IETF Logo Mail Archive

[hrpc] "DNS Privacy Vs" Re: Working group last call for draft-irtf-hrpc-guidelines

Mallory Knodel <mknodel@cdt.org> Thu, 01 July 2021 15:39 UTC

Return-Path: <mknodel@cdt.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E4843A1286 for <hrpc@ietfa.amsl.com>; Thu, 1 Jul 2021 08:39:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cdt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-uMCvl7rpaX for <hrpc@ietfa.amsl.com>; Thu, 1 Jul 2021 08:39:06 -0700 (PDT)
Received: from mail-qk1-x744.google.com (mail-qk1-x744.google.com [IPv6:2607:f8b0:4864:20::744]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E80033A1289 for <hrpc@irtf.org>; Thu, 1 Jul 2021 08:39:05 -0700 (PDT)
Received: by mail-qk1-x744.google.com with SMTP id z3so6419511qkl.4 for <hrpc@irtf.org>; Thu, 01 Jul 2021 08:39:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cdt.org; s=google; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to; bh=wZMT2SGY5VvuvM2Yi/8DbHirrSCHveLh+l96FMuGr9s=; b=Xf7yXjwvxDMRP3pSKZmP/UiKgi0DXPI3aCI0FWPYfg9rH6fTISupa+K4K1SYaLZkJL MXa9LCYA15x1TOhBaqyueKLjXDEAk8ly7NG6+LMlLuHpWGBILa/o3UU1qUYuuaQXWW4B K/3Fg+fpbhwV5hwGtpleK/CFVD/lGkGVw3Jac=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to; bh=wZMT2SGY5VvuvM2Yi/8DbHirrSCHveLh+l96FMuGr9s=; b=F7FlO9kiW+xu0DUM4VX9Dn6kId10XqR8COQ/DuHuiw7ErHm8xqkN5OD/1fUHXanh18 5Pp9Or2vYwjL71JGhQS/JGSO+yNPo8d6Cw+SefCsAc0xAcawUk3Zwp78/lc82cNFV6ia ueMCHvpK4R8BdliarVxO/qGLsZXlKdLZMOMxxkEUGsZlkD6RVIG98RRf7fqzN9tv790q QY+A8jC+8iliXqGnVnEIo2Nj2hIoalD8eu/pYSAl32le//pVNjcv+Pij3nc0HXTnMXfN 8xXty4SkFNqEEuYdfu7WP+Y0tHmclg5SDc5CE17jqeE9mRzpPtz4OmlGLqWDoY/H69fq 736w==
X-Gm-Message-State: AOAM533leuBptOikZRidl9xcaNWfmGqTUY0i3p53EVWeALGoEWN/WEdN VmTQRjikRl6zLB8cycYRC7QKCA==
X-Google-Smtp-Source: ABdhPJyvfHNND50t1mCLh2LOkYeFYSbUCozBJbUK6vEjHDmr2o3Jzd5VngC6hqMUY1MKIAcH0dnQWA==
X-Received: by 2002:a05:620a:2229:: with SMTP id n9mr611383qkh.41.1625153944540; Thu, 01 Jul 2021 08:39:04 -0700 (PDT)
Received: from [192.168.0.130] (c-73-163-188-207.hsd1.dc.comcast.net. [73.163.188.207]) by smtp.gmail.com with UTF8SMTPSA id 65sm78497qkl.91.2021.07.01.08.39.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Jul 2021 08:39:04 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------pdwFelOB0sR1JjbFu1dSmUKS"
Message-ID: <fbce4e06-b56d-e3bc-8823-bc89d527d83f@cdt.org>
Date: Thu, 01 Jul 2021 11:39:03 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Thunderbird/90.0
Content-Language: en-US
To: farzaneh badii <farzaneh.badii@gmail.com>
Cc: Gurshabad Grover <gurshabad@cis-india.org>, Mallory Knodel <mallory@cdt.org>, "hrpc@irtf.org" <hrpc@irtf.org>, Eliot Lear <lear@lear.ch>
References: <447c4444-800b-dfb9-de3e-bbbe3bb4ac64@lear.ch> <6b540117-38a6-fbfa-3749-048d14b34f38@cis-india.org> <CAGVFjMK5K_VQWiQCre7r21c+ofasyUshP5wFYSxmjtX5147Q6Q@mail.gmail.com> <CAN1qJvDw3K182+GQpe4jKK5sA3oRgVFH0_duJ0qmkjGTg71qfA@mail.gmail.com>
From: Mallory Knodel <mknodel@cdt.org>
In-Reply-To: <CAN1qJvDw3K182+GQpe4jKK5sA3oRgVFH0_duJ0qmkjGTg71qfA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/1jPnhooG26KQGyTcy7sfI36TvX8>
Subject: [hrpc] "DNS Privacy Vs" Re: Working group last call for draft-irtf-hrpc-guidelines
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2021 15:39:11 -0000

