Re: [Doh] New Version Notification for draft-dickinson-doh-dohpe-00.txt

[Sara Dickinson <sara@sinodun.com>]

> On 18 Jul 2018, at 16:22, Ben Schwartz <bemasc@google.com> wrote:
> 
> I think this draft could use review from readers familiar with HTTP.  I hope that people with knowledge of HTTP will help us to understand whether this draft's recommendations would result in a significant increase in user privacy.

Completely agree.

> 
> For the draft's authors, I have a question: does this draft's "privacy threat model" include a DOH server that uses active measures to differentiate clients?  Or is it scoped only to passive discrimination between different client implementations?

Both of these.

> 
> As for other issues, I think the draft might need to consider header order.

Yes - a couple of other folks have mentioned that too.

>   I also couldn't find an easy list of mandatory headers in RFC 7540, so that list might be worth repeating.

There doesn’t seem to be a simple example in any draft I found so the current text is a bit of a cop-out. I was wondering if it would make more sense to have the list in draft-ietf-httpbis-bcp56bis-06 as a general clarification and then this document could reference that?

Or Stephane suggested pointing to RFC 7230 (plus a bit of RFC 7231) instead. But actually I now think example messages would be the most explicit way to show what DoHPE messages should look like.

Sara.


> 
> On Wed, Jul 18, 2018 at 10:03 AM Sara Dickinson <sara@sinodun.com <mailto:sara@sinodun.com>> wrote:
> Hi All,
> 
> We’ve just submitted a very short draft outlining a privacy profile for DoH called DoHPE.
> 
> It is very basic at the moment but it would be great to get some feedback on the idea here and to see if the WG sees this as something that should go through this group or head somewhere else. Since the guidelines are purely HTTP related, this does feel like the right audience to review the document at least in the first instance.
> 
> Sara.
> 
> 
>> Begin forwarded message:
>> 
>> From: internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>
>> Subject: New Version Notification for draft-dickinson-doh-dohpe-00.txt
>> Date: 18 July 2018 at 09:58:48 GMT-4
>> To: "Sara Dickinson" <sara@sinodun.com <mailto:sara@sinodun.com>>, "Willem Toorop" <willem@nlnetlabs.nl <mailto:willem@nlnetlabs.nl>>
>> 
>> 
>> A new version of I-D, draft-dickinson-doh-dohpe-00.txt
>> has been successfully submitted by Sara Dickinson and posted to the
>> IETF repository.
>> 
>> Name:		draft-dickinson-doh-dohpe
>> Revision:	00
>> Title:		DoHPE: DoH with Privacy Enhancements
>> Document date:	2018-07-18
>> Group:		Individual Submission
>> Pages:		8
>> URL:            https://www.ietf.org/internet-drafts/draft-dickinson-doh-dohpe-00.txt <https://www.ietf.org/internet-drafts/draft-dickinson-doh-dohpe-00.txt>
>> Status:         https://datatracker.ietf.org/doc/draft-dickinson-doh-dohpe/ <https://datatracker.ietf.org/doc/draft-dickinson-doh-dohpe/>
>> Htmlized:       https://tools.ietf.org/html/draft-dickinson-doh-dohpe-00 <https://tools.ietf.org/html/draft-dickinson-doh-dohpe-00>
>> Htmlized:       https://datatracker.ietf.org/doc/html/draft-dickinson-doh-dohpe <https://datatracker.ietf.org/doc/html/draft-dickinson-doh-dohpe>
>> 
>> 
>> Abstract:
>>   This document describes DoHPE (DoH with Privacy Enhancements) - a
>>   privacy and anonymity profile for DoH [I-D.ietf-doh-dns-over-https]
>>   clients.  The profile provides guidelines on the composition of DoH
>>   messages, designed to minimize disclosure of identifying information.
>> 
>> 
>> 
>> 
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org <http://tools.ietf.org/>.
>> 
>> The IETF Secretariat
>> 
> 
> _______________________________________________
> Doh mailing list
> Doh@ietf.org <mailto:Doh@ietf.org>
> https://www.ietf.org/mailman/listinfo/doh <https://www.ietf.org/mailman/listinfo/doh>