IETF Logo Mail Archive

Re: [Doh] [Ext] Privacy Considerations Text (#2)

"Hewitt, Rory" <rhewitt@akamai.com> Mon, 25 June 2018 15:31 UTC

Return-Path: <rhewitt@akamai.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40522130EE7 for <doh@ietfa.amsl.com>; Mon, 25 Jun 2018 08:31:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aKEXe16rS3qF for <doh@ietfa.amsl.com>; Mon, 25 Jun 2018 08:30:59 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 698EA130ED3 for <doh@ietf.org>; Mon, 25 Jun 2018 08:30:59 -0700 (PDT)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w5PFMCxb007479; Mon, 25 Jun 2018 16:30:38 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=xNRVlKDPXWhwYiqdgyQKcvoKIU3hm5s2NvC0XSLS/OU=; b=QIjjdImk9ElJSSuJTiOC3zx7F1NtbizIJO9UWUNmGG1+uapLcThmcDDPbxnv0qWnsu7q nnYrBaUYz4utsee+ftk6BrQkIgUgfwFOuZWEYWCq0LpEdYiYdt4zvkJPxTRQDKYt/nbm TFwV9MCwS0BEXCAhnRqbrwlsJN1tDhJiJpXxmZ3OmUR7NWOF4dYkkSB8MokCjvE3Aj6c tUZknPzTXOad3lWGroxWfarYHhK4T1CwbP/yompPvcAT6ZwVOFgbxIVaowBEio04MmBl tCCvYOLiADVQCPWKVNcAPRpM6GqkSJvsd166Lx8VpLALRYzGb6Mti4jDA2N7SXZJaEsc 8w==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050095.ppops.net-00190b01. with ESMTP id 2jt154v1bq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 25 Jun 2018 16:30:37 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w5PFKtoL027643; Mon, 25 Jun 2018 11:30:36 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.34]) by prod-mail-ppoint1.akamai.com with ESMTP id 2jt0wc0400-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 25 Jun 2018 11:30:35 -0400
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com (172.27.123.103) by usma1ex-dag1mb6.msg.corp.akamai.com (172.27.123.65) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Mon, 25 Jun 2018 11:30:30 -0400
Received: from USMA1EX-DAG1MB3.msg.corp.akamai.com ([172.27.123.103]) by usma1ex-dag1mb3.msg.corp.akamai.com ([172.27.123.103]) with mapi id 15.00.1365.000; Mon, 25 Jun 2018 11:30:30 -0400
From: "Hewitt, Rory" <rhewitt@akamai.com>
To: Mateusz Jończyk <mat.jonczyk@o2.pl>, Paul Hoffman <paul.hoffman@icann.org>, DoH WG <doh@ietf.org>
Thread-Topic: [Doh] [Ext] Privacy Considerations Text (#2)
Thread-Index: AQHUCj+1gDiFfb7TpEC+Xt69KgTnJqRsshQAgAFFcQCAAyP+sA==
Date: Mon, 25 Jun 2018 15:30:30 +0000
Message-ID: <f599710114a9472f82640333d871b8a4@usma1ex-dag1mb3.msg.corp.akamai.com>
References: <CAOdDvNpGSw6SP6COgJuJR_y2i1BjPWy3_i14vCYUP3jq6=zGuQ@mail.gmail.com> <11f2eb05-cc0f-9540-2f1d-90f510d7561d@o2.pl> <43ADDDC4-B249-4963-8E3C-E2295B4C4529@icann.org> <1a87456f-e7c4-e639-69ee-ece7686121b9@o2.pl> <f9bb4865-e6fe-d212-12a1-da81a6300556@o2.pl>
In-Reply-To: <f9bb4865-e6fe-d212-12a1-da81a6300556@o2.pl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.116.187]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0000_01D40C5E.C627C020"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-25_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1806250179
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-06-25_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1806210000 definitions=main-1806250179
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/g_lLY5tE5MlZUo6sUDS4GNDWw_g>
Subject: Re: [Doh] [Ext] Privacy Considerations Text (#2)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jun 2018 15:31:07 -0000

Hey Mateusz,

I like that. Here's an alternate way of saying it (not 'better', just 'different'):

	Users with concerns about request correlation within a
	connection may choose to close and reopen any connections
	between a DoH client and the DoH server on a regular basis
	(e.g. when the outside IP address changes). However, this
	may reduce the performance gains realized by using a
	long-running connection between client and server.

Thanks,

Rory

-----Original Message-----
From: Mateusz Jończyk [mailto:mat.jonczyk@o2.pl] 
Sent: Saturday, June 23, 2018 4:23 AM
To: Paul Hoffman <paul.hoffman@icann.org>; DoH WG <doh@ietf.org>
Subject: Re: [Doh] [Ext] Privacy Considerations Text (#2)

W dniu 22.06.2018 o 17:57, Mateusz Jończyk pisze:
> W dniu 22.06.2018 o 17:42, Paul Hoffman pisze:
>> On Jun 22, 2018, at 8:34 AM, Mateusz Jończyk <mat.jonczyk@o2.pl> wrote:
>>> W dniu 21.06.2018 o 20:43, Patrick McManus pisze:
>>>>
>>>> The privacy considerations of using the HTTPS layer in DoH are 
>>>> incremental to those of DNS over TLS. DoH is not known to introduce 
>>>> new concerns beyond those associated with HTTPS.
>>>
>>> I have been thinking that a DoH client would open a long-running 
>>> connection to a DoH server. In such a case, request correlation 
>>> could be simple and we should drop the "is not known to introduce new concerns" sentence.
>>
>> Both RFC 7766 (DNS in TCP) and RFC 7858 (DNS in TLS) recommend opening long-running connections, and explain the operational pros and cons of doing so.
>>
> 
> OK, now I have read that passage again and understand it.
> I would argue that this should be discussed explicitly in the "Privacy 
> considerations" section.
> 

I would propose to add the following text:

	Because of performance reasons, DOH clients are advised to open
	long-running connections to the DOH server. However, in such a case the
	server is able to correlate all the requests within a connection.
	Therefore it is advisable for DOH clients to close and reopen the
	connection to the DOH server e.g. every hour or when outside IP address
	changes - to make request correlation more difficult.

I am happy to live in the EU. AFAIK our law makes doing such request correllation for tracking purposes illegal in most cases.

Greetings,
Mateusz Jończyk

v2.23.0 | Report a Bug | By Email