Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH is Politically Motivated"

Paul Wouters <paul@nohats.ca> Mon, 15 November 2021 15:16 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC88D3A0D39 for <hrpc@ietfa.amsl.com>; Mon, 15 Nov 2021 07:16:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 81lBiPX72B0E for <hrpc@ietfa.amsl.com>; Mon, 15 Nov 2021 07:16:46 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A6283A0D35 for <hrpc@irtf.org>; Mon, 15 Nov 2021 07:16:46 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4HtCTM3Zqtz722; Mon, 15 Nov 2021 16:16:39 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1636989399; bh=vixhqzYRfXaychD4qSCVej0BiND0M8W824iDx7TtTE8=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=rhQfo6jux+sXtdnop3I2RgN4sL2rLzUTtM8bJve5H30tlet2JAvRU7lX968cwlRIb O0te8LGIy0SeDlQPaPunS81bWAGQ02wn7bL4SK6Ezqtt87jtxx2t1yiDTvQYLf9Xma KHaDvDqZvy2JPRq1ctSU2gjj98Inu2OlUOEfuEvM=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id GhmFLtwYGoYM; Mon, 15 Nov 2021 16:16:37 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 15 Nov 2021 16:16:37 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 8379F1367DC; Mon, 15 Nov 2021 10:16:36 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 829841367DB; Mon, 15 Nov 2021 10:16:36 -0500 (EST)
Date: Mon, 15 Nov 2021 10:16:36 -0500
From: Paul Wouters <paul@nohats.ca>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
cc: hrpc@irtf.org
In-Reply-To: <YZJPwEUqvCvCUVRz@sources.org>
Message-ID: <89466f3-26cd-c841-7b7f-e25cb91bfd9c@nohats.ca>
References: <YZJPwEUqvCvCUVRz@sources.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/oT-IxELcyFy6eDg26Fi3ozjDtD0>
Subject: Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH is Politically Motivated"
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 15:16:52 -0000

On Mon, 15 Nov 2021, Stephane Bortzmeyer wrote:

> https://www.dnsfilter.com/blog/paul-vixie-and-peter-lowe-on-why-doh-is-politically-motivated

> What do they think? That encryption can avoid political discussions?

I also found it interesting how they talked about censorship by "bad
actors", and bad vendors delivering solutions to authoritarian regimes,
yet they don't see themselves as facilitating this by fighting DoH.

I do agree with Paul Vixie about why google encrypts. it has always
been about ensuring only they can datamine the user. The google page
using HTTPS was to prevent others like Microsoft from buying search
keywords from ISPs sharing google.com traffic to build up their own
search/avertisement business. That the same process extended to DNS
is not a surprise. Like everyone else, with ubiquitous web encryption,
the second best source of keyword information is DNS.

And _this_ is why the DNS is now political. It is the last unencrypted
service left to use for censorship, surveillance, security software,
parental control, nation states, and every other good or bad actor,
to try and determine what your packets are doing.

Where I disagree with Paul Vixie is whether you should blame DoH or
the IETF for this. I don't think so. All of this was obviously going
to happen. It is a chain link reaction. You can't blame DoH because
DoH is the expected solution to a previous problem.

Similarly (but yet completely different) is NAT. It is not needed
anymore, yet it will remain there because it inevitably supports all
current business models of selling you a service that you need because
you are behind NAT. All your smart devices could operate without a vendor
service if there is no NAT. But where is the profit in that? Where in the
past, NAT was needed by ISPs first because of lack of address spaces,
but secondary to allow it to build sub-par networking to endusers and
sell premium hosting services. Now that the Three Clouds have taken that
mostly away, ISPs have no real commercial reason for NAT anymore. In a
real free market, it would go away.

I guess in the end, the internet is jus a series of companies trying to
sell unique identifiers so humans and things can find each other. And
we will keep building layers upon layers of identifiers.

What is worse?  Censorship for business reasons or censorship for political
reasons? I'll let the historians decide later.

<end of morning coffee rant>

Paul