Re: [Doh] New Privacy Considerations Section Proposal
Adam Roach <adam@nostrum.com> Wed, 20 June 2018 23:54 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 433C8130E46 for <doh@ietfa.amsl.com>; Wed, 20 Jun 2018 16:54:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OhNheY9Xl5t7 for <doh@ietfa.amsl.com>; Wed, 20 Jun 2018 16:54:39 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBE12130E3D for <doh@ietf.org>; Wed, 20 Jun 2018 16:54:39 -0700 (PDT)
Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w5KNsaVQ053084 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 20 Jun 2018 18:54:38 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local
To: Patrick McManus <pmcmanus@mozilla.com>, Ted Hardie <ted.ietf@gmail.com>
Cc: DoH WG <doh@ietf.org>
References: <CAOdDvNpY4NpvSKW_D__jztDD_wkaRsJna9L+Br+hdnDnQ8w5SQ@mail.gmail.com> <CA+9kkMDt03Uv6UvtZw=mvo=+6dprGqUDMkC7Ef6bd=kb6vX_Fg@mail.gmail.com> <CAOdDvNrjZu-q63DUhNjf7fYjNux2ewv4DTZkGPvFRrGfBBJFMA@mail.gmail.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <c67dc5cb-f6a5-4352-da59-71c4bb9ff98b@nostrum.com>
Date: Wed, 20 Jun 2018 18:54:31 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <CAOdDvNrjZu-q63DUhNjf7fYjNux2ewv4DTZkGPvFRrGfBBJFMA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------D48EE96DDB5989D52CBEA0FF"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/KFIKCkjz48yxj67NGpPUuqLOgaI>
Subject: Re: [Doh] New Privacy Considerations Section Proposal
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2018 23:54:43 -0000
[as an individual] I agree with Patrick's analysis here, and think the proposed text (plus the "minimal set of data" statement below) is likely to serve the purpose well. In particular, I agree with Patrick that the various features that have been cited so far each serve a useful purpose, and that such purposes may have a place in DoH deployments. Giving implementors a heads up about the privacy trade-offs seems appropriate. Mandating (MUST or SHOULD) that DoH runs over a minimal profile of HTTP seems to remove several of the advantages of using HTTP at all. /a On 6/20/18 6:03 PM, Patrick McManus wrote: > > > On Wed, Jun 20, 2018 at 6:14 PM, Ted Hardie <ted.ietf@gmail.com > <mailto:ted.ietf@gmail.com>> wrote: > > Repeating the comment I made at Github: > > Is there a reason not to make a recommendation for the case of a > DOH-only service? The current text says: > > Implementations of DoH clients and servers need to consider the > benefit > and privacy impact of all these features, and their deployment > context, > when deciding whether or not to enable them. > > Would you consider a recommendation like "For DOH clients which do > not intermingle DOH requests with other HTTP suppression of these > headers and other potentially identifying headers is an > appropriate data minimization strategy."? > > > there are some practical problems there. Big picture you need to weigh > the reasons these things get used in your implementation decisions. > Its not like TLS didn't know they had built a tracker with session > tickets, yet dprive recommended its use anyhow :) > > every http feature has a reason an implementation might want want it > in doh. cookies can do useful things for auth. new compression > algorithms (which create a fingerprint on introduction just as surely > as UA does) enable better performance. etc.. UA strings have kept the > web runinng, for good and bad, across many unanticipated bugs for many > years.. I'm not saying those arguments win the day but its not really > DoH's place to change the properties of HTTP. Alt-Service provides > great load balancing and protocol evolution, but its basically a cache > with a tracking implication too. > > It is an important goal of this work to leverage the HTTP ecosystem - > stripping out all the HTTP parts and leaving a tunnel doesn't give it > any value. > > The picture is also complicated by the end to end message semantics of > http headers and how they interact with the hop to hop transport > semantics of the client or server. i.e. the notion of intermingle is > not e2e, but headers are. That's not really a driver, but something to > keep in mind when considering the limitations of text. > > I'm more inclined in general to use words along the lines of "should > use the minimal set of data that can achieve the desired feature set." > if that's helpful, but I'm not eager to start working through > individual design decisions. > > > > > _______________________________________________ > Doh mailing list > Doh@ietf.org > https://www.ietf.org/mailman/listinfo/doh
- Re: [Doh] New Privacy Considerations Section Prop… Adam Roach
- Re: [Doh] New Privacy Considerations Section Prop… Adam Roach
- Re: [Doh] New Privacy Considerations Section Prop… Ted Hardie
- Re: [Doh] New Privacy Considerations Section Prop… Ted Hardie
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Sara Dickinson
- Re: [Doh] New Privacy Considerations Section Prop… Eric Rescorla
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Sara Dickinson
- Re: [Doh] New Privacy Considerations Section Prop… Sara Dickinson
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Howard Chu
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Howard Chu
- Re: [Doh] New Privacy Considerations Section Prop… Mateusz Jończyk
- Re: [Doh] New Privacy Considerations Section Prop… bert hubert
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Sara Dickinson
- Re: [Doh] New Privacy Considerations Section Prop… Daniel Stenberg
- Re: [Doh] New Privacy Considerations Section Prop… Howard Chu
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… nusenu
- Re: [Doh] New Privacy Considerations Section Prop… Hewitt, Rory
- Re: [Doh] New Privacy Considerations Section Prop… Adam Roach
- Re: [Doh] New Privacy Considerations Section Prop… Patrick McManus
- Re: [Doh] [Ext] New Privacy Considerations Sectio… Ted Hardie
- Re: [Doh] [Ext] New Privacy Considerations Sectio… Paul Hoffman
- Re: [Doh] New Privacy Considerations Section Prop… Ted Hardie
- [Doh] New Privacy Considerations Section Proposal Patrick McManus
- Re: [Doh] New Privacy Considerations Section Prop… Loganaden Velvindron