On 20/03/2019 05:46, Brian Dickson wrote: > On Tue, Mar 19, 2019 at 8:36 PM Stephen Farrell <stephen.farr...@cs.tcd.ie> > wrote: > >> >> >> On 20/03/2019 03:17, Brian Dickson wrote: >> >>> - If a network operator has any policy that is enforceable, ONLY the >>> technical policy enforcement model scales. >> >> My mail was about my policy for my home network and explicitly said >> that I do not claim that policy ought be followed by all home networks, >> never mind other kinds of network. Your argument about scale is not >> therefore relevant. (At least, not unless you want to give up all >> argument along the lines of "consider the children.") >> > > I am saying, that the work product envisioned by participants of the side > meeting, > needs to be some framework that scales, regardless of where it gets used.
I'm not at all sure about a "framework" being the output. I do agree that solutions for networks at all scales are required. > > It does not matter whether any policy does or does not require scalable > mechanisms. > What does matter is that there exist networks where the mechanisms need to > scale. More than one thing matters. That needs to be kept in mind. > > What is being envisioned and proposed, is a flexible-enough framework, that > scales. > > If something scales, it scales. If it scales, it won't make it impossible > to do what you want, tautologically. > > Let's try this using classical logic: > > Suppose there is a rule: "A implies B". > > The negation of that rule is: "Not B implies Not A". > The negation of that rule is NOT: "Not A implies Not B". > > I believe your argument(s) falls into the "Not A implies Not B" category. > (I hope I'm mistaken there.) > > However, I am also having a little trouble following your actual meaning. > More below on my challenge with following what you are saying... > > >> >> My policy, for my network, is as defensible as many others. And that >> isn't peculiar to home networks. >> >>> - In such an environment, there are only, ever, "willing users", because, >>> in order to use the network, they are required to agree to the policies. >> >> Wrong. In my home network, my children and their friends have >> no real choice to not use the network until they are relatively >> economically independent. (And in earlier days, they could not >> have given informed consent in any case, being too young.) >> > > So, I am trying to understand. > Does their lack of real choice make them unwilling users? One could describe it that way. I'm sure many kids might do so;-) But it's not great terminology. > Are you arguing that they should be able to bypass whatever rules you have > for your children? Most of the "rules" are not enforced by computers, and hence don't need to be written down precisely. For example, I'd encourage them to not create accounts on web sites. But I don't try enforce that in any technical way and accept that sometimes they do end up creating web accounts. Talking to them about what they're doing and scaring 'em that I could snoop if I was bothered are often sufficient. > Do you want your children to be able to undetectably use a third party DNS > resolver, such as DoH, I don't care about that. > and access naughty networks No, I'd prefer they not. But I have no technical barriers in place to do such blocking. To the extent that there's a policy at all, it's defined and (not enforced) purely in the human realm. > or malware? Bad question IMO. But in any case, encouraging human behaviour that doesn't result in malware being executed is IMO more effective. (E.g. avoiding certain OSes etc.) > Or do you want to block that particular use case? > I think their category as "unwilling" is mooted by their being minors and > not being able to give informed consent. As I said neither willing nor unwilling are good descriptive terms for home network users. They are however quite different from employees in a corporate network (esp in a case like mine with a technically permissive policy) and that needs to be recognised. > > In any case, if you do want to give them (all of them or some of them) > access to such third party resolvers, should that not be something > explicitly under your control? I don't care about that. > And should it not be easy to do (where I roughly equate "easy to do" with > "scalable", for argument purposes). Ease of use is generally good. I think the challenge for e.g. browsers, will not reside in networks like mine. I do have some minor split-horizon issues but nothing that'd break badly for anyone but me and I know how to handle it. >> In work environments what you say is also not completely correct, >> at least in some EU locales, where employees retain rights of >> various kinds whilst at work using an employer-provided n/w. We >> don't need to argue the rights and wrongs of that, it just is. >> > > I think I am also having difficulty with the argument here. Then feel free to ignore it. My main point is about home networks but i was responding to how you brought up employees. But in case it helps... I'm thinking of the issues that were raised in [1]. The end result there was that telling employees in advance meant typical corporate policies were ok, but it's not clear to me if the kind of blocking we could be discussing here (meaning blocking access to name resolution) would or wouldn't be considered proportionate, because it might depend on what services end up being blocked. (IANAL of course, so I make no claims as to what might happen.) [1] https://www.reuters.com/article/us-privacy-emails-echr/european-court-rules-firms-must-tell-employees-of-email-checks-idUSKCN1BG0YA > What is the exact scenario (or set of scenarios) you are using in your > example? It wasn't