Skip to main content

Minutes IETF104: dprive

Meeting Minutes DNS PRIVate Exchange (dprive) WG
Date and time 2019-03-29 09:50
Title Minutes IETF104: dprive
State Active
Other versions plain text
Last updated 2019-03-29

March 29, 2019
Brian Haberman and Tim Wicinski, chairs
Minutes by Paul Hoffman
Things on the slides are not reproduced here

Phase 2 requirements and milestones; Benno Overeinder and Alex Mayrhofer
        Question 1 (hard requirements)
                DKG: List of SHOULDs/MUSTS different in the group
                        Scope of the question is odd
                        Authoritative name server MUST have its identity
                                Need to sort out auth mechanisms
                Stephen Farrell: Would like a direction towards suggestions
                Joe Abley: The requirements need to be useful as requirements
                        Should be ulitmately be published
                        Should be useful requirements
                Karl Anderson: What do MUST/SHOULD mean in an unpublished
                document Sean Turner: Agrees with Steve Watson Ladd: Some sort
                of distinguishing Ralf Weber: We have done efforts to having
                the data in DNS secured
        Question 2 are we set with DoT
                Paul Hoffman: Yes
                Sara Dickinson: It the requirement that we will use no other
                protoco than DoT?
                        Would we look at better protocols?
                                Yes, but it is not a requirement
                Peter van Dyke: Doesn't want probing, make it discoverable and
                a small set Manu Bretelle: Seems OK Eric Kline: Need a
                mandatory minimum, DoT seems fine Eric Nygren: Wants a way to
                go to DoQ Puneet Sood: Seems fine Watson: Don't make your own
                protocol Petr Špaček: No probling
        Question 3 end user signaling
                DKG: Put this off
                Manu: This will be complicated
                Stephen Farrell: Useful to think of, but keep off critical path
                Peter Lexis: What would end user do with this info
                        Alex: Green padlock
                Christian Huitema: Keep it simple, no way to know if the
                resolver is lying Joe Abley: Should the user be able to signal
                that it wants signaling
                        Wasn't suggesting that it was easy or sensible
                Ralf: Recursion from cache is nearly impossible
                Wes Hardaker: In the HTTPS world, for the user to act on web
                        True with the green lock
                DKG: Signaling to or from user is super-complicated
                        Failed to do this in the IETF when it was much simpler
                Dan York: Will the end users even care?
                        Will anyone do anything with this?
                        If no one is going to use it, just move on.
                Eliot Lear: Overarching question for IAB: what sort of end user
                signaling is useful Ekr: Can't imagine what the client would
                use with the signal Brian Dickson: Policy discovery
                        Should go to the application, not the user
                Sara: Likes client signal to ask recursor to only do a query
        Other questions?
                Stephen: Is the goal to be strict or opportunistic?
                        BrianH: Need to figure out where the pieces that people
                        have proposed fit in; later
                PaulH: Please keep comments on the mailing list
                Ekr: Likes issues on GitHub
                Stephen: Keep non-editorial on list
                Ralf: Keep on list
                Dan: Is this going to become a draft?
                        Different way of working, this is not really a draft
                Benno: Use to structure drafts and start a discussion
                Dan: This is now a stealth document
                Brian: Could be a document, or a link on the charter
                Ekr: Drafts are cheap
                Lars-Johan Liman: Draft

