Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH is Politically Motivated"
Eliot Lear <lear@lear.ch> Tue, 16 November 2021 20:55 UTC
Return-Path: <lear@lear.ch>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18A193A0914 for <hrpc@ietfa.amsl.com>; Tue, 16 Nov 2021 12:55:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.741
X-Spam-Level:
X-Spam-Status: No, score=-2.741 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.852, SPF_PASS=-0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=lear.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qy0v4vbQxjeo for <hrpc@ietfa.amsl.com>; Tue, 16 Nov 2021 12:55:36 -0800 (PST)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 538B43A0910 for <hrpc@irtf.org>; Tue, 16 Nov 2021 12:55:35 -0800 (PST)
Received: from [IPV6:2001:420:c0c0:1011::2] ([IPv6:2001:420:c0c0:1011:0:0:0:2]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 1AGKtSd22241051 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Tue, 16 Nov 2021 21:55:29 +0100
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1637096130; bh=wuOIobVq0XAD4MuqrUVSaNGbYuXsFG93MWuWUQXRI1w=; h=Date:To:Cc:References:From:Subject:In-Reply-To:From; b=YA/zZKktrwaIIC20BeaUxepu9z5SDcxQYj1MjeGbtZiGIQmpx4CWrN07R/UKBpMY2 Ibn2SF2xvtAD3rYTRnNBgVhESLQfwnOst4dMx8dsh25Z07Em1XxY8siG+zA5jtH+xr MmnpuK6KCQXCSRZEuO9O6oexkzuALOWR5HbqSg94=
Message-ID: <3c32e726-12b1-b289-8305-8aaf515ed029@lear.ch>
Date: Tue, 16 Nov 2021 21:55:27 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.3.0
Content-Language: en-US
To: Ted Lemon <mellon@fugue.com>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: Eric Rescorla <ekr@rtfm.com>, hrpc@irtf.org
References: <YZJPwEUqvCvCUVRz@sources.org> <9AB66003-9285-4418-9BC4-9A415F033F26@pch.net> <CABcZeBOoxRMNBwMCMSsTGM_3YgbZs15ZAyxwd61=PhM05QCTRQ@mail.gmail.com> <1440178333.50167.1636999766064@appsuite-gw2.open-xchange.com> <CABcZeBMFsozNWN-Stcctr-i=xGd0OchJZj_6szazYAPVdygk8Q@mail.gmail.com> <1522915630.55835.1637080576757@appsuite-gw2.open-xchange.com> <CAPt1N1mb-eZovh3QC6D0Ot2UrKMn-cmvxYeBumcu83_1gMhssw@mail.gmail.com>
From: Eliot Lear <lear@lear.ch>
In-Reply-To: <CAPt1N1mb-eZovh3QC6D0Ot2UrKMn-cmvxYeBumcu83_1gMhssw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------fKOyLP4dZV1m7HIFZugJMFHP"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/7yEbIFjJywoD3SLzarSL7mipToA>
Subject: Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH is Politically Motivated"
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 20:55:41 -0000
We run this risk of this discussion getting quite 'meta' (no offense to Facebook). Yes, DoH and DoT are both public protocols, and in themselves I don't think they are particularly harmful. It is precisely when they bypass local infrastructure when things get messy. You may say, “but a private mechanism can do the same thing.” This is true. But when a private mechanism does the same thing, we can in fact place controls on the infrastructure to either prevent it or reduce it substantially, "simply" by binding network access to name resolution (ok, it's not THAT simple but it can and has been done). But that doesn't work unless the the local resolvers are used. Do motivations matter? Certainly. That's how work gets done. If motivations can be impacted, that's how work is directed. But I tend to agree with you that it is the outcome that matters by orders of magnitude more, as far as we are concerned. And here, we really can't say if there is a good outcome or a bad outcome – yet. It depends on what information is lost, and whether Bad Guys are covertly using newly created channels, and whether you are even able to identify that. The jury is still out (a phrase that has some interesting meaning today). More data needed. But where is that data? Eliot On 16.11.21 20:18, Ted Lemon wrote: > On Tue, Nov 16, 2021 at 11:36 AM Vittorio Bertola > <vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote: > > That's exactly why the difference between DoT and DoH is political > way more than technical: I trust you that both may be used in ways > that make them hard to block, but for DoT it is an unintended > consequence, while for DoH it is an intended objective of the > designers, stated in the specification itself and in several > public statements. > > And this is a great illustration of the good reason why we talk about > political versus technical in the IETF: because if we consider only > the political and not the technical, we can wander off into the weeds > doing things that don't matter. > > In this case, you're drawing a distinction of intent, but what matters > is the effect of the protocol, not what was intended. As an example, > we've seen a few people assert that DoH is bad because it makes it > possible to bypass the local resolver in a way that is difficult to > detect (which is actually debatable). But in fact it's trivial without > the DoH protocol to do the same thing—it's just not standardized. So > the difference between DoH and this non-standard protocol that I > speculate might exist is merely that one is documented and the other > isn't. > > So if we imagine that we are somehow protected when we don't document > the protocol, we are whistling past the graveyard. This is the > important distinction that we lose when we reduce this to a political > discussion, and it's the reason we shouldn't. > > _______________________________________________ > hrpc mailing list > hrpc@irtf.org > https://www.irtf.org/mailman/listinfo/hrpc
- [hrpc] "Paul Vixie and Peter Lowe on Why DoH is P… Stephane Bortzmeyer
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Bill Woodcock
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Eric Rescorla
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Bill Woodcock
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Eric Rescorla
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Paul Wouters
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Jacob Appelbaum
- [hrpc] "Paul Vixie and Peter Lowe on Why DoH is P… farzaneh badii
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Vittorio Bertola
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Eric Rescorla
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Vittorio Bertola
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Eric Rescorla
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Ted Lemon
- Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH … Eliot Lear