IETF Logo Mail Archive

Re: [Pearg] Responding to "Concerns over DNS Blocking" technical error(s)

Lanlan Pan <abbypan@gmail.com> Tue, 01 August 2023 09:01 UTC

Return-Path: <abbypan@gmail.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE0EFC151982 for <pearg@ietfa.amsl.com>; Tue, 1 Aug 2023 02:01:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S6azPKgbFYTk for <pearg@ietfa.amsl.com>; Tue, 1 Aug 2023 02:01:49 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD43AC151081 for <pearg@irtf.org>; Tue, 1 Aug 2023 02:01:48 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id 38308e7fff4ca-2b9dc1bff38so42876521fa.1 for <pearg@irtf.org>; Tue, 01 Aug 2023 02:01:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690880506; x=1691485306; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Pt4O3T1lPT5qbNa8ql9hoOJTsGhumiplD2Gh1QW9wjk=; b=HeyJFMVph8uD3z6uqVnTsLq8DfTOA6ngdP75q1mM5V5HY9WG1I7QScN3qpU4rSVhPT 5BvrdzvQEZvk6hUaEmdaLekjNCQwkndLSsMADI43ac/URxTF1e2TFBghzwsxH1IF74/X JMH6gwk8kUiVrJzA30mMOGfAxNo7KVgubu6I/eZ2wbM7t0GdHk200R72+gymKBNy8vXR zd/cjql/CWXaY/j1ZIR0UHVAagwy34UAvT8WUU+Sj4MyZpJMpEgJdAtWVjHCrYszQlve BMYQtJLFzQ78FsdzvO2YU40X34E504etukh7hbUima6gEPq20t7YTuq71V496s+LYs/T T9Sw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690880506; x=1691485306; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Pt4O3T1lPT5qbNa8ql9hoOJTsGhumiplD2Gh1QW9wjk=; b=g367OiryRrJqb3knqXEXxzNfImRvKaIJEwZb/pVdFM7x4UOsvHE3ofX5ozgbhBp3lC UD6vwtAtq1TxakFxNQErwi5uFVnzxtgoZb8AoQvaeeLV3BFbg3YlR6H5C6ATMA5uSU9s m101iSfM95DbPSP0acCA0Zal1eIJ1w25aLXwpx2DwhnIo0qj5MiicsPnWfZBWYbLeyRx /8iZA0clW24zqWhG1usX3qJ0AjTqXZOACZmIQ+Pbs6L9X2ghrfrb+Xtt+wiMwJ5XjFdz 993ai+odbB2Q3kgMCrPMGLn4+84JynHF/w1QxGZheh7g5kU+Mi5uyVoB4sf6vOUqUO2m xEBA==
X-Gm-Message-State: ABy/qLZBkcKgwVJfrpdhtK54IYGxQyruF+m+sN0NpLJGejByOSgNDCz5 8jwq9nvXDCiYpIq65uRoBy3LNV6PyEdxMXS8B07SYqH/6ks=
X-Google-Smtp-Source: APBJJlHGaahWRiu0/LQldJdW0C87Z2rOobJQtYWBkJiWUQDA4j3a8ji1/xxGTrgWrAVQy42t0TMJevPQrUUzMhmXNxE=
X-Received: by 2002:a2e:3806:0:b0:2b9:e40f:ea93 with SMTP id f6-20020a2e3806000000b002b9e40fea93mr1939455lja.47.1690880506139; Tue, 01 Aug 2023 02:01:46 -0700 (PDT)
MIME-Version: 1.0
References: <CAMgphBBYNMqiwg=SkZmh6s8gCfVoFp8zmwHNCiVYzqnBwyzKNA@mail.gmail.com> <203708904.7714.1690809262228@appsuite-gw1.open-xchange.com>
In-Reply-To: <203708904.7714.1690809262228@appsuite-gw1.open-xchange.com>
From: Lanlan Pan <abbypan@gmail.com>
Date: Tue, 01 Aug 2023 17:01:34 +0800
Message-ID: <CANLjSvWcd6CC6KUdEPEtHex+dDbZrFxEvqcVtsEaGvCUq2rnng@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: Marwan Fayed <marwan=40cloudflare.com@dmarc.ietf.org>, pearg@irtf.org
Content-Type: multipart/alternative; boundary="000000000000ed171f0601d8cb5b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/_Q1sfhvm3JGUHXQDwkL_bgA5kh8>
Subject: Re: [Pearg] Responding to "Concerns over DNS Blocking" technical error(s)
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2023 09:01:52 -0000

Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
于2023年7月31日周一 21:14写道:

