IETF Logo Mail Archive

Re: [saag] Discovery: can it be solved

Watson Ladd <watsonbladd@gmail.com> Wed, 17 November 2021 23:51 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 717BF3A00E2 for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 15:51:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1KLMBoQcwUTS for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 15:51:48 -0800 (PST)
Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C83923A00DF for <saag@ietf.org>; Wed, 17 Nov 2021 15:51:47 -0800 (PST)
Received: by mail-ed1-x529.google.com with SMTP id x15so18608234edv.1 for <saag@ietf.org>; Wed, 17 Nov 2021 15:51:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ZWKtwDAb0q7FJDwAMkUc0D8kXd1V6XzCe4O1yQNChfU=; b=XF1nH2cRAchufou1UleS/Mfs/JMleusVig3Ef/ySo3Oi4b4mc3nlTxaGlAUEbwQ1Xn RicHZg5sIH2vLy6rpHEJw/KOymoQGYiNgTTVfTQLa+jq7yBfJrKYuhUg7GzHKgt0lbWE avBsUwY8UZGwYayyXtDKTfuPcQQsCfClftvyy02bq7NbHhHLzVVSxfkmhVHchY15e8Hw Hu3IqGgjmfhMci2/kHaWzg+eHJrLGLKpFIAgL5f7leZirtzS8aC3ZQeDQ/sHQ0Kt2rZV G3uzjEGlffPn+N/Idzgwvny51clRjs1J5yw7mM4AK5ib+c13sgUKXUVpK9k4ZN6tLRNQ CVxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ZWKtwDAb0q7FJDwAMkUc0D8kXd1V6XzCe4O1yQNChfU=; b=2JAngxLWqI1voleWyf8Etz3JCF6AmsiVZacDJx5Rp6lEGk9wxic1H1XRnx4OJd2NpI GIbz0fT6iAI5PpgWPB4aXWN2S/Cx5BaetWbWR/FEGe/PYK9TTkW1gieZ3lwt0R/hla88 XbdqNFeQfHb4ygZF0tX5yQ8IpLKrwVLPviIsKc4/6dLctFAsnHXj4hyWwDGAm+fDURJc DFXd+GDh6acAvlRUgc0cAimkKyIrk0TdvbDTzpIeuXAvX/U6e0Z+5IqXtu6Cu4DqvZ1Q Q1TlqHZM4q1OZb7M0nVl50MGwZc42StUh32ij0KN0DwTZSZBGYCermCCfMBi9UQ7TYPX rIRA==
X-Gm-Message-State: AOAM531Zv5rues6k9bp7/CX5qAWRRS3hOuDRw3VibU4jM4suQpp0FhiU QUBmP1UO9nvCKujYku2sabvNpTXOYJqBY3tw91+9lp6P
X-Google-Smtp-Source: ABdhPJz1WZfJCXu/1bHoKlod7T85aBGs28atZtpZWqpR0JwqLvLrrQ5lZp/Y8pxpt3HYZz933wNovu/C543pGVIWt7Q=
X-Received: by 2002:a17:907:7d8b:: with SMTP id oz11mr27574744ejc.507.1637193101327; Wed, 17 Nov 2021 15:51:41 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com> <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com> <19101.1637068497@localhost> <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com> <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
In-Reply-To: <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Wed, 17 Nov 2021 18:51:29 -0500
Message-ID: <CACsn0c=8E5GQ4dJ8WnibfoRb-j2OJakJmH+t5TBU8gdje9=Xag@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: David Schinazi <dschinazi.ietf@gmail.com>, IETF SAAG <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/BUyvhvTkgXNCZPTkmLiCpnSs1b4>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Nov 2021 23:51:51 -0000

On Wed, Nov 17, 2021, 5:14 AM Ted Hardie <ted.ietf@gmail.com> wrote:
>
> Hi David,
>
> On Tue, Nov 16, 2021 at 9:25 PM David Schinazi <dschinazi.ietf@gmail.com> wrote:
>>
>> I don't see any value in standardizing discovery of privacy-related services.
>> When a client device (a user agent, if you will) ships a feature that is
>> marketed at improving user privacy, the vendor makes some promises to its
>> users. For example, it could say "your IP address is hidden from websites".
>> The vendor needs to follow through on that claim, and the way it does that is
>> by using specific proxies that it trusts.
>
>
> Put differently, the need for discovery depends on what claim the folks shipping the feature put forward.  I can imagine claims that work with discovery, like "This software protects from on-the-wire observers collecting your DNS traffic by using any locally available DoH or DoQ services.  It falls back to a globally configured service when no local services are available."  I can imagine claims that do not.

Local services are also unlikely to have the same degree of
independence from adversaries. Would you trust your ISP to delink your
identity from itself?

To be clear I don't think these problems are surmountable. I'm asking
the people who think they do to raise, hold, or fold, rather than make
the same arguments across working groups (often simplifying very
different trust and deployment models).

Sincerely,
Watson Ladd

v2.23.0 | Report a Bug | By Email