[hrpc] "DNS Privacy Vs" Re: Working group last call for draft-irtf-hrpc-guidelines
Mallory Knodel <mknodel@cdt.org> Thu, 01 July 2021 15:39 UTC
Return-Path: <mknodel@cdt.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E4843A1286 for <hrpc@ietfa.amsl.com>; Thu, 1 Jul 2021 08:39:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-uMCvl7rpaX for <hrpc@ietfa.amsl.com>; Thu, 1 Jul 2021 08:39:06 -0700 (PDT)
Received: from mail-qk1-x744.google.com (mail-qk1-x744.google.com [IPv6:2607:f8b0:4864:20::744]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E80033A1289 for <hrpc@irtf.org>; Thu, 1 Jul 2021 08:39:05 -0700 (PDT)
Received: by mail-qk1-x744.google.com with SMTP id z3so6419511qkl.4 for <hrpc@irtf.org>; Thu, 01 Jul 2021 08:39:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to; bh=wZMT2SGY5VvuvM2Yi/8DbHirrSCHveLh+l96FMuGr9s=; b=Xf7yXjwvxDMRP3pSKZmP/UiKgi0DXPI3aCI0FWPYfg9rH6fTISupa+K4K1SYaLZkJL MXa9LCYA15x1TOhBaqyueKLjXDEAk8ly7NG6+LMlLuHpWGBILa/o3UU1qUYuuaQXWW4B K/3Fg+fpbhwV5hwGtpleK/CFVD/lGkGVw3Jac=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to; bh=wZMT2SGY5VvuvM2Yi/8DbHirrSCHveLh+l96FMuGr9s=; b=F7FlO9kiW+xu0DUM4VX9Dn6kId10XqR8COQ/DuHuiw7ErHm8xqkN5OD/1fUHXanh18 5Pp9Or2vYwjL71JGhQS/JGSO+yNPo8d6Cw+SefCsAc0xAcawUk3Zwp78/lc82cNFV6ia ueMCHvpK4R8BdliarVxO/qGLsZXlKdLZMOMxxkEUGsZlkD6RVIG98RRf7fqzN9tv790q QY+A8jC+8iliXqGnVnEIo2Nj2hIoalD8eu/pYSAl32le//pVNjcv+Pij3nc0HXTnMXfN 8xXty4SkFNqEEuYdfu7WP+Y0tHmclg5SDc5CE17jqeE9mRzpPtz4OmlGLqWDoY/H69fq 736w==
X-Gm-Message-State: AOAM533leuBptOikZRidl9xcaNWfmGqTUY0i3p53EVWeALGoEWN/WEdN VmTQRjikRl6zLB8cycYRC7QKCA==
X-Google-Smtp-Source: ABdhPJyvfHNND50t1mCLh2LOkYeFYSbUCozBJbUK6vEjHDmr2o3Jzd5VngC6hqMUY1MKIAcH0dnQWA==
X-Received: by 2002:a05:620a:2229:: with SMTP id n9mr611383qkh.41.1625153944540; Thu, 01 Jul 2021 08:39:04 -0700 (PDT)
Received: from [192.168.0.130] (c-73-163-188-207.hsd1.dc.comcast.net. [73.163.188.207]) by smtp.gmail.com with UTF8SMTPSA id 65sm78497qkl.91.2021.07.01.08.39.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Jul 2021 08:39:04 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------pdwFelOB0sR1JjbFu1dSmUKS"
Message-ID: <fbce4e06-b56d-e3bc-8823-bc89d527d83f@cdt.org>
Date: Thu, 01 Jul 2021 11:39:03 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Thunderbird/90.0
Content-Language: en-US
To: farzaneh badii <farzaneh.badii@gmail.com>
Cc: Gurshabad Grover <gurshabad@cis-india.org>, Mallory Knodel <mallory@cdt.org>, "hrpc@irtf.org" <hrpc@irtf.org>, Eliot Lear <lear@lear.ch>
References: <447c4444-800b-dfb9-de3e-bbbe3bb4ac64@lear.ch> <6b540117-38a6-fbfa-3749-048d14b34f38@cis-india.org> <CAGVFjMK5K_VQWiQCre7r21c+ofasyUshP5wFYSxmjtX5147Q6Q@mail.gmail.com> <CAN1qJvDw3K182+GQpe4jKK5sA3oRgVFH0_duJ0qmkjGTg71qfA@mail.gmail.com>
From: Mallory Knodel <mknodel@cdt.org>
In-Reply-To: <CAN1qJvDw3K182+GQpe4jKK5sA3oRgVFH0_duJ0qmkjGTg71qfA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/1jPnhooG26KQGyTcy7sfI36TvX8>
Subject: [hrpc] "DNS Privacy Vs" Re: Working group last call for draft-irtf-hrpc-guidelines
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2021 15:39:11 -0000
Hi Farzaneh, On 7/1/21 9:12 AM, farzaneh badii wrote: > > I have now gotten to read your paper. It sets the scene for a discussion Yes, that's actually the only goal of the paper. > but there are some very generalized and broad hypotheses in the paper > that have not been supported and there are many disagreements over > them. The trade-off between privacy and security of the DNS users is > unclear and needs much more in-depth research, especially when we > relate it to public interest. We hope that the paper sparks lots and lots of additional research. > Moreover, the trade off you are mentioning in the paper is itself an > argument for both centralized and decentralized systems Indeed, it is pointing this out and hopefully helping advocates recognise this confusion situation-- that centralisation can be leveraged for good, but ultimately the tradeoff of the effects of long-term centralised markets/internet/etc is probably bad. > (there is an actual research group about decentralized > infrastructure, I don't know how useful it is: > https://datatracker.ietf.org/rg/dinrg/about/) This is a