>
>
> Il 31/07/2023 04:36 PDT Marwan Fayed <marwan=
> 40cloudflare.com@dmarc.ietf.org> ha scritto:
>
>
> Dear wg, and more--
>
> There is a just-published open letter [1], also summarized at 117's pearg
> [2] in response to a proposed initiative that (as is summarized) can
> require ISPs to block domains via DNS without a court order.
>
> I also wanted to provide my comments on this topic, as I tried to do so at
> the mic but I was only given 20 seconds, which is an impossible timing for
> any meaningful comment, and so I shut up. Generally speaking, I would find
> in-person meetings more useful if they were less like two hours of slides
> and more like actual discussion of privacy-related issues among people with
> different views.
>
> In particular, with no offense to the signatories and to their good
> intentions, I would like to explain how bad the open letter is when read
> from a French/European policymaker viewpoint. Sorry if I will be blunt at
> times - better than being hypocritical.
>
> First of all, I concur that there are parts of the French law which are
> egregiously wrong; the part about putting surveillance stuff in data
> centres, first of all. Also, the point about not having to disclose
> vulnerabilities before patching them is valid, though this is soon to
> become a Europe-wide requirement via the Cyber Resilience Act. However, the
> effectiveness of this part of the letter is mooted when it repeatedly says
> that informing the French public cybersecurity authority about potential
> exploits will actively reduce security. This implies the statement that
> they are either incompetent or a malicious actor, and, guess what, this
> won't fly well.
>
> However, most of the letter is about DNS/browser blocking, and this is the
> worst part of it.
>
> Let's start from the end: I was infuriated by the final suggestion that
> governments should rather block websites by IP address or by blocking HTTPS
> connections. I, like many other Internet old-timers from European ISOC
> chapters and industry, spent the last 25 years educating our policymakers
> that DNS blocking would be the less bad option in respect to IP address
> blocks, as it would significantly reduce overblocking, it would target the
> end-user identifier and not its potentially transient network location, and
> would be less dangerous in terms of censorship (more on this below). Then,
> Vint Cerf comes and says the opposite, without any kind of involvement of
> the local Internet community. It's not just wrong and counterproductive,
> it's rude.
>
> Now, the arguments offered against blocking are the usual ones that
> European policymakers have heard again and again and already dismissed in
> the past. Yes, DNS blocking is imperfect and circumventable, but that's a
> feature, not a bug; it is exactly an intrinsic guarantee against abuse for
> political censorship. The point of these blocks is to make it somewhat hard
> for the average non-technical user to watch illegal football match streams,
> so that it's more convenient for them to just pay the legal streaming
> service. The point is not to establish an effective political censorship
> tool, and suggesting so, as the letter does, is insulting to the French
> parliament's integrity.
>
> Also, the argument that France shouldn't do this because it would motivate
> dictatorships to do the same doesn't work. Dictatorships already block
> stuff with everything they have, no matter what France does.
>
> The argument "we cannot implement these blocks in our DNS resolvers
> because they would apply to the whole world" is very hard to believe. This
> is said by a VP of the same company that runs Youtube, where you get a
> "this content is not allowed in your country" message every five minutes.
> Global resolvers could just geolocate requests or segment them by country
> via routing, and apply each country's filters accordingly. Yes, this
> requires a bit of cost and effort, and the real problem is exactly that.
>

+1, geolocate dns request (block) + geolocate web content load(filter)


> Even in Europe, DNS operators do not like mandatory filters: apart from
> any principle consideration, they create costs and liabilities. Yet they
> have been implementing them for decades now, because it's the law. The
> letter is about Google and other global resolvers not being willing to play
> by the same rules, trying to tilt competition in the DNS resolution market
> and keep their competitive advantage of being able to make illegal content
> available - illegal content which is not political dissent, but football
> matches, CSAM, unlicensed gambling and the likes. It is really about
> corporations that want to be socially irresponsible to make more money.
>
> So, how is this letter going to be perceived? From a principle viewpoint,
> it looks like a group of Americans (plus the IAB Chair, who possibly
> underestimated the geopolitical reading of this letter) telling France to
> be less French and more American in terms of the compromise between public
> order and free expression. From an industry viewpoint, it looks like
> Google's lobbying effort to protect their position in the French DNS
> market.
>
> I am sure that the nice people at European digital rights groups like La
> Quadrature or EDRi will support this letter, but I don't think that it will
> be successful in parliaments or that it will advance the cause of the open
> Internet. It will just reconfirm the perception of this Silicon Valley big
> tech circle (including the IETF) which doesn't want to play by European
> rules. I'd not be surprised if the law proceeded without changes.
>
> --
>
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> vittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy
>
> --
> Pearg mailing list
> Pearg@irtf.org
> https://www.irtf.org/mailman/listinfo/pearg
>

v2.23.0 | Report a Bug | By Email