IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt

Paul Wouters <paul@nohats.ca> Sat, 13 March 2021 14:43 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD5E53A106F for <add@ietfa.amsl.com>; Sat, 13 Mar 2021 06:43:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SagdJDdDrfN6 for <add@ietfa.amsl.com>; Sat, 13 Mar 2021 06:43:44 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C29483A106A for <add@ietf.org>; Sat, 13 Mar 2021 06:43:44 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4DyQRJ2kFrzFMP; Sat, 13 Mar 2021 15:43:40 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1615646620; bh=5tLPbHoWMblt1KSZmGZgXa+KIxK7BuIgIiDEihd5NgY=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=gVo2DeActW7teXFou06uG6ZtYomV2ZymGWXHnduLdx3OrjnfThU3Ko+0O7x6q0h06 zkiokUGgLTwdbuT9KGuPaIJTxf9izinDMLK3OjZIOsM7pOtPyz6/mQRHz285mAcr1b fIvvvnu1IN5hFi/S8VVojC5qqdpKJHFCr0Pkp77c=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id cZqna9bjAwe0; Sat, 13 Mar 2021 15:43:39 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sat, 13 Mar 2021 15:43:39 +0100 (CET)
Received: from [193.110.157.220] (unknown [193.110.157.220]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id 278226029A46; Sat, 13 Mar 2021 09:43:38 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Sat, 13 Mar 2021 09:43:36 -0500
Message-Id: <9486D9AE-047B-4046-AB8A-74E8AB0D83B5@nohats.ca>
References: <1c618bd9-e039-2dac-80f3-1f11b7b44bc4@cs.tcd.ie>
Cc: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>, paul@redbarn.org, tpauly=40apple.com@dmarc.ietf.org, bemasc=40google.com@dmarc.ietf.org, add@ietf.org, kondtir@gmail.com
In-Reply-To: <1c618bd9-e039-2dac-80f3-1f11b7b44bc4@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: iPhone Mail (18D52)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/6OeT6-khHxCGDSzL9smRAYOAv4I>
Subject: Re: [Add] [EXTERNAL] Re: New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Mar 2021 14:43:47 -0000

On Mar 12, 2021, at 20:08, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> 
>> On 12/03/2021 21:24, Tommy Jensen wrote:
>> Summary, my personal dead horse: if we do want networks to be able to
>> communicate policy to a client in a way that can be differentiated
>> from an attacker, it should be more general than DNS and it should be
>> not in ADD.
> FWIW, I think the above is correct. That said, we have some
> serious obstacles in the way of figuring out how to do that.

Agreed. And this was clear when discussing the charter.

> For example, I don't think we even know the potential set of
> possible policies for when there's a "smart speaker" and a
> house-guest involved, never mind how to possibly represent,
> secure and process those in some electronic format.

One feature of Apple that is great is the ability for phones to communicate if you are in each other’s address book. It is used to share the wifi password when my friends visit when they try to join the network.

It would be great if something like that is standardized and with options for the network owner to give out access to specific devices like TV, security cameras, etc.

Making special rules for DNS doesn’t seem to address the issues of real users. I suspect we are reaching the point soon where we don’t really want to join random networks for just internet access - we would only do it to reach certain devices otherwise not reachable.

Paul

v2.23.0 | Report a Bug | By Email