IETF Logo Mail Archive

Re: [Add] [Ext] My single use case

tirumal reddy <kondtir@gmail.com> Mon, 14 September 2020 06:47 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 447893A0C52 for <add@ietfa.amsl.com>; Sun, 13 Sep 2020 23:47:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3guPU0XmIijR for <add@ietfa.amsl.com>; Sun, 13 Sep 2020 23:47:43 -0700 (PDT)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 758A53A0C4D for <add@ietf.org>; Sun, 13 Sep 2020 23:47:43 -0700 (PDT)
Received: by mail-io1-xd35.google.com with SMTP id g7so8971381iov.13 for <add@ietf.org>; Sun, 13 Sep 2020 23:47:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=A6S7HfWjCktth59QcAysf0I8EuYMNG9+cZvFrewjNzg=; b=g4qr4Z7CMPvu8ufCY51uRMOTH6P2998y/DBsYYoSjOyZirn83yIqb2fF07oDp78Ydr K6/zRBMhprSy+uRVH6dnBLqZG+VDduLjboNHDnW6Sr/h8sriyK0j70ssFH7Au3viYifU RgIjHRzEvSXAEFnA7LoOwGamIx3vr2ZXCtFu8b7SCn4IZZQd97qgFESReKiAGNPWv9b5 1S1w3DP14SCLlavNns3aD6HBw3ndWjT31ZEpO2LL4Td4l/e5kCXD8lmIm/SG8878bXBF b7e6hh7tLaTfB+JYvUoey+QJ76XHCQDgfNYg0ZANOUJKbASutHbV5WnQcdCjHnTVv7Is gN9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=A6S7HfWjCktth59QcAysf0I8EuYMNG9+cZvFrewjNzg=; b=SfUIAo12ldGH7XnVqkipXkvMpWyuw+Vl82yiD+BhuXw0CT6ttBixHpJiip0RvMlSFN uIolWFAQipX6xPo8tIfrCDokYWfanNsQbQpKBa73ItpACmA/VqLKo/qwUQdUFZsTjck8 9m4Qh3S+kF8ko4axNj33JSxIeIcpNKz2dj49P5hVl7dLv0kL7N3n9vDNXigJJzfxh6k7 KZSBdRvsjR2//ySMnxB5AIElRvRyrzA0RCanIlXXb5aevw/ORo7HelPg5Y6DVdwHmcqr wZFAZuNBPdj18Z+j8/EiLNwc5cqP2fTdlfZ28kLkIPB5qKI4DazbpKK5PTldtPrJWOw0 /Org==
X-Gm-Message-State: AOAM533k7btDcYb9DQGWlgBpfASya+4UTB1jZQsbvySaG/PJMEpXWKJu dJ/70n9rKKLqeiEFIWFCTzImNphYMxtebkwQwvs=
X-Google-Smtp-Source: ABdhPJxCucK85VzT0kPdXFtudLd/Q7nS6yyLixKjixlhQWhxobztbQGKf+wU7Vy27UjkccWRwl59Cv/dE5JmqNYXd5g=
X-Received: by 2002:a05:6602:168a:: with SMTP id s10mr9862167iow.46.1600066062544; Sun, 13 Sep 2020 23:47:42 -0700 (PDT)
MIME-Version: 1.0
References: <d4bd287a-d2ce-40cd-b635-4f74efbc77f6@www.fastmail.com> <CAFpG3ge=fyBOKsjZr+uK+kdmUsp0U1+osJjHSiwB9V59ctq=RA@mail.gmail.com> <CABcZeBPOjAor0js5RYkpzm0-6-Awx8Px06ycwu_W5XWakxYt2w@mail.gmail.com> <CAFpG3gfUr86haKDrMGTt7YjEG4uufdwF=16SbGb+5xs8JrLteg@mail.gmail.com> <3C102757-D2CF-41A3-965B-85471722A1EB@icann.org> <CAFpG3gf+z2eBRL+GT5THvr1M4J_r3CkH2=MY62zS18FPrB6zwA@mail.gmail.com> <CABcZeBOLbnbr7kSkJuJLUcRjftTWycDmcLV=6ux1ryic217y3g@mail.gmail.com>
In-Reply-To: <CABcZeBOLbnbr7kSkJuJLUcRjftTWycDmcLV=6ux1ryic217y3g@mail.gmail.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Mon, 14 Sep 2020 12:17:31 +0530
Message-ID: <CAFpG3gf=4n7n+9YTNwwRnMAptiQGGJV6MsDMuHQkJW8aLZrxHQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Paul Hoffman <paul.hoffman@icann.org>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004673f405af40695f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/5F3QIvw_FBtbivUbthhh8X9wZPs>
Subject: Re: [Add] [Ext] My single use case
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2020 06:47:45 -0000

Hi Eric,

Please see inline

On Fri, 11 Sep 2020 at 20:57, Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Fri, Sep 11, 2020 at 8:18 AM tirumal reddy <kondtir@gmail.com> wrote:
>
>> On Fri, 11 Sep 2020 at 20:21, Paul Hoffman <paul.hoffman@icann.org>
>> wrote:
>>
>>> On Sep 11, 2020, at 5:06 AM, tirumal reddy <kondtir@gmail.com> wrote:
>>> >
>>> > On Fri, 11 Sep 2020 at 16:45, Eric Rescorla <ekr@rtfm.com> wrote:
>>> >
>>> >> For wired network you plug into the wall.
>>> >> For a wireless network, someone gives you an SSID and a (common)
>>> password.
>>> >>
>>> > You seem to be referring to home/coffee shop use cases and not
>>> relevant to on-boarding devices in an enterprise network.
>>>
>>> It is wrong to say that Ekr's model "is not relevant" to enterprise
>>> networks.
>>
>>
>> I only meant common password is "not relevent" to an Enterprise network.
>>
>>
>>> Some enterprise networks use extra configuration for handing out
>>> resolver information,
>>
>> many enterprise networks (including the one I'm using at the moment) do
>>> not.
>>>
>>
>> Yes, it depends on the enterprise network. In addtion, whether it is a
>> IT-owned devices, BYOD with MDM or configuration profile or a BYOD with
>> unique credentails. The use case should consider all the above type devices
>> including IoT devices.
>>
>
> I disagree with this. In particular, I do not think it should include
> anything that is managed (MDM, enterprise config, etc.) because those
> entities can just directly configure the DNS provider. It might still be
> useful in some way to have a signaling protocol, but it is a far lower
> priority.
>

If the discovery protocol works for unmanaged BYOD, it would also work for
other types of devices.
I understand device management tools can be used to provision managed
devices with network provided encrypted resolver but it is not yet fully
supported, for example (1) configuration profile (provisioned using OTA)
does not yet support configuring the encrypted DNS resolver and the
configuration profile is specific to Apple (3) I see policies (GPO) can be
set on Chrome/Firefox and OS like Windows to use a DoH server but not sure
about other OS/Browsers. (3) I don't think MDM (from several vendors)
supports encrypted DNS server configuration yet.

-Tiru


>
> -Ekr
>
>
>>> It's fine to say that Martin's use case is not the use case you
>>> personally are interested in; please don't dismiss it as "not relevant".
>>>
>>
>> I am interested in the use case :)  I would like to understand whether
>> the use case is for a Home or Enterprise network.
>>
>> Cheers,
>> -Tiru
>>
>>
>>>
>>> --Paul Hoffman
>>>
>>> --
>> Add mailing list
>> Add@ietf.org
>> https://www.ietf.org/mailman/listinfo/add
>>
>

v2.23.0 | Report a Bug | By Email