IETF Logo Mail Archive

[Add] What to do in this potential working group

Jari Arkko <jari.arkko@piuha.net> Tue, 20 August 2019 20:01 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AFAF120A3E for <add@ietfa.amsl.com>; Tue, 20 Aug 2019 13:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zd4xso0nbZY2 for <add@ietfa.amsl.com>; Tue, 20 Aug 2019 13:01:48 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 07D4F12082E for <add@ietf.org>; Tue, 20 Aug 2019 13:01:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 6AD6B66026B for <add@ietf.org>; Tue, 20 Aug 2019 23:01:46 +0300 (EEST)
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X2ShrjvoaKhM for <add@ietf.org>; Tue, 20 Aug 2019 23:01:44 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2001:14b8:1829::130]) by p130.piuha.net (Postfix) with ESMTPS id D305C660118 for <add@ietf.org>; Tue, 20 Aug 2019 23:01:44 +0300 (EEST)
From: Jari Arkko <jari.arkko@piuha.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <A1128702-1E19-4657-9740-E84AE09992F2@piuha.net>
Date: Tue, 20 Aug 2019 23:01:42 +0300
To: add@ietf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/6gQDQSj7Fkx5Ak1-u4wSElUS58U>
Subject: [Add] What to do in this potential working group
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2019 20:01:51 -0000

I’ve been on vacation and doing some other things for the last couple of weeks, and now I’ve been trying to read the mailing list discussions. Not easy!

Let me try another angle into the discussion and see if it’s helpful.

Much of the discussion has been about the conflicts between people’s different use cases or trustworthiness perceptions for different entities. “I trust industry X more than industry Y” or “I need to perform <thing> which conflicts what you’re trying to do prevent <another thing>”. And the various details of performing those <things>.

There’s been not so much discussion about concrete things where IETF can help, or discussion about understanding and agreeing where our agreements and disagreements lie, or where the factual things end and opinions begin.

So how about looking at this first by understanding what kinds of things we might actually agree on, and acknowledging what we disagree on? For instance, I think there are helpful small things that I don’t think are hugely controversial, better discovery mechanisms for instance. Similarly, I don’t think we will find an agreement whether one trusts an ISP more or less than a large Internet company (because it depends, duh). But we might find agreement on some more structural things, such as what factors have an effect, and what good solutions look like. For instance, while we might differ on what services we consider trustworthy, to me it seems obvious that creating a single entity that has access to all users’ DNS queries is potentially very dangerous architecture for the Internet. Too attractive target for governments to tap, for instance. 

We might also agree on principles, such as the ones about user configuration taking precedence over network configuration.

We do disagree on how to handle filtering use cases, enterprise networks, how to deal with CDN localisation and other operational use cases. Some of these things people care deeply about. And we might disagree on what the advice is on split DNS.

In any case, to start with the parts that we possibly do agree on, there is at least a beginning of a list of work items. For instance:

* Improved mechanisms for discovery and selection of encrypted DNS transports
* Best operational practices for running an encrypted DNS transport service (possibly subdivided for the type of deployment, e.g., ISP or global service)
* Recommendation for precedence of configuration mechanisms
* Recommendation that having devices or apps “call home” for every user action to a centralised global service is bad practice and should be avoided

Jari

v2.23.0 | Report a Bug | By Email