Re: [Doh] New Privacy Considerations Section Proposal

bert hubert <bert.hubert@powerdns.com> Thu, 21 June 2018 11:50 UTC

Return-Path: <bert@hubertnet.nl>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D77B131228 for <doh@ietfa.amsl.com>; Thu, 21 Jun 2018 04:50:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.652
X-Spam-Level:
X-Spam-Status: No, score=-1.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04T9O42ISc_Q for <doh@ietfa.amsl.com>; Thu, 21 Jun 2018 04:50:27 -0700 (PDT)
Received: from xs.powerdns.com (xs.powerdns.com [82.94.213.34]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF41C130E7E for <doh@ietf.org>; Thu, 21 Jun 2018 04:50:26 -0700 (PDT)
Received: from server.ds9a.nl (unknown [86.82.68.237]) by xs.powerdns.com (Postfix) with ESMTPS id C8A949FB55; Thu, 21 Jun 2018 11:50:23 +0000 (UTC)
Received: by server.ds9a.nl (Postfix, from userid 1000) id 8BE42AC6411; Thu, 21 Jun 2018 13:50:23 +0200 (CEST)
Date: Thu, 21 Jun 2018 13:50:23 +0200
From: bert hubert <bert.hubert@powerdns.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: Patrick McManus <pmcmanus@mozilla.com>, nusenu <nusenu-lists@riseup.net>, Ted Hardie <ted.ietf@gmail.com>, DoH WG <doh@ietf.org>
Message-ID: <20180621115023.GC26965@server.ds9a.nl>
References: <CAOdDvNpY4NpvSKW_D__jztDD_wkaRsJna9L+Br+hdnDnQ8w5SQ@mail.gmail.com> <a8f12fe6-57d8-70ed-dc68-126c972b75f4@riseup.net> <CAOdDvNrfQuN4ePV2qeh9jChmaOhjp9VQWD4xeiNBUgSSJAre5Q@mail.gmail.com> <78C7C2B7-BEE5-44CA-913E-9168E399DFC1@sinodun.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <78C7C2B7-BEE5-44CA-913E-9168E399DFC1@sinodun.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/e5hq_2TQYEFAS6LdtRi0e6PY7iE>
Subject: Re: [Doh] New Privacy Considerations Section Proposal
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 11:50:29 -0000

On Thu, Jun 21, 2018 at 12:34:20PM +0100, Sara Dickinson wrote:
> NEW:
> “As a deliberate design choice DoH inherits the privacy properties of
> the HTTPS stack and is not known to introduce new concerns beyond that of HTTPS.
> As a consequence, however, it does introduce new privacy concerns when compared
> with DNS over UDP, TCP or TLS (RFC7858). The rationale for this decision is that 
> retaining the ability to leverage the full functionality of the HTTP ecosystem is more
> important than placing any constraints on this new protocol based on privacy considerations."

+1 !

> "In making this evaluation DoH clients should use the minimal set of data
> (e.g.  headers, cookies) that can achieve the desired feature set whilst
> minimizing potentially identifying information being passed.  For DOH
> clients which do not intermingle DOH requests with other HTTP messages
> suppression of these headers and other potentially identifying headers is
> an appropriate data minimization strategy.”


+1 !

	Bert