Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

Raymond Burkholder <ray@oneunified.net> Wed, 13 March 2019 02:38 UTC

Return-Path: <ray@oneunified.net>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77AD112716C; Tue, 12 Mar 2019 19:38:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aHw7QjBxyBG2; Tue, 12 Mar 2019 19:38:46 -0700 (PDT)
Received: from mail1.oneunified.net (mail1.oneunified.net [63.85.42.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F49F12705F; Tue, 12 Mar 2019 19:38:46 -0700 (PDT)
X-One-Unified-MailScanner-Watermark: 1553049515.8886@6zlgKkcO8Jee+kC+8YVo8w
X-One-Unified-MailScanner-From: ray@oneunified.net
X-One-Unified-MailScanner: Not scanned: postmaster@oneunified.net
X-One-Unified-MailScanner-ID: x2D2cVmO015007
X-OneUnified-MailScanner-Information: Please contact the ISP for more information
Received: from [10.55.40.139] (h96-45-2-121-eidnet.org.2.45.96.in-addr.arpa [96.45.2.121] (may be forged)) (authenticated bits=0) by mail1.oneunified.net (8.14.4/8.14.4/Debian-4) with ESMTP id x2D2cVmO015007 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Wed, 13 Mar 2019 02:38:32 GMT
To: Christian Huitema <huitema@huitema.net>, Paul Vixie <paul@redbarn.org>, dnsop@ietf.org
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Eric Rescorla <ekr@rtfm.com>, "doh@ietf.org" <doh@ietf.org>, "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>, nalini elkins <nalini.elkins@e-dco.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, "Ackermann, Michael" <mackermann@bcbsm.com>
References: <1700920918.12557.1552229700654@appsuite.open-xchange.com> <76386691-c1aa-c48a-9b0d-67eb36a08a4f@redbarn.org> <CABcZeBOWM0Ps-j3V-CK6VPy0LAqeo7-t7odUZy+dk9d-oCSDsg@mail.gmail.com> <4935758.NkxX2Kjbm0@linux-9daj> <c2c2be47-0855-a9d1-dd53-2404edf4d02b@huitema.net>
From: Raymond Burkholder <ray@oneunified.net>
Organization: One Unified Net Limited
Message-ID: <11b615ed-a5df-8f58-605e-a610a60886e3@oneunified.net>
Date: Tue, 12 Mar 2019 20:38:31 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
In-Reply-To: <c2c2be47-0855-a9d1-dd53-2404edf4d02b@huitema.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/LYROTOAKmzu87qRbJxXnlugXxtU>
X-Mailman-Approved-At: Wed, 13 Mar 2019 08:16:11 -0700
Subject: Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 02:38:47 -0000

In the below commentary, there are some use cases which are not being 
included ....
On 2019-03-12 12:56 p.m., Christian Huitema wrote:
> On 3/12/2019 11:35 AM, Paul Vixie wrote:
> 
>> if someone is concerned that some of the web sites
>> reachable through some CDN are dangerous...
> 
> 
> Paul, who is this someone? How do they decide? What does dangerous mean?
> These questions are very much behind the tension we see today. And the
> answers are not as black and white as "this is my network, I get to decide".

There are enterprise networks.  There are home networks. There are some 
socially organized networks.  All seeking protection for their users, or 
for themselves, or both.  And sometimes/many-times, there has to be 
'some-one' who can define some level of protection for the collection of 
users.

DoH is almost like a trojan.  Secret queries can be made to the outside 
world. For the 'protector' of the infrastructure, the job then becomes 
more difficult to perform.

Are there security personnel included in these conversations?

> For example, users routinely delegate the filtering decision to some
> kind of security software running on their device, often with support
> from some cloud based service. They are making an explicit decision, and
> often use menu options to decide what type of site is OK or not --
> adults would probably not subscribe to parental control services. There
> is a market for these products, they compete based on reputation, ease
> of use, etc.

This could be a legitimate scenario.  But what if users are inside the 
domain of enterprise/home/organization/social, they would need to 
delegate their security to those who are maintaining that 'network'. 
But when the users can build their own DoH 'tunnels' and hide that 
traffic amongst other https traffic, security can be harder to 
enforce/manage/supervise/maintain/forensically-identify.

> 
> You are saying that whoever happens to control part of the network path
> is entitled to override the user choices and impose their own. Really?

I would say, yes.

> As Stephane wrote, that may be legit in some circumstances, but much
> more questionable in others, such as a hotel Wi-Fi attempting to decide
> what sites I could or could not access. It really is a tussle.

Yes, a tussle.  There are many use cases.

The 'power of the individual' vs the 'will of the people'?   [does not 
totally properly convey the concept, but close enough]