Re: [Doh] Mozilla's plans re: DoH

Vittorio Bertola <vittorio.bertola@open-xchange.com> Thu, 28 March 2019 08:44 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 792FC120469 for <doh@ietfa.amsl.com>; Thu, 28 Mar 2019 01:44:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xw2QZiBFn09j for <doh@ietfa.amsl.com>; Thu, 28 Mar 2019 01:44:06 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C98A1203EB for <doh@ietf.org>; Thu, 28 Mar 2019 01:44:05 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id 5B43B6A274; Thu, 28 Mar 2019 09:44:03 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1553762643; bh=5HG3GO/fWIIzvjn35O+4hFcDAhwgEHGU4v+tMLGFiLY=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=0HitMDNTKQyucntfj68a1nNHG+JlWLK7PPlKOSOyzUbTVjxlzb4rzCjRK2Ex1fz6s sVdfhCP7CY65AV0fqS9QIHzk6vn5ln6R4Mxv3luC2nKlbwmx52f9eFz4ssfxe2YeDD fGwvTptfspoq/fS4r59/7wW1UwX2RAtojlUSeqX6gFmCF87JBCSSOYPq6Cld2MVwxO 5FANd4Z+kO4ywwiag7eUaee7/XWyc9XD/yJP35YPu95UQNcR/CaLlPDuSQYHxUkBpm hOi2IX1pRPdBo8VPh+c59Zj5d01PJRJKyFrl+1TKOhGXli499t5m7W2R1zTYbRWOta MsxB19KkPVXsQ==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 4CCD63C045E; Thu, 28 Mar 2019 09:44:03 +0100 (CET)
Date: Thu, 28 Mar 2019 09:44:02 +0100 (CET)
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: DoH WG <doh@ietf.org>
Message-ID: <1351299192.23919.1553762643258@appsuite.open-xchange.com>
In-Reply-To: <24f0d96b-c6e3-97b8-7ead-b1853b4171f6@cs.tcd.ie>
References: <CABcZeBOk5bM+3G2Jd3Lu33Z08gc=AeoZ8UFHzN6AYk4f_hjZ8Q@mail.gmail.com> <CABcZeBPUh6x=D+GfKg11+4bRouZdm1LcZvLm1jd4UUEJA832BQ@mail.gmail.com> <alpine.DEB.2.20.1903271629430.13313@grey.csi.cam.ac.uk> <CABcZeBOv0S8gHMYejhGkSncB4kX7KVFiYP3bHPLimdZ==epQQg@mail.gmail.com> <CAH1iCiqPJK=QAVvNufhGJ=uq2d9Znh2puau9GnQukw8vbiu3Ww@mail.gmail.com> <7d8c0bde-3393-7a48-ceeb-cf6db191f260@cs.tcd.ie> <CAH1iCiqEqbVDcaGtC+EzwiHFsFptKbvQMxg34UMO0CojWRb_mA@mail.gmail.com> <24f0d96b-c6e3-97b8-7ead-b1853b4171f6@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_23918_1038358775.1553762643253"
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.1-Rev9
X-Originating-Client: open-xchange-appsuite
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/yP4u-D7Sl9DCOZQEWnNhEwdSbRY>
Subject: Re: [Doh] Mozilla's plans re: DoH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 08:44:20 -0000

>     Il 27 marzo 2019 alle 23.46 Stephen Farrell < stephen.farrell@cs.tcd.ie mailto:stephen.farrell@cs.tcd.ie > ha scritto:
> 
>     I do not accept the above as a useful distinction for this topic.
> 
>     Those in the category of your first bullet can only be protected
>     by technology when (essentially) all those in other categories
>     use the same technology. (That said, I could quibble with your
>     text, but won't for now:-)
> 
>     But, and it's a big but, those whose safety is not at risk (today),
>     also have valid interests to protect, and mechanisms that we have
>     to offer for such protection need to be widely deployed to be
>     effective.
> 
The problem is that, in DoH's "obfuscated traffic mode" (is that better than "dissident mode"?), increased transport privacy for the individual (not necessarily increased privacy, but that's a different story) is obtained at the expense of network security. Other tradeoff points are possible, giving the user almost the same amount of privacy but also more security, so while I find it justified to push the tradeoff to the extreme side of privacy when someone's life and freedom could be at risk, I would prefer a more balanced tradeoff point (the one in which DoH traffic is clearly identifiable and can be blocked by the network if necessary) in other contexts, at least as the default.

More generally, beware that if you build an Internet that is designed to work as if everyone on the planet were a dissident in an authoritarian country, it is not unlikely that you will then get an Internet regulatory and access environment that looks like the one of authoritarian countries, even in democratic ones.

Ciao,

--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com mailto:vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy