[Resolverless-dns] narrowest possible scope: first-party origin, HTTPS-only + DNSSEC-signed
nusenu <nusenu-lists@riseup.net> Tue, 31 July 2018 22:36 UTC
Return-Path: <nusenu-lists@riseup.net>
X-Original-To: resolverless-dns@ietfa.amsl.com
Delivered-To: resolverless-dns@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 438DA130E8A for <resolverless-dns@ietfa.amsl.com>; Tue, 31 Jul 2018 15:36:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.801
X-Spam-Level:
X-Spam-Status: No, score=-0.801 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ii-2VcdXiyz7 for <resolverless-dns@ietfa.amsl.com>; Tue, 31 Jul 2018 15:36:06 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CC03130E48 for <resolverless-dns@ietf.org>; Tue, 31 Jul 2018 15:36:06 -0700 (PDT)
Received: from cotinga.riseup.net (cotinga-pn.riseup.net [10.0.1.164]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id C3A8E1A0A30 for <resolverless-dns@ietf.org>; Tue, 31 Jul 2018 15:36:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1533076565; bh=WwHK1QukA8L1PFwkcOt9vx2TOeF+s+vZ5UHjmLcXjxM=; h=To:From:Subject:Date:From; b=sG/kXU8aEHd74nZ4IBXqxLo+QPh+YPsUQU9+y1Byv7wRrUFlMhuQQP1SeAaBsJ3tG PAoThmv4uzvpDZODC5VkP0ZzdmLNZmeYuRBZE8SGM1JUMLyvEI2vHZWL5AVjtqxuFP 4OQk+rIz9gXNNrl4rVPOUjIPKQp6ux+nWjFm3iKc=
X-Riseup-User-ID: 45CDCE0E12F7C7A897865674BC76F75AA535C1A76D9B2D9C1512D55C66414E71
Received: from [127.0.0.1] (localhost [127.0.0.1]) by cotinga.riseup.net with ESMTPSA id 416F2619F2 for <resolverless-dns@ietf.org>; Tue, 31 Jul 2018 15:36:03 -0700 (PDT)
To: resolverless-dns@ietf.org
From: nusenu <nusenu-lists@riseup.net>
Openpgp: preference=signencrypt
Autocrypt: addr=nusenu-lists@riseup.net; prefer-encrypt=mutual; keydata= xsFNBFj53gUBEADYKwT0pW1yiqt6UReZW8T2nXVCyeVT2G6z7AvW69afp82uthRH237pQ7Qs 5vq91DivN6fGN6cVksp0N9Yv+5HEQAwUxpLfcNDcGzmHMd0JMItEtozGv3a4FuiUoHAqeGXM 6Kzi3v5F2PZGF+U4QaGKEZq6u50gO/ZFy4GfC9z9tsO6Cm7s7KldVHMGx/a0MEGMwh6ZI9x2 hGXSSAKu58KRUkEpHzDiQTj+/j58ndNfZRQv6P5BLppHADRPqwEOm4RQcQYskyM0FdKXbJ8E 5GW268meflfv2BASsl3X/Xqxp+LNrstXIbFZ+38hVlQDDmdvaASpPTzIAxf8FxMYZqI+K1UE kP5nU45q84KiZoXwT6YYJDKToLSDnYkKlsrCSnLkE3Nb/IexgNoYO4nE6lT9BDV3athQCWw1 FwB5idRYWnIqbVgUFgYZDUdZBJmeTEeI+Wn5hFz6HvFVc/+haMVTcoEKSkG/tsSGsKOc2mp6 z+71io9JWrVQGmw7OeZeE4TvkF9GhwS8jrKO4E0crfcT/zT6368PZCO6Wpir8+po/ZfOWbbh 1hi3MxmXn4Fki55Zrvhy3sf28U+H/nByQV4CssYv/xVhIZsN/wNQLcDLgVs4JTBUik8eQR0Y Qrq9lG3ZVtbpEi7ZTJ6BOGIn2TKHsVIVGSQA0PdKpKYV45Lc4QARAQABzSBudXNlbnUgPG51 c2VudS1saXN0c0ByaXNldXAubmV0PsLBfQQTAQgAJwUCWPneBQIbAwUJBaOagAULCQgHAgYV CAkKCwIEFgIDAQIeAQIXgAAKCRCtYTjCRc1Cfq/kD/sHx+mnL6OLwJvBj1rVTyoHJYJARajz Go0yRlbrZSH6Z05OD3SDR9UVpWOZeY8JyFoTyCFQjAbIVjKifj0uSmi0j1iahrAgGGfik0cN XUkCxrW6jcJQ37EbvYWu4PryqLuC7IeQW1wCcB1ioyGYKkm2K6LZ9rzZPVYSmPohJ+gVI0Jt EdlNZl4JuZot9eA5w/22uvcStQHzXDsUxfqK8OAJpU8E3iBBdNpLPMDWpFz4g2yw5PD6jZ+K Q39PYMUFULaKe4YCw1O+0MFhZJI4KEcRYHuVy1b3cJjxzgVfEyFctLDsO1sh07vBhoVKUi8W e00pvGtv8QYxxMYIA3iACbsjGEr69GvvZ2pAnu9vT9OUCaES4riDCxbkMxK/Cbwk8F6mo0eq HDQ7sOZWQv81ncdG9ovlA7Pj96cEXgdtbbllF1aUZ8sAmT14YjGzhArGv7kyJ1imH5tX3OXk hBGA9JTk2mDNjEpFaTEajSvDiKyeEhWNTLm15siWkpg1124yjUkhQ3OCkw7aUDMiVn8+DQHo J2pP/84uUvngbhm1jV7nk8mxTUFgppUePkb5hhnRRzeK72QY00EwRdn7qnpNgijMJ3Fpjfy2 EeCEl3nNdcB7U0F+0ijA6P/+DROldxNr4eiP50RvV8XiW/yi2IkKBk50GNB87yYnDETxxx/c 2i00AM7BTQRY+d4FARAAwJZ6U7UT8uB1WCfLK3AOR1Wa9bzOAghlTR4WXbHB4ajQKG7/Fzud 99bnwD0V3/AOVz/SbGDyHe+7HMvd1A0Ll4NgyH6OpxY7wOwCXAYTAbcXLpM7eKTjjsb9A9XG 3FcIGvjcy76OkaewqhiABaShlStEYcPkRusHZuecXtCnfCjJKihU/kinWpBO9gY6SrF2KFCw aeS4r37brXQ9y8uy3gZ168QFuIa5AKfL0r5YN3k4StNSA2p5Z/pufWXMN3B03QC+3fireiz3 dinlHK6XjUW8oWSdNxJhexT/lUw+episNuWTQruy7PD+HeohYGXqjggmPUiWc171Sewb2f8H CHViHMee8QXqo/LSRkYVrtsx0HUSMKsVQOma/u2By03ucroIkQJQQfqX3YpK1i3EpUO2L0/m E8UpBvUm1vrst54EFym4tYNJTj9reVffFKh2cczmPVN5o8v3RrdTF96mGtcb9EJbGV4277ZE LqUspviEBXynqU3yZ48JhIWHj22/ha6TeBpapYZDOJ8lePed8E34J/GYE2YXl65LhpXAKvWz O3KiByGMysb9Li6zqZ9/BYQtg5CA6Q8Oo7pBxK4iiDH3GX2WvymmLoaOBpOaIYdvKr39fajE mzfbg7TdZKXxqp2KDrbw7vUJLDyrmPWpxHyhKHItzoi1Y59wzYSq3h0AEQEAAcLBZQQYAQgA DwUCWPneBQIbDAUJBaOagAAKCRCtYTjCRc1CfpfgEAC3tXZzhgKbF6fx5gMNDp/9MBpialvu k69UaGL3HUqM0/ytiT4FjYUmOK2mk37iop46GivsOC50PykG9gjbg9/QKUqgsZzJ8LJ+ldY4 /GKtiP5JoO59Obj8MJJ5Ta8yPfZiiNx/I8ydqd18E4PmQUCPlEKhett81t3+8R/mGwG72TaA hHwDjZAEjiXdnXh+z0AKpflCnYQafq0V73ofzuw4KovpJWMk/WPs5oSHhuV4TZ8nRkF6BR4y rEvs1kq8Y6DuNqQGwY3yilpnmqfMzzlWo7MlY657domU54bhGOsvNuZZsFDlcBczQo6h9OKq ckkVHUMAw38pX+EghzEfhYVWYmLNv5G9TA/M2s3frO3aN7ukNDq7CKIwfVz71/VfPaLQMY7/ jirzp9yIBZEi4E+PwP38FAGiD+nxzuUJv1rvxf6koqUGoHRvdppju2JLrC2nKW0La7RX7uZJ esCVkamT/XaXPROBTrZZqwbIXh2uSMzgXkC2mE1dsBf2rdsJ4y73+0DYq7YE52OV9MNoCYLH vpkapmD00svsP4sskRsrquPHkBBVCJa22lTaS8Oow9hGQe7BDjEhsVoPol889F0mbTRb3klv mGQ6/B/HA0pGWR9wISY8a7D40/qz6eE6+Yg22mtN1T8FFlNbyVmtBj0R/2HfJYhGBElLPefH jhF0TA==
Message-ID: <6db5d9d9-ab94-0ccd-3b32-c01d37ed3403@riseup.net>
Date: Tue, 31 Jul 2018 22:35:00 +0000
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="WN6iYw0fbfSqSDL1lsy9VJzoHYIJzYLsj"
Archived-At: <https://mailarchive.ietf.org/arch/msg/resolverless-dns/8xe1o0rtzdrW_IqdKyFxaW-uk5E>
Subject: [Resolverless-dns] narrowest possible scope: first-party origin, HTTPS-only + DNSSEC-signed
X-BeenThere: resolverless-dns@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Resolverless DNS <resolverless-dns.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/resolverless-dns/>
List-Post: <mailto:resolverless-dns@ietf.org>
List-Help: <mailto:resolverless-dns-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/resolverless-dns>, <mailto:resolverless-dns-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jul 2018 22:36:08 -0000