related use of the word "decentralised" but it is not the same. DINRG is concerned with "distributed ledger technologies", eg blockchain. It's not what we're talking about. > Also decentralized as explained in the document is very vague. > Decentralization of what aspects of the infrastructure, used by whom etc? As an architecture and a market. > It is surprising but the Web itself technically has a very centralized > governance. I can't suggest a change because the text asserts the > arguments with too much conviction but we should identify these issues > as areas of research. Glad we're exactly on the same page! Thanks so much for the review, -Mallory > > > On Mon, Jun 28, 2021 at 3:14 PM Mallory Knodel <mknodel@cdt.org> wrote: > > > > On Monday, June 28, 2021, Gurshabad Grover > <gurshabad@cis-india.org> wrote: > > > > Section 2.3.13 > > > > I don't know that we have *any* real success stories for > > decentralization. HTTP certainly isn't one. Certainly > designing > > *toward* centralization might be best, but I don't think we > have very > > many examples of that *either.* Moreover, I have argued, > and continue > > to argue, that some centralization may *facilitate* human > rights. If > > you take into account the combination of DOH + cloud, an > observer must > > go to far greater lengths to discern even so much as the > nature of the > > traffic, much less content and actual endpoint. > > > > And this raises another issue: the point of much of cloud > services is to > > improve individual service reliability. And yet those same > cloud > > services are a form of centralization. If you consider that > perhaps a > > handful of players might force DNS traffic to a limited > number of > > resolver services, we might also say that DoH itself presents > > centralization risks. > > > > These sorts of conflicts are of course to be expected. The > question is > > whether it is worth providing guidance relating to > centralization. I > > will claim that nobody yet has a real handle in this area, > and so better > > to say nothing in the form of guidance. Instead, it seems > to me to be > > good fodder for future work. > > > > I don't think I have a strong opinion about this. Before > making any > changes in this section, however, I'd love to hear what others > think. > > > I do think that while centralisation can be leveraged for good > that it’s well established that an interoperable, resilient > decentralised internet architecture is ideal for the public > interest. So there may be trade offs. I would point to the section > on consolidation in the paper Shivan and I wrote on DNS Privacy Vs > (the public interest). > > It’s important to keep in mind the tensions so that we aren’t > dogmatically accepting either scenario. > > Here’s that text: https://github.com/mallory/DNS-Privacy. > > Great work getting this new version out! > > -M > > > > -- > Mallory Knodel > CTO, Center for Democracy and Technology > gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780 > > > _______________________________________________ > hrpc mailing list > hrpc@irtf.org > https://www.irtf.org/mailman/listinfo/hrpc > -- Mallory Knodel CTO, Center for Democracy and Technology gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
- [hrpc] Working group last call for draft-irtf-hrp… Mallory Knodel
- Re: [hrpc] Working group last call for draft-irtf… Eliot Lear
- Re: [hrpc] Working group last call for draft-irtf… Mallory Knodel
- Re: [hrpc] Working group last call for draft-irtf… Gurshabad Grover
- Re: [hrpc] Working group last call for draft-irtf… Mallory Knodel
- Re: [hrpc] Working group last call for draft-irtf… farzaneh badii
- Re: [hrpc] Working group last call for draft-irtf… Eliot Lear
- [hrpc] "DNS Privacy Vs" Re: Working group last ca… Mallory Knodel
- Re: [hrpc] Working group last call for draft-irtf… Stephane Bortzmeyer
- Re: [hrpc] Working group last call for draft-irtf… Eliot Lear
- Re: [hrpc] Working group last call for draft-irtf… Stephen Farrell
- Re: [hrpc] Working group last call for draft-irtf… Eliot Lear
- [hrpc] DNS Privacy Vs. Re: Working group last cal… Mallory Knodel
- Re: [hrpc] Working group last call for draft-irtf… Mallory Knodel