Re: [Doh] some privacy ponderings wrt HTTPs and plain DNS
Erik Nygren <erik+ietf@nygren.org> Tue, 19 June 2018 15:49 UTC
Return-Path: <nygren@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7230130DE8 for <doh@ietfa.amsl.com>; Tue, 19 Jun 2018 08:49:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lkfqvGIPk0eK for <doh@ietfa.amsl.com>; Tue, 19 Jun 2018 08:49:06 -0700 (PDT)
Received: from mail-io0-x236.google.com (mail-io0-x236.google.com [IPv6:2607:f8b0:4001:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEA0813110F for <doh@ietf.org>; Tue, 19 Jun 2018 08:49:05 -0700 (PDT)
Received: by mail-io0-x236.google.com with SMTP id u4-v6so655731iof.2 for <doh@ietf.org>; Tue, 19 Jun 2018 08:49:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=2dQPGHNMXycLgs8ha69QaKfWpg37hz5hvFPrrmNKMYI=; b=JtKOWdL1ZxD/VMYYvxZrc6cQC360N05UFKuO+gyLuJdjYOdM0pUnXyNuNSu4oBbl+9 TdKZcamjybjEJ7J1DJumFiypHsnSIIwfdK5Rw6N8sYzx+1kv/UBTFjg8Ob1wr3Lev+8T qdwZafSXGUOBC2K9hWQ+iudVUMZPGQx9pIC6rilhoNbQjdIKtaQBe/GgAL+vDxHxi3Kl s8wQMrK0r4FuWscn6S9dS9izOT6sW7cHhjMvthSn9FJf6ZtxR8ugTXgLWC8ND9TnoSDQ nepgqhwMSsxfZsEweNUxEHcCXVEPmqdG9uqBu5QyzxCFXaGWp75snPc9qR9Qj4K3Lu/z eBtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=2dQPGHNMXycLgs8ha69QaKfWpg37hz5hvFPrrmNKMYI=; b=f8LZfDg7z5aY6bQVQwgcD714zNbqLbEYNnDXvpKEOm9Tq7pSqemERJTUfXfyl2+/KV 3dREvcksd1dKQSuNe5BfQeZ7vlnKcSfPm2sjWfI8i6v1RxACpy29dFzOwlVMakvLp+EE MZiI8QAn16hZhAXKJ80e4BevnWDh2sIUd0Y1VXf44WTgKoMClWexMMAsYxWaHhyTj8Zv 4PgSGn3VD8n5ss70n513joi0q8RswbZeInF6ZrfjwOdKlMpX95LeZbbWpv35CdM8pz2X IfLwsmQ0qorkSWh84dwDpScywyYsVaSk3uYF7Y8UWEm4kEoy9b3VXRpdE15jzlQaiHGK g99g==
X-Gm-Message-State: APt69E2rAUtI0rB5s6LMJcKiMp9J5f8XFZD9p40qxQBnt5CX0xPKh46h R+OGDlu1g17OJuLtWDQgwayVxHt0mQwAFuIUhrM=
X-Google-Smtp-Source: ADUXVKKhztzxNd/MHk+z7PwEg0gQkH7L/TSW532GChyUb6sHce2RKNnaXXYBXShHCnn/qw+Y/Jh19PtcxLwRLU8WaXs=
X-Received: by 2002:a6b:e619:: with SMTP id g25-v6mr13798176ioh.198.1529423345057; Tue, 19 Jun 2018 08:49:05 -0700 (PDT)
MIME-Version: 1.0
Sender: nygren@gmail.com
Received: by 2002:a4f:d1cc:0:0:0:0:0 with HTTP; Tue, 19 Jun 2018 08:49:03 -0700 (PDT)
In-Reply-To: <AC7EF4EF-17DA-4181-B123-D2F82BBDF1C9@sinodun.com>
References: <20180618112116.GB9195@server.ds9a.nl> <d137a136-d456-8de2-b682-512edd86b1f7@riseup.net> <E4082C8A-8D16-4F13-82ED-C9F68F66A2A1@sinodun.com> <CAOdDvNrnfxxQ__G_kKn4Fe4jcwcQUZfOb4aNAE6+bjvSrfLcmA@mail.gmail.com> <0D08F629-1719-440D-B4B4-A474CF90B865@sinodun.com> <CAOdDvNrKhV83ZmCX=KWHx49PtFVO2eTzY+GOxjEzEVd6Auj4Nw@mail.gmail.com> <AC7EF4EF-17DA-4181-B123-D2F82BBDF1C9@sinodun.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Tue, 19 Jun 2018 11:49:03 -0400
X-Google-Sender-Auth: SrR5vR1eimcgnC029Lkf7HGeHsk
Message-ID: <CAKC-DJjn3TQkovRQATkpkNLxt_VYd_81yJKz_=V=R3X0+TyLdw@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: Patrick McManus <pmcmanus@mozilla.com>, nusenu <nusenu-lists@riseup.net>, DoH WG <doh@ietf.org>, bert hubert <bert.hubert@powerdns.com>
Content-Type: multipart/alternative; boundary="0000000000003184d0056f009fff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/V9kViN9eJTm1zaA6cBlSrQ7BHac>
Subject: Re: [Doh] some privacy ponderings wrt HTTPs and plain DNS
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jun 2018 15:49:08 -0000
