Re: [Doh] ..I don't get it (the hate)
Matthew Pounsett <matt@conundrum.com> Tue, 26 March 2019 12:37 UTC
Return-Path: <matt@conundrum.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE64F12001E for <doh@ietfa.amsl.com>; Tue, 26 Mar 2019 05:37:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=conundrum-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vpA5suhGcIIp for <doh@ietfa.amsl.com>; Tue, 26 Mar 2019 05:37:12 -0700 (PDT)
Received: from mail-it1-x136.google.com (mail-it1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93A1C12000F for <doh@ietf.org>; Tue, 26 Mar 2019 05:37:12 -0700 (PDT)
Received: by mail-it1-x136.google.com with SMTP id h9so19651932itl.1 for <doh@ietf.org>; Tue, 26 Mar 2019 05:37:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=conundrum-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=U9xOR9hk3yfe73UxwHDf6MC/J0Usou1Qa7lmvPtcHQA=; b=ZhajJI9lCf5r5IQYrBu/A1a2xjKKcq/tN7CSTGNS5EPVlEzC2UAdizFwny4N5m6+D0 03TlZbnk+waoD4Suz1y3q/tzYGWXxG4HaLswW7SDJSNEjNQKEi/7f93T18oHkhReto7E rRbv8+qx50MVE6lY5zvtmEILwlzaNjg17htfxGcifOlRQsT2TUhvMoX3arduxpXEJ5Mr zMZtzJ7hlAJBTmKJ/7l5HiOx86OXqvNUyvb9sL+JP0y9b9zpDKz/haIlE3DtT3Zr+kh+ fqsJPXxyxXQvXhchu0EfHZu70v403NtC0RdsB6F0NaMATD4S5S52EwkHQF+CK7VT/vKd KGbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=U9xOR9hk3yfe73UxwHDf6MC/J0Usou1Qa7lmvPtcHQA=; b=dXq9uNYPiDP62gwXsinHG80p7IZ7YpdsfHKkVvkIMWhuXytq52RIdxx2ZEPEPO6tsg ESJsW/WEEkAVE2UHRZbcSOh+6wbBNH4BZ6I+Q/UYwzorolh5Y5AcOfh37oKkljeeq/xP Bf87fF+FsljGcqbM/yI+efuJeJ17oFB+HefBR7mtdQhPJtdMCBmx4T8hKXOmko4BIxh2 LaXzB8mvSIiVeybl/7HhoWIn3W4VCPrUkkww6FrzbEKLEiHvZucp5JprSswpY/EW4+22 eh07PF/ZhUsqH5QHNuXsxTLT+5cmJnMl4tmLlS6a0Jf/UB7OCpNE1WXHfyTIMvhDslMj hVEA==
X-Gm-Message-State: APjAAAUQfeBmTkC7t9TfCLE+K7V6UO89AM+A9qr30kdyeoq0Xmfjy27p 9UDQ+b1iB9Lq9UOgXBMUdbsf682e/3qWa8jC/anWW8m8CdOpyQ==
X-Google-Smtp-Source: APXvYqzOIVguRHP79vi5iKptcuuxPtQCatdOCILKOgsfRs6SASiUKA1DlNQZF7QwbnVrC45TWjNHpL2GY/KTV34RkJk=
X-Received: by 2002:a02:13ca:: with SMTP id 193mr21757442jaz.117.1553603831714; Tue, 26 Mar 2019 05:37:11 -0700 (PDT)
MIME-Version: 1.0
References: <CAKr6gn29O-Loq2SsHSUTQgfFqTMVjExQoLiV6R8AnGFmVf1H7Q@mail.gmail.com> <CAJhMdTMsogPP4bybWqMAQoK_WQkwqqB+25UcMtnZpD8OvOsnTA@mail.gmail.com>
In-Reply-To: <CAJhMdTMsogPP4bybWqMAQoK_WQkwqqB+25UcMtnZpD8OvOsnTA@mail.gmail.com>
From: Matthew Pounsett <matt@conundrum.com>
Date: Tue, 26 Mar 2019 13:36:57 +0100
Message-ID: <CAAiTEH_QFBA2WmRrdmQtzYqsdBaZDi6C1CW6VyHKEN-B9fCb+w@mail.gmail.com>
To: Joe Abley <jabley@hopcount.ca>
Cc: George Michaelson <ggm@algebras.org>, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000082ee280584fe94aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/KTsidMNd5QH2xS1kYsHpq8oXT-E>
Subject: Re: [Doh] ..I don't get it (the hate)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 12:37:15 -0000
On Tue, 26 Mar 2019 at 12:31, Joe Abley <jabley@hopcount.ca> wrote: > On Mar 26, 2019, at 12:15, George Michaelson <ggm@algebras.org> wrote: > > > This is (surely) between me, the browser vendor, and the website? Why > > does the ISP have any say in this? > > The ISP (or equivalent actor) has the opportunity to have a say today. > Some deployment models would take this opportunity away. > > I don't believe the concern is for sophisticated users who can make > informed choices. I can use a tor browser right now that also defeats > the ISP's opportunity to participate in the resolution process. That's > not controversial. > > The contentious aspect is, I think, the potential for a majority of > end-users who are not sophisticated and hence are unable to make > informed decisions to have this behaviour changed for them. > And in a similar vein, unsophisticated end users who might change this configuration deliberately, and then still expect their ISP to help them out when they've got a problem. I think the biggest enterprise concern is more around the balance between users' privacy in one context (e.g. protecting dissidents) and user privacy and security in other contexts (e.g. data exfiltration by malware). I'm concerned, and I believe others are as well, that while we're making gains in the former, the loss in the latter may outweigh those gains by quite a lot. The malware on a user's system that is now able to reach its C&C because its DNS queries cannot be blocked doesn't just put the user of that computer at risk, but all the other users on that network as well. And there, again, it's a question of scale. While it's possible for malware to set up similar resolution systems today, if they do it stands out in ways that can be detected and mitigated. If they're hiding in the forest of all the standard web browser traffic, that becomes a much more complex (and therefore expensive) problem. > > It's not the existence of the mechanism, it's the potential scale of > the deployment. > > > Joe > > _______________________________________________ > Doh mailing list > Doh@ietf.org > https://www.ietf.org/mailman/listinfo/doh >
- [Doh] ..I don't get it (the hate) George Michaelson
- Re: [Doh] ..I don't get it (the hate) Joe Abley
- Re: [Doh] ..I don't get it (the hate) Matthew Pounsett
- Re: [Doh] ..I don't get it (the hate) Ted Lemon