Update on DNS Privacy Considerations and Operational BCP; Sara Dickinson
        Ekr: Are you saying be running unless you're doing this?
                Sara: If you say it is a privacy service
        Ekr: Red exclamation looks bad
                How will you handle neutral things like blocking
                Sara: Try to map into compliance
        Ekr: What is the policy setting / what do they do / does that disagree
        Sara: Maybe will add tests from multiple vantage points
                Also add over TLS
        Stephen: Multiple categories of blocking
        Jeff Hodges: Look at netalyzer at Berkeley, might be synergy
        Allison Mankin: Having a BCP on this is valuable
                This group can do that
        Rich Salz: Would like to see advice for CDNs
                BCPs are for a point of time, things change over time
        Joe: Should be published
                Defines terms that are useful to site
        Dan: Split out the DPPPS thing
                Useful to put in front of lawyers
        Christian Huitema: Some of this is client-side recommendations
                Recommendation of "don't break clients that are doing the right
                thing" Client BCP would tell how to choose a resolver, which
                gets tricky
        Alex: When would move these documents to DNSOP? When are encrypted
        protocols normal protocols? BrianH: CDN providers should sent text for
        this document
                Will ask for review in DNSOP, keep the document here
        Watson: Shouldn't this be for all DNS operators?
                All DNS operators be using encryption

DNS Privacy and Applications; Vittorio Bertola
        Ekr: Introduction does a reasonable job
                Recomendations reflect one point of view
                Cannot imagine get any consensus
                Trim down to what is making upset, add in why peole want these
        Stephen: Agrees with Ekr
                Document is not written objectively
                Nothing should be done with this until more evaluation is done
                on bigger picture
        Martin: Find someone who is implementing this as a co-author
                This is very much like throwing stones
                Long way from finding balance
                Good list of concerns being articulated
                There's always one more thing that pops up
                Vittorio: Welcomes co-authors
        Stéphane: Surprised by example
                Not in DPRIVE's charter
                Many issues are unrelated to privacy
                Some are in scope of IETF, some are not
                Asking for consensus is wrong
                Split this into managable issues, don't do laundry list
                        For each, is it an issue for the IETF
        Sara: Good starting point for discussion
                Different types of clients (humans and applications) for two
                dimensions Restructure: identify the threats and give
        Watson: Recommendations are acceptable
                This is a broader issue for larger WG
        Vittorio: Not so easy to separate the discussion

Certificate Discovery for Recursive to Authoritative exchanges; Manu Bretelle
        Paul: Different SPKI in Name could remove a red block
        Joe: There is no real way for name servers to update certs well
        Watson: Signaling that you can do DoT vs. authenticating
                Keep them separate
                Manu: Do9 gets signal from parent
        PeterVD: Some resolvers are broken for broken DS algorithms
                Manu: Other ways for DS to signaling
        Wes: Parent-child synchronization makes some of these a non-starter
        Ralf: Agrees with Wes
                Solution should be a child side
                Should require DNSSEC
        Alex: EDNS0 option?
                Manu: Can be intercepted and dropped

Bootstrapping to discover DoT and DoH servers; Tiru Reddy
        DKG: This strikes as room for implementation error
        Ekr: What information am I coming away from
                Tiru: Will let them connect to local resolver
                        Need a certificate for EST server
        Richard Barnes: Switch between public internet and managed enterprise
        network mode Tiru: If you are using MITM, this is not needed Michael
        Richardson: This is the thing that imprints on the device Ekr: Is there
        a wired communication path?
                Tiru: User has authenticated to the network
        Watson: Why are you TLS SRP
        Stephen: Are you used to EST?
                Seems weird to use that to get DoH
        Warren: Confused about deployment model
                How does my device know not to use the Starbucks one
        PaulW: Orthogonal to the IPsec client that connects to the client
                Read all limitations on the Split DNS draft for IPsec
        Matt: This is a malformed problem statement
                Network security services don't need to treat DoH and DoT the
                same We want people to DoT and DoH Names hostile users and
                        Won't solve hostile applications through configuration
                        Won't solve hostile customers through more management
        Richard: Tussle
                There is a use case in here
                Figure out what the user experience you want to create
        BrianH: Asks about how many have read and think in scope
        Martin Thomson: Related to work in the DoH WG
                Could need to understand the mechanism
                Frightening mix of acronyms
                Could be simpler
        BrianH: ADs should help coordinate where things like this should happen