Re: [Doh] Is privacy a DoH protocol goal? (was: some privacy ponderings wrt HTTPs and plain DNS)
"Hewitt, Rory" <rhewitt@akamai.com> Tue, 19 June 2018 15:46 UTC
Return-Path: <rhewitt@akamai.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 105A8130DE8 for <doh@ietfa.amsl.com>; Tue, 19 Jun 2018 08:46:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xzXkyKl2u7Lt for <doh@ietfa.amsl.com>; Tue, 19 Jun 2018 08:46:23 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6560130DC0 for <doh@ietf.org>; Tue, 19 Jun 2018 08:46:23 -0700 (PDT)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w5JFgKM2028403 for <doh@ietf.org>; Tue, 19 Jun 2018 16:46:22 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=Deo2iXA3bT9DNvMLTTeE2E3BXGIgVjEkfmXOdfgvPA8=; b=PvN/He5PthV9EZtHXAR2rtP8pfN287N0wxRtqmHAxIFVo0clnr6nkj7xPhN2ZUOeajfU 6dmtaWrvq/UuqCME9hxbDUjy0BYwsiJjjx8raJfb7xNDq80tvW/tkZlbo0Qu/10Aa8ED WtXJWIR7tQRjKjQg0KBmsf+LgHbeb+zd97IsR27BLGK1z7SQEIPiIZihSTtEoVlVL7Ux ckzxoQ1gxgci834PP6H6EZKLeL4mou+olIRnp2QSh+DJ83LMlNNHFmNr0bOlkzkzZg44 PAbVpK7961U5RmMa1dCfKWSYDSm9utHJrYwZIANpgl4ps+P9ufbzwIvBzqkvb9C6VydN Lg==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by mx0b-00190b01.pphosted.com with ESMTP id 2jpgqbjsj5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <doh@ietf.org>; Tue, 19 Jun 2018 16:46:22 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w5JFjicm000795 for <doh@ietf.org>; Tue, 19 Jun 2018 11:46:21 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.33]) by prod-mail-ppoint2.akamai.com with ESMTP id 2jmwvuhnpb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <doh@ietf.org>; Tue, 19 Jun 2018 11:46:20 -0400
Received: from USMA1EX-DAG1MB5.msg.corp.akamai.com (172.27.123.105) by usma1ex-dag3mb4.msg.corp.akamai.com (172.27.123.56) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 19 Jun 2018 08:46:13 -0700
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag1mb5.msg.corp.akamai.com (172.27.123.105) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Tue, 19 Jun 2018 11:46:12 -0400
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com ([172.27.123.103]) by usma1ex-dag1mb3.msg.corp.akamai.com ([172.27.123.103]) with mapi id 15.00.1365.000; Tue, 19 Jun 2018 11:46:12 -0400
From: "Hewitt, Rory" <rhewitt@akamai.com>
To: "doh@ietf.org" <doh@ietf.org>
Thread-Topic: [Doh] Is privacy a DoH protocol goal? (was: some privacy ponderings wrt HTTPs and plain DNS)
Thread-Index: AQHUB8l0SfbunJgsXEifuIV5kdxqMqRntuzw
Date: Tue, 19 Jun 2018 15:46:12 +0000
Message-ID: <21a7c2e1b9fc45e0990fd77dcc0c49cd@usma1ex-dag1mb3.msg.corp.akamai.com>
References: <82bf1799-1045-5e68-52e3-7d284e33c414@riseup.net>
In-Reply-To: <82bf1799-1045-5e68-52e3-7d284e33c414@riseup.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.112.246]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0117_01D407A9.F932F200"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-19_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806190176
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-19_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1805220000 definitions=main-1806190175
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/GXBJBq3wsVKrgJXyRYryIjVpbP0>
Subject: Re: [Doh] Is privacy a DoH protocol goal? (was: some privacy ponderings wrt HTTPs and plain DNS)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2018 15:46:26 -0000
Of course it depends on what you mean by 'privacy' versus 'security' versus...well, whatever. Personally I think privacy (as _I_ define it) is a goal of the members of the DoH WG and this mailing list in general, but not necessarily of DoH itself. That all being said, I'm not clear on whether this discussion belongs as part of drafting this spec. If we're not going to include REQUIREMENTS in the spec to limit e.g. which request headers can be sent to a DoH server (which we're not even considering, I hope!), then it seems to me that all this discussion boils down to whether we should include a non-normative section in the spec about "best practices". If that's the case, then two things are clear to me: a) the wording of such a section is relatively unimportant and should be as generic as possible, probably based off Bert Hubert's original bullet points b) it's