my example. It was yours:-) > > Is it an employee located in an EU locale, using a work network? > And is the employee's network applying policies that violate the employees > rights? > If the answer to the second question is "yes", I believe there are many > recourses that do not involve any technology at all, such as civil suits or > whatever mechanisms an employee has under the laws of the EU or their local > jurisdiction. > I think that any proffered mechanism over and above that is largely > redundant, and/or generally within the means of a financially independent > adult to work around, e.g. using a personal device on a mobile network not > provided by the employer. > > Or, is the employee's network not applying policies that violate the > employees rights, which I think makes the argument moot, since the > employee's rights are not actually being infringed. > > So, yes, the employee has rights, and I don't have any issue with either > the existence of rights, or any opinion on whether that is right or wrong. > What I don't follow from that is, that any network operator using > technology to interfere with those rights, is able to do so with impunity, > and that there is a need to provide mechanisms to bypass that technology. > Is that really the case, currently, in specific jurisdictions? Can you > provide some kind of reference to that, that is verifiable, in the EU? > > We all know about the issue with authoritarian regimes, and all that. I > think we can all agree that in those cases, the use of technological > methods to bypass restrictions requires individuals to violate the laws in > those places. Where there is disagreement is that it's not clear how one could provide help in that case, but yet allow blocking access to external recursives in the case of a typical restrictive corporate policy. > And I am in no way arguing against the technology involved. > > I'm saying that outside of those specific jurisdictions/environments, there > is no explicit need for making the privacy technology operate in a strictly > unilateral mode, in such a way as to evade any sort of detection. It's not clear, to me at least, that what you say there is possible. But I'm not clear what "unilateral" might mean there. > I'm saying that it is reasonable to expect that whatever > legally-permissible policies any network operator has, can be enforced > cooperatively between client (software/devices), network(s) (operator(s)), > and server (provider of whatever permitted degree of privacy-enhanced is > permitted by network operators' policies). > > The extent of what I'm suggesting is, aside from the authoritarian regime > situation, networks whose policies are not violating local laws (including > whatever "rights" laws may apply), need to be able to implement those > policies in a scalable fashion, including detecting anomalous activity > easily (for e.g. malware detection), and that client software/devices > should be able to, at their discretion, negotiate the maximal privacy > setting desired, including reaching a privacy equivalent of "no networks > available" (don't connect at all). > > >> Once more: my policy for my network is defensible but is not >> one I claim ought be followed by everyone. And the same applies >> for all of the more intrusive policies being espoused here by >> those with concerns about DoH. > > > We (speaking for everyone else) are NOT espousing policies. I don't accept that you can speak for everyone else. On what basis do you say that? I have seen mails in this discussion asserting that more restrictive policies do need to be enforced. I hadn't yet seen anyone making such statements acknowledge that more permissive policies can be as valid. Hence my bringing up my home network example. Cheers, S. > We are espousing mechanisms for policy enforcement. > There is a huge difference. > Our position on the enforcement is policy-agnostic. > It doesn't matter what the policies themselves are, the mechanisms need to > scale. > The policies themselves are, honestly, completely out of scope, other than > the mechanics. > If a particular policy is legal in any jurisdiction on this planet, and is > sufficiently well defined and sufficiently distinct from other policies, > the policy framework needs to accommodate it. > There aren't *that* many conceivable policies that apply to DNS in the > intersection spaces of transport protocol (DoH, DoT, TCP, UDP), third party > operators (yes/no), encryption (yes/no), and privacy (yes/no/MITM). > > >> That doesn't mean those concerns >> are vacuous or otherwise to be ignored, but does mean that >> claims as to such-and-such a policy being a necessity are not >> valid. Only one counter-example is needed to demonstrate that, >> and I've provided one (that is real, not invented). >> > > If it is the EU one, please read above: I don't think it actually does what > you think it does, per se. > If it is the home network one, it isn't about policy, it is about > mechanisms, and your not needing your policy to scale, isn't germane. > If anyone needs the policy framework to scale, that needs to be taken into > consideration. > As long as there is anything close to consensus on the existence of a > non-trivial number of networks who require scalable solutions to this > problem, that should really be the end of it. > > I don't understand anyone taking a position that anything doesn't need to > scale, and I think that is what you are saying (from your home network bit.) > Is that really your position? > > Brian > > > _______________________________________________ > Doh mailing list > d...@ietf.org > https://www.ietf.org/mailman/listinfo/doh >
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
