Re: [Doh] Privacy Considerations Text (#2)
Patrick McManus <pmcmanus@mozilla.com> Mon, 25 June 2018 23:40 UTC
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B464C130EF2 for <doh@ietfa.amsl.com>; Mon, 25 Jun 2018 16:40:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gPt78uN1D3vm for <doh@ietfa.amsl.com>; Mon, 25 Jun 2018 16:40:22 -0700 (PDT)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id AB37C130E5C for <doh@ietf.org>; Mon, 25 Jun 2018 16:40:22 -0700 (PDT)
Received: from mail-ot0-f175.google.com (mail-ot0-f175.google.com [74.125.82.175]) by linode64.ducksong.com (Postfix) with ESMTPSA id 469023A02B for <doh@ietf.org>; Mon, 25 Jun 2018 19:40:21 -0400 (EDT)
Received: by mail-ot0-f175.google.com with SMTP id i19-v6so17019683otk.10 for <doh@ietf.org>; Mon, 25 Jun 2018 16:40:21 -0700 (PDT)
X-Gm-Message-State: APt69E3qBYnWWlOyavZyTk1GbiixtubWcyeH6ZoyDZfaocW4SnTjIQhM rsv0VFYaNzfIHI9wAtAwCWfuQSmfwtcwUcPm/qs=
X-Google-Smtp-Source: AAOMgpdFFEf0WC97fqte6GVJLzZC92Xt8Xcw8D3USnDJ5TcQ3nvqnMLXd3lvVx3fnnntpA1zKW15oWRjZhZDtdAPdlg=
X-Received: by 2002:a9d:1bd6:: with SMTP id v22-v6mr9029174otv.85.1529970020961; Mon, 25 Jun 2018 16:40:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4a:8a22:0:0:0:0:0 with HTTP; Mon, 25 Jun 2018 16:40:20 -0700 (PDT)
In-Reply-To: <DAE6BABB-668E-4AAA-9BAC-4CFEADB2358D@sinodun.com>
References: <CAOdDvNpGSw6SP6COgJuJR_y2i1BjPWy3_i14vCYUP3jq6=zGuQ@mail.gmail.com> <0c003af5-6258-6de5-fdaf-161402c60b4d@riseup.net> <DAE6BABB-668E-4AAA-9BAC-4CFEADB2358D@sinodun.com>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Mon, 25 Jun 2018 19:40:20 -0400
X-Gmail-Original-Message-ID: <CAOdDvNqWjE22Uss6ZWhtZgg9LZw1dSRCOxsU9C1UqwaMS0vx7w@mail.gmail.com>
Message-ID: <CAOdDvNqWjE22Uss6ZWhtZgg9LZw1dSRCOxsU9C1UqwaMS0vx7w@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: Patrick McManus <pmcmanus@mozilla.com>, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009dd39d056f7fe719"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/yeeJAvss6OXryQD48wqtt4iKUQc>
Subject: Re: [Doh] Privacy Considerations Text (#2)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jun 2018 23:40:25 -0000
Hi Sara, + ### DNS Specific considerations > + > + Whilst DNS transports will generally carry the same privacy properties > of the > + layers used to implement them the standard DNS wireformat itself notably > + contains no client identifiers. > That's mostly true imo (modulo perhaps edns client subnet) Using HTTPS as a transport therefore introduces > + new privacy concerns over DNS over UDP, TCP or TLS (RFC7858) with regard > to > + additional data that may be visible to a DoH server compared to a DNS > resolver. > > I do agree that HTTP adds additional considerations, which is what the existing text describes. But I don't agree with this sentence which, significantly through the use of therefore, indicates HTTPS has client identifiers and other transports do not. The previous several paragraphs have enumerated client identifiers also present in IP (therefore UDP), TCP, and TLS. Everything that transports wireformat. What if, instead, we add a new first paragraph to the "In the server" section along the lines of "The original DNS wireformat contains no client identifiers, however various transports of the DNS wireformat do provide data that can be used for request correlation. HTTPS presents new considerations for correlation ranging from explicit HTTP cookies to implicit fingerprinting of the unique set and ordering of request headers." > + ### HTTP Specific considerations (#HTTPconsiderations) > > I think this is largely what the paragraph that begins "The DoH protocol design allows applications to fully leverage.." is conveying. Maybe it can move towards what you are thinking.. wdyt of: The DoH protocol design allows applications to fully leverage the HTTP ecosystem, including features not enumerated here. Utilizing the full set of HTTP features enables DoH to be more than an HTTP tunnel, but also opens implementations up to the full set of privacy considerations of HTTP. Implementations of DoH clients and servers need to consider the benefit and privacy impact of these features, and their deployment context, when deciding whether or not to enable them. Implementations are advised to expose the minimal set of data needed to achieve the desired feature set.
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Mateusz Jończyk
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Paul Hoffman
- [Doh] Privacy Considerations Text (#2) Mateusz Jończyk
- Re: [Doh] Privacy Considerations Text (#2) Patrick McManus
- Re: [Doh] Privacy Considerations Text (#2) nusenu
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Eric Rescorla
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Patrick McManus
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Paul Hoffman
- Re: [Doh] Privacy Considerations Text (#2) Eric Rescorla
- Re: [Doh] Privacy Considerations Text (#2) Hewitt, Rory
- [Doh] Privacy Considerations Text (#2) Patrick McManus
- Re: [Doh] Privacy Considerations Text (#2) Howard Chu
- Re: [Doh] Privacy Considerations Text (#2) Patrick McManus
- Re: [Doh] Privacy Considerations Text (#2) nusenu
- Re: [Doh] Privacy Considerations Text (#2) nusenu
- Re: [Doh] Privacy Considerations Text (#2) Sara Dickinson
- Re: [Doh] Privacy Considerations Text (#2) Joseph Lorenzo Hall
- Re: [Doh] Privacy Considerations Text (#2) Patrick McManus
- Re: [Doh] Privacy Considerations Text (#2) Joseph Lorenzo Hall
- Re: [Doh] Privacy Considerations Text (#2) Andrew Sullivan
- Re: [Doh] Privacy Considerations Text (#2) Patrick McManus
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Hewitt, Rory
- Re: [Doh] Privacy Considerations Text (#2) Sara Dickinson
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Patrick McManus
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Mateusz Jończyk
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Ray Bellis
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Paul Hoffman
- Re: [Doh] [Ext] Privacy Considerations Text (#2) Patrick McManus