Hi Farzaneh,

On 7/1/21 9:12 AM, farzaneh badii wrote:
>
> I have now gotten to read your paper. It sets the scene for a discussion
Yes, that's actually the only goal of the paper.
> but there are some very generalized and broad hypotheses in the paper 
> that have not been supported and there are many disagreements over 
> them.  The trade-off between privacy and security of the DNS users is 
> unclear and needs much more in-depth research, especially when we 
> relate it to public interest.
We hope that the paper sparks lots and lots of additional research.
> Moreover, the trade off you are mentioning in the paper is itself an 
> argument for both centralized and decentralized systems
Indeed, it is pointing this out and hopefully helping advocates 
recognise this confusion situation-- that centralisation can be 
leveraged for good, but ultimately the tradeoff of the effects of 
long-term centralised markets/internet/etc is probably bad.
> (there is an actual research group about  decentralized 
> infrastructure, I don't know how useful it is: 
> https://datatracker.ietf.org/rg/dinrg/about/)
This is a related use of the word "decentralised" but it is not the 
same. DINRG is concerned with "distributed ledger technologies", eg 
blockchain. It's not what we're talking about.
> Also decentralized as explained in the document is very vague. 
> Decentralization of what aspects of the infrastructure, used by whom etc?
As an architecture and a market.
> It is surprising but the Web itself technically has a very centralized 
> governance.  I can't suggest a change because the text asserts the 
> arguments with too much conviction but we should identify these issues 
> as areas of research.

Glad we're exactly on the same page!

Thanks so much for the review,

-Mallory

>
>
> On Mon, Jun 28, 2021 at 3:14 PM Mallory Knodel <mknodel@cdt.org> wrote:
>
>
>
>     On Monday, June 28, 2021, Gurshabad Grover
>     <gurshabad@cis-india.org> wrote:
>
>
>         > Section 2.3.13
>         >
>         > I don't know that we have *any* real success stories for
>         > decentralization.  HTTP certainly isn't one.  Certainly
>         designing
>         > *toward* centralization might be best, but I don't think we
>         have very
>         > many examples of that *either.*  Moreover, I have argued,
>         and continue
>         > to argue, that some centralization may *facilitate* human
>         rights.  If
>         > you take into account the combination of DOH + cloud, an
>         observer must
>         > go to far greater lengths to discern even so much as the
>         nature of the
>         > traffic, much less content and actual endpoint.
>         >
>         > And this raises another issue: the point of much of cloud
>         services is to
>         > improve individual service reliability.  And yet those same
>         cloud
>         > services are a form of centralization.  If you consider that
>         perhaps a
>         > handful of players might force DNS traffic to a limited
>         number of
>         > resolver services, we might also say that DoH itself presents
>         > centralization risks.
>         >
>         > These sorts of conflicts are of course to be expected. The
>         question is
>         > whether it is worth providing guidance relating to
>         centralization.  I
>         > will claim that nobody yet has a real handle in this area,
>         and so better
>         > to say nothing in the form of guidance.  Instead, it seems
>         to me to be
>         > good fodder for future work.
>         >
>
>         I don't think I have a strong opinion about this. Before
>         making any
>         changes in this section, however, I'd love to hear what others
>         think.
>
>
>     I do think that while centralisation can be leveraged for good
>     that it’s well established that an interoperable, resilient
>     decentralised internet architecture is ideal for the public
>     interest. So there may be trade offs. I would point to the section
>     on consolidation in the paper Shivan and I wrote on DNS Privacy Vs
>     (the public interest).
>
>     It’s important to keep in mind the tensions so that we aren’t
>     dogmatically accepting either scenario.
>
>     Here’s that text: https://github.com/mallory/DNS-Privacy.
>
>     Great work getting this new version out!
>
>     -M
>
>
>
>     -- 
>     Mallory Knodel
>     CTO, Center for Democracy and Technology
>     gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780
>
>
>     _______________________________________________
>     hrpc mailing list
>     hrpc@irtf.org
>     https://www.irtf.org/mailman/listinfo/hrpc
>
-- 
Mallory Knodel
CTO, Center for Democracy and Technology
gpg fingerprint :: E3EB 63E0 65A3 B240 BCD9 B071 0C32 A271 BD3C C780

v2.23.0 | Report a Bug | By Email