Re: [Add] WG Adoption Call draft-reddy-add-enterprise-split-dns

"Vinny Parla (vparla)" <vparla@cisco.com> Fri, 13 May 2022 12:34 UTC

Return-Path: <vparla@cisco.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35370C15EB2B for <add@ietfa.amsl.com>; Fri, 13 May 2022 05:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.172
X-Spam-Level:
X-Spam-Status: No, score=-10.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.575, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=McuvL8Yf; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=pLSMfCdu
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z7FtQE5KZYQ3 for <add@ietfa.amsl.com>; Fri, 13 May 2022 05:34:38 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58095C15EB27 for <add@ietf.org>; Fri, 13 May 2022 05:34:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8673; q=dns/txt; s=iport; t=1652445277; x=1653654877; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=fkaYLjgZM6sEzIB9HQpcU2EMj04xjMfOZZNbOXbFrbk=; b=McuvL8YflGNLkeaOf/CWVVoTWjOU/P+MoEF0FrKIQDNqA3GyzgSxU24Z LX9yQGGa+dOA7OTFXjFl0VfsDHmd8qmNospsbTCcQVEPFhq7x+ODkthaY Ewc/DlkF7fKzTmBGJRoHoGP8OU8CsjZbUViQ+gYCV5DKqH6bSuz9nNo2M Y=;
X-Files: smime.p7s : 5483
X-IronPort-AV: E=Sophos;i="5.91,221,1647302400"; d="p7s'?scan'208";a="1031923867"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 13 May 2022 12:34:05 +0000
Received: from mail.cisco.com (xfe-aln-003.cisco.com [173.37.135.123]) by rcdn-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 24DCY5iZ027014 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Fri, 13 May 2022 12:34:05 GMT
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Fri, 13 May 2022 07:34:04 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Fri, 13 May 2022 07:34:04 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HQ+q79vpnNE9kdC9Y/a0J/Q/e9Yx+EJtWsrKqmGLD9jE6swYLx63Sd2Ob63M7C4ChpdwBQi32wor9a33Qg/9U/eV9kQXKZ3cBJAK9GBHGPbX/0ZfELStPV2rrWiC5lN6lBOOE8AuqocxpGTft8tVF21msZiLeafLDGf8yBT54hQqJ9H21TfFKDgbR7n6kO/lgIFGxjJ/wX0FOW83MZVR2/zH9vs++2wFna5rhNkGPz9HqAJQpUm8UGucpqWyeQcOxxboYj2t7HNJUaYTq/IHGiuLOik2t1oUpiBgwR1LUOkoHp3AUVu2j3PfVnxmsts6PrzE+IGqPgUgo8bCFrcn2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tkBmzLKozLJ227qJqpHmptAeQ9W1/C7nmfPqSWan7eo=; b=HdAIkbyfAr/GKjNrstDxOizVeMAgkdwt6NxgnoZ/ao8xu1/xCo17MDw4kiHiL3iajBmtdjzQH+XLA9y4lzAlBuE7guydjgdU/IooVyes9gkiKfRpkAdOj+QukV/xUPvHs5HSvM0o+f63FqVNBUDkk1WosCSb+/W7UB/EBNpPXdicxUuQ3y2+7jV56Nbx7aF7EMmqBmOtfqUdj6s/XjnoMMjWUoIh3x5SHJ74MGPaLUVL8PiMgiJ36ucMESfKhh9k/nCo3n+2HqJaHBLtmWwA52l703ANRSrdiS30GZFBrfo3mFGO9EVI1NZRHy4fe0xw2OuYl1vi2V17DjfHf1f4MQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tkBmzLKozLJ227qJqpHmptAeQ9W1/C7nmfPqSWan7eo=; b=pLSMfCdu7ks+TQUrgEJ+cl4IRdrQCQBCC8V2yaTH+/rAblH5DRxeZfNe0DbzYNI/TAGTe5uqm7ECJsAR8cCP9xax/yXvR2wHxFbaKh0DT6YAzM3e4DV0JoQz6gsqOJstqqx2DHgJerV30qLwiUTBLiSFDwadd5iNcMoz6b4ZFSk=
Received: from BN8PR11MB3828.namprd11.prod.outlook.com (2603:10b6:408:89::23) by SJ0PR11MB5007.namprd11.prod.outlook.com (2603:10b6:a03:2d2::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.14; Fri, 13 May 2022 12:34:03 +0000
