IETF Logo Mail Archive

Re: [Add] Authentication Sub-topics for Tuesday Interim (homework for Tuesday's meeting)

tirumal reddy <kondtir@gmail.com> Wed, 16 September 2020 09:43 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 235BC3A0F6B for <add@ietfa.amsl.com>; Wed, 16 Sep 2020 02:43:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1e3Wu1AGble6 for <add@ietfa.amsl.com>; Wed, 16 Sep 2020 02:43:25 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 809803A0F68 for <add@ietf.org>; Wed, 16 Sep 2020 02:43:20 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id y13so7555133iow.4 for <add@ietf.org>; Wed, 16 Sep 2020 02:43:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=O0GpUzaAAUFWblRjAprd7wwe4bPUGB9uQY1nmGSEoY4=; b=ox7sV9CqjeaCBlxzIWu4LhbJZOp3KHAaKraZmikw9cWM3XvHnU/aFCi64xp+RioNX2 MWLMyyUi3/j4zEBXEvYEfFT6A9owZhPIwXjh33P7hIlV+xgd0W3lojyrmC4RpXov3hUc CG6IWYyA5+nV/vzP4vbuLHGc1hMEGPClDJvFMQWYsrQMDsF5rX4CMYchux1lkqOcADUu 8WiG9Tnsx6h6355p5kNg7VciUFYd4ttb2PqHd0snpQPMWLZ0DhIzD7rRNmMlg+f/4CGf 6m9H2NxQ4M6Z3d67r4s9sQodr+1ed3EFPj2YixOYg4qI08Nt7xX8xbZBL227W9BE3HPH qXpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=O0GpUzaAAUFWblRjAprd7wwe4bPUGB9uQY1nmGSEoY4=; b=HG9jkFzI6tC+rL9Itzo25uXzbw7MQFzPFdnZhzfZSl4C0/Bwk/McYP8rxDBsTDQPou ML88gxK7wDHyg64nzOE54RHlPlKyGQFY+2jNEi3oBA31hTz354JZtbXb8k37m5FKwDbH J+svfJrSup/B/8R7/JGawwXyK3tBYgwnZIWXoj1oqbH0DVpVoyoXlcSpK6D7xF7FGNB+ +tgUpGakuoFslscz8tOb5WIJSoQ4JzMpvEh3lIZkaao0Cy5IXYUv7+lxK4iNXGrQIowg byTTDU03+Y0TirQT2KRxm8mIY1tphZAn43H6u1rUYBTCG0iueKAaXExMgi6OgZbsHwnz L8vw==
X-Gm-Message-State: AOAM532MF5YMJDOebbRw0L0Fv3D0NGngRnl3/DUdmJoHb38L0Kcn5hFX OFaEGgOQzcPXADUF4anFDobqn7Mt45EyFim4W6TbR4MP318tg0nm
X-Google-Smtp-Source: ABdhPJw/8L8ik8u6304ZxIgLFKDj242e7yn7m+GSOh3p+73sultkyCWaCoTtApI6qv+hz8ALNvCEwHC2/laMUkQCe6Y=
X-Received: by 2002:a6b:d908:: with SMTP id r8mr18793621ioc.21.1600249399396; Wed, 16 Sep 2020 02:43:19 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBPuq86Fj0VYQ+1j8ZWo+4BT1bDJGfnRmi82oUc8Xns=PQ@mail.gmail.com> <A332081D-69AE-45F8-9E61-6ACA3D071C1E@apple.com> <1557871922.1625.1600173809868@appsuite-gw2.open-xchange.com> <ab98d58b-5f5a-44b5-810e-31d8ccf12db0@www.fastmail.com> <481870676.3106.1600184248523@appsuite-gw2.open-xchange.com>
In-Reply-To: <481870676.3106.1600184248523@appsuite-gw2.open-xchange.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Wed, 16 Sep 2020 15:13:07 +0530
Message-ID: <CAFpG3gee8tJqG17N0Vtk4AAMtCa0BQDdW+Yxk4FPmQzpuQps8A@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: Martin Thomson <mt@lowentropy.net>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000000cbda05af6b19a4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/768EYKqotfjtFFdp8-2MMIrEhmc>
Subject: Re: [Add] Authentication Sub-topics for Tuesday Interim (homework for Tuesday's meeting)
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2020 09:43:27 -0000

On Tue, 15 Sep 2020 at 21:07, Vittorio Bertola <vittorio.bertola=
40open-xchange.com@dmarc.ietf.org> wrote:

>
>
> > Il 15/09/2020 14:54 Martin Thomson <mt@lowentropy.net> ha scritto:
> >
> >
> > On Tue, Sep 15, 2020, at 22:43, Vittorio Bertola wrote:
> > > A DHCP extension to advertise a DoH URI was proposed at an IETF
> meeting
> > > over a year ago. It was rejected as too insecure, but if that
> > > assessment changes, of course it could be considered.
> >
> > I always wondered about that.  Under what assumptions was it rejected?
>
> This is the draft:
>
> https://tools.ietf.org/html/draft-pusateri-dhc-dns-driu-00
>
> It was two years ago and I don't remember well, but I think it was a
> fundamental objection like "we have decided that DHCP is insecure and we
> will not extend it any more".
>

DHCP/RA extension can be used to convey the domain name of the resolver
(see https://tools.ietf.org/html/draft-btw-add-home-08#section-6) and the
protocols (DoH/DoT/DoQ) it supports. If the DNS server supports DoH, the
client can establish the DoH session (validate the server certificate as
usual) and use a well-known URI to retrieve the list of DoH services (for
example using RESINFO). It avoids the problem that an large list of URI
templates may cause the size of an DHCP/RA to exceed the link MTU.

-Tiru


>
> --
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> vittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email