(I'm quoting from the meeting notes that Patrick sent out [1]) > Paul: We started with "where might we be getting this data"? Let's > limit this to HTTP. > > DKG: I think that an interesting thought experiment would be to > define the narrowest possible scope where something like this might > be interesting. If that means "within one tab", HTTPS-only, > DNSSEC-signed, hopefully at some point we can find something that > doesn't make too many objections, and then maybe we can walk it out. I support DKG's suggestion of the scope: DNS data coming from opportunistic sources (that is a source that has not been configured as a DNS resolver) - MUST be DNSSEC-signed - MUST be transported via an authenticated HTTPS connection By that definition anything non-HTTPS is out of scope. I'd like to clarify the "within on tab" item. I'd propose to use URL bar origin as a boundary. That is, if you have two tabs pointing to example.com they might share the DNS data learned in either tab. Should the URL bar origin be the entire FQDN or should it be limited to the SLD? mail.example.com www.example.com would be the same URL bar origin if we stop at the second level domain. my motivation for supporting this work: - decentralization/privacy: the configured resolver(s) get to learn less DNS queries, at the same time we do not introduce new resolvers to the system/application (we MUST **never** actively ask webservers from whom we got DNS data opportunistically for DNS records if they were not specifically configured as resolvers) I see a privacy+latency win here that is similar to OCSP-stapling where the webserver basically acts as a reverse-proxy for the user as well. - fewer networks will be in-path (single endpoint [webserver] vs. multiple endpoints [webserver+multiple auth. NS]) when a user visits a website (context: [3]) - has the potential to reduce the hard question of: "Whom should users give their DNS queries?" since the chosen resolver will get to see less if this is adopted widely (but DNSSEC might become a limiting factor) - creates a performance incentive for zone owners to deploy DNSSEC - creates a performance incentive for browser vendors to implement DNSSEC validation - might help reduce tracking opportunities of DoH clients by DoH servers (since they get less data) - might help in bringing DANE to the web/browser world - I see a value of this work in the context of privacy focused browsers like Tor Browser that have already strong URL bar origin isolation [2] and limited persistent state that might become useful in solving some of the privacy concerns this new construct might introduce. [1] https://mailarchive.ietf.org/arch/msg/doh/jWMuniwu-V4rucpscVlInBAZPWs [2] https://www.torproject.org/projects/torbrowser/design/#identifier-linkability [3] https://nymity.ch/tor-dns/ -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu