Re: [Doh] WG Review: DNS Over HTTPS (doh)
Martin Thomson <martin.thomson@gmail.com> Tue, 26 September 2017 00:04 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5732813460B; Mon, 25 Sep 2017 17:04:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9hNeRrqnWw7D; Mon, 25 Sep 2017 17:04:41 -0700 (PDT)
Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C8551321A4; Mon, 25 Sep 2017 17:04:41 -0700 (PDT)
Received: by mail-oi0-x232.google.com with SMTP id p126so9525049oih.9; Mon, 25 Sep 2017 17:04:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YB3Mxff3Xe+mwMDRNK9zF7+etaTBlJgTNocN/YkZa/Y=; b=BXUEGNDkmCFcOFQYEnXth6zYMQE0aBRZ8S9GsHK8eOqtUMwzwzTqux/4scJZSA2pT+ Ou0waBu5FNQjPMcXV4vOXWIgDK11T7zQGSwnsQCqYLBz3L9efP2hnYNh8SFhRtlRBLDN IuDN6m4jwKZdNbgzGIFaSxlsscAFW0XaIj3g0Njn1L5rsOUaqTZ1s9okYs0abU7r0ASN 8/j79CgAdEG3WmrtY1tU+x2g5p3deHE255CF2mcwWEAksld1kzV5vv7Np8ZpAPeRUBDH zDIUgUI3r1wcZ9U6mFfffXcET6TxtbmRXpfDe7hQcOJzWJxDuiV4/73SwCrfKGHV7u5E XfBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YB3Mxff3Xe+mwMDRNK9zF7+etaTBlJgTNocN/YkZa/Y=; b=DA5LH1h9SQd4yKCvUYLJCoLEvQzVATmL6LRg2rDPnw1xCW41UKwqN2FeZAL5DcvDas aQIE0NjzX6woL+mr4pylyOPq77m9cQNm/6W/49zr07yqqzXUQRpljnGHTbp1znrpchHw sLwXQK8o2ZCqyg+9JWHLGglzSxGANu3O5W7T8eqqX9ECwIf8abfI1jZ7eCZUHrjXSVYi Tx+Ca0+Pxla/SFFrp8o6blqISo0o8782/X2bZYjKoGkgjdDjTRSITW9d/6DFnE/8Odn8 iTBW3XWjg7tDANP0T7SjeRxlu0vttQWHE10/JBcNu++Zrxj0mqzuYo7F8+9SLB5cQ5wp qGGg==
X-Gm-Message-State: AHPjjUhpqQGw0dTZCg1vNDGFkyfkcTj3qbhpyOy0xcpHyHhWf4GtK8ZO TyNFxlEcCUEv+nINhg58nho1K1/mywRhd+5Wa/g=
X-Google-Smtp-Source: AOwi7QBPMWR8SmZYsvxsbw50zGoMB9/gZIc37I9QYs4duL5y3IQCCYAVgn/fL/VVABkRZ1O8AvxYQ95EQ4iSGKUJrTQ=
X-Received: by 10.202.170.204 with SMTP id t195mr10954098oie.277.1506384280932; Mon, 25 Sep 2017 17:04:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.0.38 with HTTP; Mon, 25 Sep 2017 17:04:39 -0700 (PDT)
In-Reply-To: <09eeb83b-ca78-bcbc-386e-c87eb82064b7@cs.tcd.ie>
References: <150549029332.2975.12341647131707994474.idtracker@ietfa.amsl.com> <CA+9kkMBJAP23GmGf_ix-DMeOMB=Rbas+qsBQhrVwZuA5-Cv7Mg@mail.gmail.com> <03b11478-6b75-8e52-e6d9-612885804aad@nostrum.com> <CA+9kkMA1z8XF7QNXdY_bGbHdUD8UOBS57VbbJn7xmt7rb8SOGw@mail.gmail.com> <2861b0eb-2486-9ba2-0b48-48293d758f03@cs.tcd.ie> <06c81edd-9f11-616f-e549-06fb180564a4@nostrum.com> <09eeb83b-ca78-bcbc-386e-c87eb82064b7@cs.tcd.ie>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 26 Sep 2017 10:04:39 +1000
Message-ID: <CABkgnnVhFEYQpoLNLr9z6SceJ=X=jyF3XgvBwZs4AyrE9X3A+A@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Adam Roach <adam@nostrum.com>, Ted Hardie <ted.ietf@gmail.com>, doh@ietf.org, IETF <ietf@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/KDYdIYnL6ZbKOhnEDzogsltCneo>
Subject: Re: [Doh] WG Review: DNS Over HTTPS (doh)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2017 00:04:43 -0000
On Tue, Sep 26, 2017 at 9:49 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > On 26/09/17 00:38, Adam Roach wrote: >>> The Working Group will analyze the security and privacy issues that could >>> arise from accessing DNS over HTTPS. In particular, the Working Group >>> will >>> ensure that access to DNS information from a JavaScript context will >>> not have >>> adverse impact on the host operating system's DNS cache. The manner in >>> which >>> such analysis is performed will be decided by the working group. >> > > I'd be just about ok with that. My problems with your rephrasing > are: > > - I'm not sure the WG can "ensure" a lack of adverse impact, so > why make it a requirement, if it's not possible? > > - Pollution of the OS's cache may not be the only bad thing that > can happen, so that needs to be an example. > > - I'm fine that a WG decide how to document stuff, but saying > they can decide the manner in which such analysis is performed > seems to me like you could drive a giant cart and horses- > galore through that loophole, and that phrasing seems to > nearly invite that, and I've seen WGs do just that kind of > thing. I'd like that you or some other AD could ask to be > pointed at the analysis results and for those to at minimum > need a WG-list thread, so saying "do the work, document it > however you like" seems like a better plan to me. How about just: The Working Group will analyze the security and privacy issues that could arise from accessing DNS over HTTPS. In particular, the Working Group will consider the interaction of DNS and HTTP caching. I don't think that we need the JS piece in there. There are special concerns there, but I think that we're all enough aware of those concerns that we can reach a conclusion of sorts in the working group.
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Cullen Jennings
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- [Doh] WG Review: DNS Over HTTPS (doh) The IESG
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Spencer Dawkins at IETF
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Patrick McManus
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Tim Wicinski
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] [Ext] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] [Ext] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] [Ext] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ask Bjørn Hansen
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ask Bjørn Hansen
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Magnus Westerlund
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Toerless Eckert
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Toerless Eckert
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Toerless Eckert
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Tony Finch
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Patrick McManus
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Warren Kumari
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Warren Kumari
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Martin Thomson
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Martin Thomson
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Patrick McManus