IETF Logo Mail Archive

Re: [Doh] some privacy ponderings wrt HTTPs and plain DNS

Erik Nygren <erik+ietf@nygren.org> Tue, 19 June 2018 15:49 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7230130DE8 for <doh@ietfa.amsl.com>; Tue, 19 Jun 2018 08:49:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lkfqvGIPk0eK for <doh@ietfa.amsl.com>; Tue, 19 Jun 2018 08:49:06 -0700 (PDT)
Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEA0813110F for <doh@ietf.org>; Tue, 19 Jun 2018 08:49:05 -0700 (PDT)
Received: by mail-io0-x236.google.com with SMTP id u4-v6so655731iof.2 for <doh@ietf.org>; Tue, 19 Jun 2018 08:49:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=2dQPGHNMXycLgs8ha69QaKfWpg37hz5hvFPrrmNKMYI=; b=JtKOWdL1ZxD/VMYYvxZrc6cQC360N05UFKuO+gyLuJdjYOdM0pUnXyNuNSu4oBbl+9 TdKZcamjybjEJ7J1DJumFiypHsnSIIwfdK5Rw6N8sYzx+1kv/UBTFjg8Ob1wr3Lev+8T qdwZafSXGUOBC2K9hWQ+iudVUMZPGQx9pIC6rilhoNbQjdIKtaQBe/GgAL+vDxHxi3Kl s8wQMrK0r4FuWscn6S9dS9izOT6sW7cHhjMvthSn9FJf6ZtxR8ugTXgLWC8ND9TnoSDQ nepgqhwMSsxfZsEweNUxEHcCXVEPmqdG9uqBu5QyzxCFXaGWp75snPc9qR9Qj4K3Lu/z eBtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=2dQPGHNMXycLgs8ha69QaKfWpg37hz5hvFPrrmNKMYI=; b=f8LZfDg7z5aY6bQVQwgcD714zNbqLbEYNnDXvpKEOm9Tq7pSqemERJTUfXfyl2+/KV 3dREvcksd1dKQSuNe5BfQeZ7vlnKcSfPm2sjWfI8i6v1RxACpy29dFzOwlVMakvLp+EE MZiI8QAn16hZhAXKJ80e4BevnWDh2sIUd0Y1VXf44WTgKoMClWexMMAsYxWaHhyTj8Zv 4PgSGn3VD8n5ss70n513joi0q8RswbZeInF6ZrfjwOdKlMpX95LeZbbWpv35CdM8pz2X IfLwsmQ0qorkSWh84dwDpScywyYsVaSk3uYF7Y8UWEm4kEoy9b3VXRpdE15jzlQaiHGK g99g==
X-Gm-Message-State: APt69E2rAUtI0rB5s6LMJcKiMp9J5f8XFZD9p40qxQBnt5CX0xPKh46h R+OGDlu1g17OJuLtWDQgwayVxHt0mQwAFuIUhrM=
X-Google-Smtp-Source: ADUXVKKhztzxNd/MHk+z7PwEg0gQkH7L/TSW532GChyUb6sHce2RKNnaXXYBXShHCnn/qw+Y/Jh19PtcxLwRLU8WaXs=
X-Received: by 2002:a6b:e619:: with SMTP id g25-v6mr13798176ioh.198.1529423345057; Tue, 19 Jun 2018 08:49:05 -0700 (PDT)
MIME-Version: 1.0
Sender: nygren@gmail.com
Received: by 2002:a4f:d1cc:0:0:0:0:0 with HTTP; Tue, 19 Jun 2018 08:49:03 -0700 (PDT)
In-Reply-To: <AC7EF4EF-17DA-4181-B123-D2F82BBDF1C9@sinodun.com>
References: <20180618112116.GB9195@server.ds9a.nl> <d137a136-d456-8de2-b682-512edd86b1f7@riseup.net> <E4082C8A-8D16-4F13-82ED-C9F68F66A2A1@sinodun.com> <CAOdDvNrnfxxQ__G_kKn4Fe4jcwcQUZfOb4aNAE6+bjvSrfLcmA@mail.gmail.com> <0D08F629-1719-440D-B4B4-A474CF90B865@sinodun.com> <CAOdDvNrKhV83ZmCX=KWHx49PtFVO2eTzY+GOxjEzEVd6Auj4Nw@mail.gmail.com> <AC7EF4EF-17DA-4181-B123-D2F82BBDF1C9@sinodun.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Tue, 19 Jun 2018 11:49:03 -0400
X-Google-Sender-Auth: SrR5vR1eimcgnC029Lkf7HGeHsk
Message-ID: <CAKC-DJjn3TQkovRQATkpkNLxt_VYd_81yJKz_=V=R3X0+TyLdw@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: Patrick McManus <pmcmanus@mozilla.com>, nusenu <nusenu-lists@riseup.net>, DoH WG <doh@ietf.org>, bert hubert <bert.hubert@powerdns.com>
Content-Type: multipart/alternative; boundary="0000000000003184d0056f009fff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/V9kViN9eJTm1zaA6cBlSrQ7BHac>
Subject: Re: [Doh] some privacy ponderings wrt HTTPs and plain DNS
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2018 15:49:08 -0000

On Tue, Jun 19, 2018 at 11:03 AM, Sara Dickinson <sara@sinodun.com> wrote:
>
>
> 2. Implementors should evaluate what identifiers could be omitted or be
> made less identifying while still fulfilling the protocol's goals.
>
>   a. Specifically, implementors SHOULD not use non-essential HTTP headers
> in DoH messages and SHOULD set the user agent string to ‘DoH client’.
>
>   b. Implementations SHOULD only accept cookies or allow client
> authentication when it is required to fulfil the protocols goals (e.g. a
> subscription service with user opt-in).
>

I'd think we'd want to avoid normative language in the Privacy
Considerations?
We should be careful about what "non-essential HTTP headers" mean,
especially without being much more specific about these. and providing
clear guidance in the core specification.  Implementations leaving out
required headers without clear guidance seems likely to lead to
interoperable implementations.

Separately on privacy considerations...

>From a related thread on DNSOP where Colm MacCárthaigh raised this, do we
need to provide guidance on the rrset ordering side-channel?  Or does that
apply as a general issue for DPRIVE?  The relevant issue is that since
cached rrset responses will have a stable ordering of IP addresses to try,
if clients receive the same rrset over DoH and go through the IPs in the
same order, this makes it visible to an external observer which cached
response the two clients received, especially if the same set of IPs share
a wide variety of different hostnames.   Recommending the client permute
the (unordered-by-specification) rrset received and try responses in a
pseudo-random order (absent local performance information preferring some
over others) both reduces opportunities for this side-channel attack.
Regardless of the side-channel privacy issues here, since DoH responses may
be cached by design and won't get randomized/roundrobin/etc rrset-sorting
applied to each response it likely makes sense to give the guidance that
DoH clients should do pseudo-random sorting of received rrsets of only for
better load balancing across IPs in the rrsets.

     Erik

v2.23.0 | Report a Bug | By Email