<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Sep 9, 2014 at 10:49 AM, John Levine <span dir="ltr"><<a href="mailto:johnl@iecc.com" target="_blank">johnl@iecc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">>> This battle was lost long, long ago. ISPs routinely intercept<br>
>> NXDOMAIN DNS results and replace them with A records pointing to a web<br>
>> server with "helpful" paid ads.<br>
>I've always found this one complicated. If done without the end user's permission, it's an issue. But there are<br>
>people who believe it's bad even *with* the end-user's permission - for reasons I find hard to follow.<br>
<br>
</span>There's a good reason and a bad reason.<br>
<br>
The bad reason is that it violates the holy end-to-end principle, of<br>
which the less said the better.<br>
<br>
The good reason is that not all DNS lookups are for web pages. Pick a<br>
service <div class="HOEnZb"><div class="h5"><a href="mailto:cryptography@metzdowd.com"></a></div></div></blockquote><div><br></div><div>The bit about "end user's permission" is fragile. It is hard enough to </div><div>structure a contract or agreement between two. If all the players in the</div><div>middle and on the periphery could modify anything they see establishing</div><div>bounds for a permission map seems impossible.</div><div><br></div><div>Traceroute to <a href="http://mail1.metzdowd.com">mail1.metzdowd.com</a> returns 17 route points. Any of these could</div><div>do packet inspection and modify content. That is simple mail... other protocols may </div><div>have other interactions. Mind you not mail headers just network routing.... </div><div><br></div><div>The warm red flannel shirt you order for the winter could become a used</div><div>t-shirt in transit with some awkward printing on it to boot as the package</div><div>moves through hands in transit. </div><div><br></div><div>We hear of luggage theft in airports as it moves from intake, to inspection, to building</div><div>to staging, to aircraft to..... Theft is one thing, evil or malicious injection of stuff is also </div><div>within the bounds of possibility and in this paranoid world the risks grow and I will not </div><div>speculate on the possible abuses. </div><div><br></div><div>This is in contrast to address specific content... Say Xfinity buys a space on a</div><div>web page that has a link to Xfinity content.php that looks at the destination</div><div>and JavaScript decides what you see in that space. It gets interesting if the</div><div>local router passes data via a side channel to the server so the .php server</div><div>side has more state than is obvious. A WiFi box could place you are in a </div><div>locker room, powder room, gun range, poolside, nature beach..... What </div><div>we cannot see is the back channel data flow. Authentication ensures that some</div><div>data flow must take place.</div><div><br></div><div>The end to end no molestation contract and legislative framework to eliminate back channels</div><div>both seem important to me.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br clear="all"><div><br></div>-- <br><div dir="ltr"> T o m M i t c h e l l</div>
</div></div>