On Tue, Jun 19, 2018 at 11:03 AM, Sara Dickinson <sara@sinodun.com> wrote: > > > 2. Implementors should evaluate what identifiers could be omitted or be > made less identifying while still fulfilling the protocol's goals. > > a. Specifically, implementors SHOULD not use non-essential HTTP headers > in DoH messages and SHOULD set the user agent string to ‘DoH client’. > > b. Implementations SHOULD only accept cookies or allow client > authentication when it is required to fulfil the protocols goals (e.g. a > subscription service with user opt-in). > I'd think we'd want to avoid normative language in the Privacy Considerations? We should be careful about what "non-essential HTTP headers" mean, especially without being much more specific about these. and providing clear guidance in the core specification. Implementations leaving out required headers without clear guidance seems likely to lead to interoperable implementations. Separately on privacy considerations... >From a related thread on DNSOP where Colm MacCárthaigh raised this, do we need to provide guidance on the rrset ordering side-channel? Or does that apply as a general issue for DPRIVE? The relevant issue is that since cached rrset responses will have a stable ordering of IP addresses to try, if clients receive the same rrset over DoH and go through the IPs in the same order, this makes it visible to an external observer which cached response the two clients received, especially if the same set of IPs share a wide variety of different hostnames. Recommending the client permute the (unordered-by-specification) rrset received and try responses in a pseudo-random order (absent local performance information preferring some over others) both reduces opportunities for this side-channel attack. Regardless of the side-channel privacy issues here, since DoH responses may be cached by design and won't get randomized/roundrobin/etc rrset-sorting applied to each response it likely makes sense to give the guidance that DoH clients should do pseudo-random sorting of received rrsets of only for better load balancing across IPs in the rrsets. Erik
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Petr Špaček
- Re: [Doh] Privacy Considerations Section nusenu
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Erik Nygren
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Patrick McManus
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Sara Dickinson
- Re: [Doh] [Ext] some privacy ponderings wrt HTTPs… Star Brilliant
- Re: [Doh] [Ext] some privacy ponderings wrt HTTPs… nusenu
- [Doh] some privacy ponderings wrt HTTPs and plain… nusenu
- Re: [Doh] [Ext] some privacy ponderings wrt HTTPs… Stephen Farrell
- Re: [Doh] [Ext] some privacy ponderings wrt HTTPs… Paul Hoffman
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Benno Overeinder
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Howard Chu
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Patrick McManus
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Ben Schwartz
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Sara Dickinson
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Star Brilliant
- Re: [Doh] some privacy ponderings wrt HTTPs and p… nusenu
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Patrick McManus
- Re: [Doh] some privacy ponderings wrt HTTPs and p… Sara Dickinson
- Re: [Doh] some privacy ponderings wrt HTTPs and p… nusenu
- [Doh] some privacy ponderings wrt HTTPs and plain… bert hubert