Re: [Doh] New I-D: draft-reid-doh-operator
Stephane Bortzmeyer <bortzmeyer@nic.fr> Sun, 10 March 2019 08:02 UTC
Return-Path: <stephane@laperouse.bortzmeyer.org>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6017126DFA for <doh@ietfa.amsl.com>; Sun, 10 Mar 2019 00:02:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PWXQG8rf8rVs for <doh@ietfa.amsl.com>; Sun, 10 Mar 2019 00:02:15 -0800 (PST)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fe27:3d3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC772124B91 for <doh@ietf.org>; Sun, 10 Mar 2019 00:02:14 -0800 (PST)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id 3EEE8A052E; Sun, 10 Mar 2019 09:02:12 +0100 (CET)
Received: by godin (Postfix, from userid 1000) id B24E6EC0B0D; Sun, 10 Mar 2019 09:01:01 +0100 (CET)
Date: Sun, 10 Mar 2019 09:01:01 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Jim Reid <jim@rfc1035.com>
Cc: DoH WG <doh@ietf.org>
Message-ID: <20190310080101.GA11452@laperouse.bortzmeyer.org>
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <FACB852B-4BC4-4234-A728-9068708EFB10@rfc1035.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <FACB852B-4BC4-4234-A728-9068708EFB10@rfc1035.com>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 18.04 (bionic)
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/Q3V7fdRqJzaMBLcr2Xv-gZE4300>
Subject: Re: [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Mar 2019 08:02:17 -0000
On Sun, Mar 10, 2019 at 03:29:51AM +0000, Jim Reid <jim@rfc1035.com> wrote a message of 30 lines which said: > FYI colleagues. The draft below has just been submitted. I've been given 10 minutes of WG agenda time at IETF104. I'm surprised that it is published more or less at the same time draft-livingood-doh-implementation-risks-issues. They have a lot of overlap, and even one author in common. May be a merge would be a good idea? > When DoH is used, the customer will probably be dependent on DoH > servers operated by third parties and have no contractual or > business relationship with those providers. Like draft-livingood-doh-implementation-risks-issues, there is a lot of confusion between DoH-the-protocol and possible deployments of DNS resolution via a public DNS resolver. The specific issue mentioned above is exactly the same whether I use DoH or DNS-over-UDP to 8.8.8.8 or 9.9.9.9. [To be more precise: most of this draft is off-topic for the DoH WG. If this is asked, I will say No to adoption by the WG.] > Operators can also be required to perform DNS blocking and filtering > or rewriting for legal reasons Sure, but is it IETF's job to make it easier? RFC 2804 and 7754 would be good references here. > Typical regulations that could apply include General Data Protection > Regulation (EU) 2016/679 [GDPR] and the EU-US Privacy Shield > Framework [USPS]. [...] Logs containing individual DNS queries and > the IP addresses or other data correlating those queries to specific > users or homes may in some legal jurisdictions be considered as > personally identifying information (PII). In such jurisdictions > detailed DNS query logs may be subject to data protection and > retention regulations, or other legal and/or compliance > requirements. I'm very glad that people consider the importance of personal data protection, and the useful role of the GDPR in it. But I fail to see why it's specific to DoH. For *every* IETF protocol, the two parties communicating may be in different countries (well, may be not for ND, ARP and DHCP), and logging by one may infringe the laws of another. Yet, we don't write drafts on the GDPR risks associated with each specific protocol. > Some list or registry of "trusted" DoH servers is probably > necessary. Why? I don't see it as necessary or unavoidable and even if it were, why would it be IETF's business? Do we mention a "list of trusted AC" in PKIX RFCs? > DoH has the potential to be more privacy intrusive than ECS, largely > because DoH is based on HTTP and can leverage the rich per-user and > per-device tracking that pervades the web today. The implications > of that are not yet well understood. draft-dickinson-doh-dohpe
- [Doh] New I-D: draft-reid-doh-operator Jim Reid
- Re: [Doh] New I-D: draft-reid-doh-operator Warren Kumari
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
- Re: [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
- Re: [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
- Re: [Doh] New I-D: draft-reid-doh-operator Jim Reid
- Re: [Doh] New I-D: draft-reid-doh-operator Ask Bjørn Hansen
- Re: [Doh] New I-D: draft-reid-doh-operator Livingood, Jason
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Vittorio Bertola
- Re: [Doh] New I-D: draft-reid-doh-operator Warren Kumari
- Re: [Doh] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] New I-D: draft-reid-doh-operator Jim Reid
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- [Doh] GDPR and IETF protocols (Was: New I-D: draf… Stephane Bortzmeyer
- Re: [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
- Re: [Doh] GDPR and IETF protocols Jim Reid
- Re: [Doh] New I-D: draft-reid-doh-operator Livingood, Jason
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Michael Sinatra
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Raymond Burkholder
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Raymond Burkholder
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Winfield, Alister
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Vittorio Bertola
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Brian Dickson
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ralf Weber
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Lemon
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Christian Huitema
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Martin Thomson
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Winfield, Alister
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eric Rescorla
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Adam Roach
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Christian Huitema
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Stephen Farrell
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Brian Dickson
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Stephen Farrell
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator nalini elkins
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Brian Dickson
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Stephen Farrell
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Joe Abley
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jacques Latour
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Adam Roach
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator 神明達哉
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jacques Latour
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Vittorio Bertola
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jacques Latour
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Brian Dickson
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jim Reid
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Wes Hardaker
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Christian Huitema
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Vittorio Bertola
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eric Rescorla
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Winfield, Alister
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator sthaug
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Joe Abley
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Winfield, Alister
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Joe Abley
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Bill Woodcock
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Livingood, Jason
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Joe Abley
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Stephen Farrell
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Puneet Sood
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Richard Bennett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Wes Hardaker
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Patrick McManus
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Patrick McManus
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Vittorio Bertola
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Paul Wouters
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Olli Vanhoja
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Daniel Stenberg
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Mark Andrews
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Ian Swett
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… sthaug
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Valentin Gosu
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Martin Thomson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Stephen Farrell
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Puneet Sood
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Petr Špaček
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… tirumal reddy
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Paul Vixie
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… tirumal reddy