This seems like a great example of best practice. I wonder though whether it highlights a weakness in the protocol design if it is necessary to rely on goodwill by developers in order to protect the privacy of end users? Perhaps future developments would take a different path, guided by the policy recently set out by the IAB in RFC8890.
Andrew From: Eric Orth <[email protected]> Sent: 08 October 2020 17:00 To: Vinny Parla (vparla) <[email protected]> Cc: Andrew Campling <[email protected]>; Tommy Pauly <[email protected]>; James <[email protected]>; [email protected] Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision... For Chrome, we're currently taking some steps to ensure connection separation between DoH requests and normal content requests. More specifically, we currently disallow DoH requests from sharing a connection with any requests that are not also blocked from sending or receiving cookies (as are the DoH requests), and we're considering further completely blocking DoH requests from sharing connections with non-DoH. Primary motivation is privacy. If DNS is multiplexed up with cookie-containing (or otherwise user-identifying) requests, makes it too easy for even an attempting-to-be-anonymous DNS service to accidentally log requests correlated up with user identity. Plans may change in the future as we discover more usecases and if these scenarios become more relevant with some of the ADD proposals around domains designating preferred resolvers, but at least for now, I would anticipate Chrome DNS requests always staying at least somewhat separated from Chrome content requests. On Thu, Oct 8, 2020 at 11:13 AM Vinny Parla (vparla) <[email protected]<mailto:[email protected]>> wrote: Hi Andrew, I agree with your view and am not in favor of aggregating Content and DNS together, although I can see arguments for doing this. I am just wondering if Browser implementors have plans to do this in the future as I need to deal with both OS DNS and Browser (app) DNS scenarios. From Tommy’s response I am hopeful the OS implementors won’t do this in the future and will keep DNS an independent mechanism. -Vinny From: Andrew Campling <[email protected]<mailto:[email protected]>> Sent: Thursday, October 8, 2020 4:33 AM To: Vinny Parla (vparla) <[email protected]<mailto:[email protected]>>; Tommy Pauly <[email protected]<mailto:[email protected]>>; James <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: RE: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision... Important though browsers are for some, DNS is an Internet protocol and needs to work for a wide range of devices and clients. Mandating its absorption into a multiplexed stream via HTTP/3 seems unnecessary, irrespective of the potential performance gains and other possible benefits for web clients. Andrew From: Vinny Parla (vparla) <[email protected]<mailto:[email protected]>> Sent: 07 October 2020 15:40 To: Tommy Pauly <[email protected]<mailto:[email protected]>>; James <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision... Hi, What I am driving at in my original question is do we envision mixing Content and DNS together in a multiplexed session or will DNS continue to be an entirely independent channel (whether over HTTP/2 /3 Do53 DoQ DoH). -Vinny From: Tommy Pauly <[email protected]<mailto:[email protected]>> Sent: Wednesday, October 7, 2020 9:23 AM To: James <[email protected]<mailto:[email protected]>> Cc: Vinny Parla (vparla) <[email protected]<mailto:[email protected]>>; [email protected]<mailto:[email protected]> Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision... Can you cite this claim about DNS over HTTP/3? The per-query cost once an HTTP/3 connection is established should be minimal. If you’re taking into account all setup overhead for an HTTPS connection as a “per query” cost, that’s not representative of how DoH is reasonably used (and would be a issue with existing DoH). Thanks, Tommy On Oct 6, 2020, at 2:03 PM, James <[email protected]<mailto:[email protected]>> wrote: My most recent observations of discussions around DNS over QUIC and HTTP/3 was that some folks had attempted DNS over HTTP/3, however the overheads (~14KiB for a query at worst-case) made it impractical and infeasible. With regards to DNS over QUIC, the current dprive working group adopted draft [1] is focusing on stub to recursive, but not necessarily as a multiplex with an existing QUIC connection. - J 1: https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-00 On Mon, 5 Oct 2020 at 17:31, Vinny Parla (vparla) <[email protected]<mailto:[email protected]>> wrote: Hi, It was suggested that I ask this question on the 3 lists: Now that QUIC & HTTP/3 is imminent… I would like to know what the opinion is of the community on the long term view of DNS. Would DNS remain an independent channel or would it be subsumed in a multiplexed stream via HTTP/3 in some future version? For example, would a browser perform DNS queries over a QUIC multiplexed session? (e.g. similar to how today an http proxy can perform DNS queries on behalf of the client using that proxy) Would love to hear from implementors what their long term view is of this in particular. Thanks, -Vinny _______________________________________________ dns-privacy mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/dns-privacy
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