Received: from BN8PR11MB3828.namprd11.prod.outlook.com ([fe80::a5f0:c3b7:4613:e48b]) by BN8PR11MB3828.namprd11.prod.outlook.com ([fe80::a5f0:c3b7:4613:e48b%7]) with mapi id 15.20.5250.014; Fri, 13 May 2022 12:34:03 +0000
From: "Vinny Parla (vparla)" <vparla@cisco.com>
To: Paul Wouters <paul@nohats.ca>, "bemasc@google.com" <bemasc@google.com>
CC: ADD Mailing list <add@ietf.org>
Thread-Topic: [Add] WG Adoption Call draft-reddy-add-enterprise-split-dns
Thread-Index: AQHYYLHeuLFHgfdZn0mOQC06ps+DNq0QszyAgAvPyoCAAEZ4QA==
Date: Fri, 13 May 2022 12:34:02 +0000
Message-ID: <BN8PR11MB38286113673838F13F973C13D8CA9@BN8PR11MB3828.namprd11.prod.outlook.com>
References: <BYAPR11MB3111FD2D0FF61231304A5F3DEAC29@BYAPR11MB3111.namprd11.prod.outlook.com> <CAHbrMsAcpHFon+JS9jsLdqANt+1FmkA_VDAwW4PSUDMJwtbavA@mail.gmail.com> <14b56185-4fe3-8e4b-adcf-22ddb624329@nohats.ca> <6091dcb9-0d91-6666-2c3f-ae8da960242b@lear.ch>
In-Reply-To: <6091dcb9-0d91-6666-2c3f-ae8da960242b@lear.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9c4396e8-8f8a-4a09-f48c-08da34dcdce6
x-ms-traffictypediagnostic: SJ0PR11MB5007:EE_
x-microsoft-antispam-prvs: <SJ0PR11MB500752076B6873E6299DFE64D8CA9@SJ0PR11MB5007.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8+aDD4aAlOzJmQPnI7K+NXcE7whQ8u8NN33j9gvKUtBVgcRy2miUzlPkkaQmcjE6DQYtbWHqpUdbmxvhKc3f4YBTgbTkeAhornHjB9Rf67t0/m/N3gjRMNvzaD0Skolltxfaz4fPbBPhJ27OJwxHm6GCe8dceInGnJN3/nfbmGtAVIvUTTRoMh6wLu+KXl26dmx1HvGoju+hbf5XTjw+WmIrkfZKVqKeUJ+h6TxwR1fjmgZLyIhfalV5bJmNxtO/VnPc1dfhPoj8FUBUnoMSUY2SZGXZ9iJEPqJpikOtp9uJldLXMzTMSGfUwn8O8UuGmXynHfz9yAP/cjmkUzGG7ReHlGbWmIjeA1fO4Vk7hi1cOOTfreBHdqwLoFfgKVLDbxcKGIpkLgb83vaEFRZjlZEWQqmWoOYfWVm6GJd0InFduk9DvPGvaFoll48PXg0svhEZS7HJA13gmJeS5eYj5Ha0xo0galSEKCovAmXihaeGLHJyJ++lCrW4NgVwZcmGn+k1ZwWGtDrKhE90M6DJzqxQAU+7LwFiHwPkXbbPvt8IGYqHqh+Sr+o0LvJLaGPJxp5ho9/xy485FFIL5AxWmQ8y3MbiXoEXRo4MeYalc0iETCR9mjBJYMByV6KrwpOgVQpEtdXJppODrHUZCJaN/BMtwt1D/VS+iFEvodw1pK4ieLKOC4HYKFdEgkBwxbJ5fMWiaehdyaxpy1AvgY1MuA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN8PR11MB3828.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(508600001)(86362001)(66946007)(8676002)(66446008)(66476007)(66556008)(122000001)(76116006)(64756008)(4326008)(71200400001)(110136005)(38070700005)(38100700002)(316002)(186003)(9686003)(7696005)(99936003)(83380400001)(53546011)(6506007)(5660300002)(2906002)(33656002)(8936002)(52536014)(4744005)(55016003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 2
x-ms-exchange-antispam-messagedata-0: bX0wuN4dgCgI1KeJeyYMIYxNyVgvIRliW0kdMcyHtYYkqkIc0rYiWwuZUygE+GivivA1ZZRtYsWZN+0399DL1YI5OAIUk724EFsl0mgxjvlWTQsK09kp6+wHyC7NzUrkB9sCYPq4MX4Ac+gzQzirJaHBB8Ou2YnnIsI0SYAIQMhU0gFrVCldL5VDJbF4vzYOLALBVkL+YHwsIuIadFYxFnkMYEOJNccLdb5JebbC3WIRN4Rh76a/sj6zK+1xbDrmxcpGrtqHlJgECMbgPOzf7inw0zsK4fO+JnvDBQxs0bQbZ9vTPaA62amim0HZfdAy1O37glVaHbFaE3ohy4Q9Eumd2kqaC666TG+BEjZTDgFvDEtBy1APOGvlidT46isPmrjeHcYkfI54mNsAInZEw5J0N/43Z1laUb9frlr8wgTw+zKF9c1YT2se9PrcctJ+qSLOfbxZ+bKJSWJXYoI9bHPRwid52IKKTazBq/+GSwaqyPYAmtyzeoshtJIPc3Gxmo8+beN4snKdKC5z+zUqpWnPXxXoGB5N4X1ZMdErExWYawF1VCzf4yYf78G7oBkISdSyLJsz40p5lduN2Ii7Yoj8i0+NNUcOPrzr0Jl94Ni+rzu0lzI04mi8W7MjVThd9Jt9MW8oj1hn0KAoGLtE/s/Fjya3WYuJyVwjMvjMXFpBvuaK/25ES3KFCfpSa/jfdEMlJda96OLcHNE+oAdYQmdUQsCNKAL7cv+4oAFSXYTWrBxhsztTFE4CvLuXLdX9bh7zTSG1MQanxWFQD6fsXrMFal3pLhI6n0LAcCzl8LC7IDBsY31N4j6acSa3wkIgiwcyHi8w2wNICSyOy4r9iAFRXaB848IxA46UO1QXy71U5hjgy3Y9vtIwgH5m+imGSxk9fuYmSjvemsI3V2SRRLzfp+C+4Z26HxvkYyAzMT/lrv5RklCV4PO1cO8oFDZXCYqvYO1zSBr5bHnGDeO0PIR7x+A133hMjA1uEsFTWRIPj3Y4caUNBZN/pUjd5n5eAf6fHHn+VAFP1GNUOkTH1agAw612PPGBBudS1ALQAsfsUdFLlN5j6cIwvN9oKAtCWkGsEPTaOxlP+UNiMxl5FZ58ZPA0IJn+cFDuCkvJDanR94qqTk68mSfrP9V8btTqhpMkROqlmReAuJ4LIfVcAY54wiUUv7TFdaSy/hNiuBAnjG4ogMM18J4Uw+3SZnCOvRe225ztlx9SIy4SutECOvXShCLra8E335djXxD9RqoafGGSX8zkbXn1akMMnAyxjkvlshhVTmjx2/yIYMSuPzdLMnaRh4mjDx5BLVJ0oMCO4lMqyfVCKzVnzfghoP9iXx26qShlWmol5pm32QUF58/nKiINFUp5paXsa4Ozfxt+xuvS3ER2YMJ4VxvlHq6hyktBRnahOg5GXGDiAUKGMr2nT+1Zn6vn8yOZuzn0mOf8My65NdyswL4bMe2+pg6YaSI04cQy264FhP7YmaFIg1a2E/9X3tAbP/DJc5vuGWIhC2yX/Pm/sfHgbVzSptCcoZCKBaOA5XEffRl+Twv3YNQTGVbcxwMpa7RoO9U8J7TTDDMa7V5BhqgUujlA9UMPx5fQcUjkP7QN+j5fapJp4Xii09NoTiIdYYiWdlT24Ie8u8UTaT5QSw6tJdKx/Vh2+d9ojVhqr8S3RRbAcKj55T/3CQgS6AnjWFH5xk/TJ9ty42clFG87vjFFTO/WvdLW/K3WsLZgKY1k5ApDWqEEG0rMnYVmqY6zYGeVMvuZF66J1R1vugqWwDoIx6NMLIgxlNpOCJvT
x-ms-exchange-antispam-messagedata-1: 60uZuZbvxFhQIQ==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0048_01D866A4.32877F00"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN8PR11MB3828.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9c4396e8-8f8a-4a09-f48c-08da34dcdce6
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 May 2022 12:34:02.9450 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: W4Vb0lOx34KObstXKRfH+damZEyWFG8tANcuM4AGaYTJGSPB6B1z3cbm9wbkYv05iXImrTJ46L88up+p5t7jdw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5007
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.135.123, xfe-aln-003.cisco.com
X-Outbound-Node: rcdn-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/4VyuACTyEoPDhxI4xe39rPhfWjA>
Subject: Re: [Add] WG Adoption Call draft-reddy-add-enterprise-split-dns
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2022 12:34:42 -0000

On 05.05.22 21:57, Paul Wouters wrote:
> The only real solution I see is one similar to the IKEv2 split-DNS
> case, one where there is basically an authenticated and authorized
> provisioning step that enables the user to join an "enterprise network"
> wich can demand all or a subnet of DNS traffic which the user is
> required to opt-in to. And even that is tricky when a user is kinda
> forced to accept to get any connectivity, say in a hotel or coffeeshop
> (or repressive regime)

I still feel there is a missing piece - like a Captive Portal phase - where 
the user opts into the DNS settings overrides to their devices or declines to 
join the network.  Informed Mutual Consent.

I none-the-less am supportive of this draft and what is looking to accomplish.

-Vinny