlLWGe/J0qi1 TrpCBAOpL3f6IaSqiENUW2um56yQp3aceBicYILs=
To: Michael Sinatra <michael@brokendns.net>, Brian Dickson <brian.peter.dickson@gmail.com>, Christian Huitema <huitema@huitema.net>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>, "Livingood, Jason" <Jason_Livingood@comcast.com>, "doh@ietf.org" <doh@ietf.org>
References: <1700920918.12557.1552229700654@appsuite.open-xchange.com> <76386691-c1aa-c48a-9b0d-67eb36a08a4f@redbarn.org> <CABcZeBOWM0Ps-j3V-CK6VPy0LAqeo7-t7odUZy+dk9d-oCSDsg@mail.gmail.com> <4935758.NkxX2Kjbm0@linux-9daj> <c2c2be47-0855-a9d1-dd53-2404edf4d02b@huitema.net> <807193999.19916.1552445819087@appsuite.open-xchange.com> <9e40ac38-fa10-bbdc-1bfc-302e0ca170df@huitema.net> <C72A7196-98CF-40DC-84C7-DA95BADD24B8@cable.comcast.com> <b52e7891-da9f-6972-fc42-bf3aeea0a10f@huitema.net> <CAH1iCioc7xbMRnfzukFNK+RE7ScFru8xEk32F=XbR0Mo+E371w@mail.gmail.com> <e1d74ebd-0a63-700f-f032-faaeeef73993@cs.tcd.ie> <ee21337b-65dc-7e81-2f2c-c1a7dec9440f@brokendns.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <d118ab72-3b6f-32bb-1286-a716ce89171b@cs.tcd.ie>
Date: Thu, 14 Mar 2019 01:17:52 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <ee21337b-65dc-7e81-2f2c-c1a7dec9440f@brokendns.net>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="AQiG63CuxyXjEnWUkuI0aG8Tzp9MSVaSa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/9kWf8iZvHpsUTiZlaBo0pZHEz6Y>
Subject: Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertola-bcp-doh-clients
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 01:18:02 -0000

Hi,

On 14/03/2019 00:07, Michael Sinatra wrote:
> On 3/13/19 1:43 PM, Stephen Farrell wrote:
>>
>> (dropping dprive list at WG chair request)
>>
>> Hiya,
>>
>> On 13/03/2019 20:29, Brian Dickson wrote:
>>> The starting place for the conversation needs to acknowledge this, and
>>> accommodate it. It is entirely possible that a DoH client that doesn't do a
>>> minimum level of getting user acknowledgement before violating policies,
>>> laws, or contracts, might itself be illegal in some jurisdictions
>>> (jurisdictions that could include some US states, some western countries,
>>> some larger entities like EU, etc.).
>>
>> I almost agreed with you that people need to ack others'
>> priorities. But the above means I can't agree with your
>> mail as "might be illegal" is vastly overstated, there
>> being no relevant difference between DoT and DoH clients
>> in this respect. 
> 
> I believe that the issue of protocol obfuscation that I mentioned
> earlier in the draft-reid-doh-operator thread[1] is a relevant difference.

I do not believe that is relevant to the claim I was disputing
which was essentially that somehow DoH "might be illegal."

If you think your point above is relevant, please consider Tor,
whose major funder is (or historically was) a government and
which is not illegal as far as I know (in many places). And VPNs
too (but only the good ones:-).

> There is another technical issue, and that surrounds the question of who
> is the user and what capabilities does the user have to manage their
> devices.  This has been touched upon with the discussion on opt-in vs.
> default and with Paul's discussion of data exfiltration.
> 
> In my home, I have an "Internet-capable" washing machine.  Of course my
> "smart" TV wants to be on the Internet.  My Foobot *must* be on the
> Internet just so I can monitor the air quality in my own home.  I don't
> want the washer on the Internet at all, and for some of the other
> devices, I want to control what they do on my home network.  With
> embedded and "IoT" devices, there may be limitations on how I--as the
> user--can control them.  There may be hard-coded defaults that are
> difficult to change (and yet have a way of easily resetting themselves
> to "factory default").  Leaving aside for now the issue of licensing
> Ts&Cs, I--as the user--may want to have more *technical* control over
> the devices than their vendor is willing to give me.  One way I can
> assert that control is via the network.  On my home network, I am one of
> the users and I am also the network admin.  I want to assert control
> over the devices for which *I* am the user, but the people who designed
> them didn't give them sufficient knobs for me to do this on the device.
> 
> Another word for software which does things on the network outside of
> the user's control is "malware," whether it is legitimate or not, and I
> realize it predates DoH.  But DoH legitimizes protocol obfuscation at
> the network layer and makes it potentially harder for me to control the
> devices for which I am the user.  So if the goal is to give users more
> control, I'd assert that DoH, at best, works both ways.
Those seem like unrelated (and repetitive) points, except for your
attempt to try equate (I assume) a browser using DoH with malware.
That's the kind of overblown statement that detracts from any other
reasonable points you may make (for me at least).

I do agree that knowledgeable network owners, especially home network
owners, ought be able to exercise control over the networks they own.
I'm perfectly fine to do that in my home network and have no fear of
DoH at all - I'm well used to turning off, working around or living
with what I consider crappy features of browsers (e.g. cookies, JS)
and other tech artefacts. DoH at least has some upsides if it gets
implemented properly.

I don't personally know how to properly and fairly handle such issues
for network owners who quite reasonably don't know anything about the
tech. ISTM that (to date) we've all contributed to failing such network
owners. DoH is nothing special in that respect, nor is RPZ and nor are
many other technologies we've developed.

From my POV, the only thing I hear about DoH that's new(-ish) is a fear
that browsers will turn it on by default in a silly manner, with some
negative but not world-shattering consequences for folks who have a
quite reasonable interest in existing DNS-based technologies and
services.

(Well, that and I've a continuing concern that somehow DoH might end
up enabling web-severs succeed at drive-by attacks on client DNS
caches if someone does some really stupid implementation stuff. But
everyone keeps telling me that'll be ok;-)

Cheers,
S.

> 
> michael
> 
> [1] https://mailarchive.ietf.org/arch/msg/dnsop/Qole4yY0q_-psyrvWabaRAD8_Vc
>