probably simpler/better to provide references to one or more existing documents which discuss general privacy practices (if they exist) At any rate, I'd hate to see this discussion hold up a final draft. Thanks, Rory -----Original Message----- From: nusenu [mailto:nusenu-lists@riseup.net] Sent: Tuesday, June 19, 2018 5:31 AM To: doh@ietf.org Subject: [Doh] Is privacy a DoH protocol goal? (was: some privacy ponderings wrt HTTPs and plain DNS) (split from the original thread to clarify some general questions before talking about how specific issues could be addressed) > If you think User-Agent can be a problem, then you shouldn't use TLS > either. Privacy is about risk reduction there is no 100% safe solution. User-Agent strings are likely to be logged since many/most webserver configurations log it by default. Many operators might store that data even if they have no use for it or not even an intention to store it. I see a value in minimizing fingerprintability (and data collection) even if it doesn't make it impossible. It boils down to the following question: Is privacy a DoH protocol goal? If privacy is a DoH protocol goal: - Privacy against whom? - Your random eavesdropper on the wire? - Your eavesdropper + resolver? - if the resolver is in scope: sending a non-hardcoded user-agent is counter the protocol goal. - What are reasonable privacy expectations a user might have when using DoH? Note: It is not entirely clear to me if privacy is a DoH protocol goal since the word "privacy" does not appear in the current draft (11). Sara pointed to the relevant part in the charter: > The working group will analyze the security and privacy issues that > could arise from accessing DNS over HTTPS. I guess "analyze" doesn't include to mitigate privacy issues(?), but the document aims at giving a overview of what the privacy implications of doing DNS over HTTPS are? Is this a correct interpretation? If DoH's adversary model does not include the resolver: Lets make it clear that the resolver might be able to learn more and track DoH clients more than a current non-DoH resolver is able to track non-DoH clients due to all the privacy implications HTTP has and that people who's threat model includes the resolver might want to use other protocols that don't use HTTP? kind regards, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu > Sorry I remembered the old text. (It was once a "MUST" in the past.) > > But what are you expecting with a DoH protocol running over > HTTP/1.0? Nothing, I was merely pointing out that HTTP/2 is not required and clients do not require HTTP/2 for DoH as of the current draft (11). > When you look at the Client Hello packet, you will find different > browsers have different things in it. Even different versions of a > same browser are not identical. As far as I know, Chinese government > use this technique to block certain TLS protocols, including Tor and > OpenVPN. This is far far far more "plaintext fingerprintable" than a > User-Agent. I agree that TLS provides identifiers for fingerprintability, I disagree with "you shouldn't use TLS" because of it or 'we shouldn't care about user-agent strings since there are fingerprintability issues in TLS' > Additionally, detecting a server or a client's software version is > actually very easy. I knew there is a certain bug that can't handle > ECS headers well in a certain version of miekg/dns Go library. I > constructed a packet containing this certain header and sent it to > CloudFlare. They crashed and returned nothing. Now I knew > CloudFlare's DNS implementation was written in Go. And they even were > even using the old version! (I'm not sure about now.) The client side > is the same, as far as I know, miekg/dns has some difficulty > processing some Rcode values. > > To conclude: Hiding User-Agent does nothing to protect privacy. It is a well understood that user agent strings provide identifying bits for fingerprinting: https://panopticlick.eff.org/static/browser-uniqueness.pdf https://panopticlick.eff.org/about https://panopticlick.eff.org/ Our disagreement probably arises from non-matching threat models. That is the reason I like to have threat model definitions before discussing mitigations.