IETF Logo Mail Archive

Re: [Add] ADD State of Things Observations

"Deen, Glenn" <Glenn_Deen@comcast.com> Thu, 15 October 2020 15:16 UTC

Return-Path: <Glenn_Deen@comcast.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 817A63A07B0 for <add@ietfa.amsl.com>; Thu, 15 Oct 2020 08:16:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b=yAKCDr3q; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=comcastcorp.onmicrosoft.com header.b=eUKN27G2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UlrRtc5zbVZk for <add@ietfa.amsl.com>; Thu, 15 Oct 2020 08:16:36 -0700 (PDT)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFCAA3A07AE for <add@ietf.org>; Thu, 15 Oct 2020 08:16:36 -0700 (PDT)
Received: from pps.filterd (m0184894.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09FFFfj9007715 for <add@ietf.org>; Thu, 15 Oct 2020 11:16:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : content-type : mime-version; s=20190412; bh=xoxuWdlxDZ8tgt7/oyI1c+49YFHeZWSlEeGTl9nZ+48=; b=yAKCDr3qz/q8q3TeXaCvaIlB6wn0gxEc412yPToxfP7Jk+2TNdEaSSLCCD38ibrE+Gxl H+uapz9dJ81OSEUXHW2O/qKc8x6lgIOHeTSDZ9pDSYYswE0V5vHCMHq/eYzkp31NbPQ5 c0qCfZbtChnp3avrxyxx3cdxSxxdJufoDRpR5E8qwvu26rAtu5QGHYGMrFyINd3sDbKW xJA2+He4VlqLZlrdmfDWxg7VFER06RjjpQ3z7UZfvEpAys34yEzViwMoWFJQXO8larVe 6OJ4EHXEi9i0oxlaaapGn5C4wop5N3sfyzZo7Y1AZOI1Cue0d9RdoHO/xGNbiXmT4kvk aw==
Received: from copdcexc39.cable.comcast.com (dlppfpt-po-1p.slb.comcast.com [96.99.226.137]) by mx0a-00143702.pphosted.com with ESMTP id 34368y8eea-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <add@ietf.org>; Thu, 15 Oct 2020 11:16:36 -0400
Received: from copdcexc33.cable.comcast.com (147.191.125.132) by copdcexc39.cable.comcast.com (147.191.125.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 15 Oct 2020 09:16:34 -0600
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by copdcexc33.cable.comcast.com (147.191.125.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5 via Frontend Transport; Thu, 15 Oct 2020 09:16:34 -0600
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.177) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 15 Oct 2020 11:16:23 -0400
Received: from BYAPR11MB3111.namprd11.prod.outlook.com (2603:10b6:a03:90::25) by BYAPR11MB2840.namprd11.prod.outlook.com (2603:10b6:a02:c9::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.28; Thu, 15 Oct 2020 15:16:22 +0000
Received: from BYAPR11MB3111.namprd11.prod.outlook.com ([fe80::914:929a:4363:21ea]) by BYAPR11MB3111.namprd11.prod.outlook.com ([fe80::914:929a:4363:21ea%5]) with mapi id 15.20.3455.029; Thu, 15 Oct 2020 15:16:22 +0000
From: "Deen, Glenn" <Glenn_Deen@comcast.com>
To: ADD Mailing list <add@ietf.org>
Thread-Topic: [Add] ADD State of Things Observations
Thread-Index: AQHWomQewQWDoy7NfE2zPHu5HGo946mYYaEAgABEEU4=
Date: Thu, 15 Oct 2020 15:16:22 +0000
Message-ID: <BYAPR11MB3111C6005774E0BD073B8F46EA020@BYAPR11MB3111.namprd11.prod.outlook.com>
References: <22A74993-38FD-4A59-BFAF-4917ABEFC2CB@comcast.com>, <CACJ6M14+t3b_sWWC9+SxvdCADBtdbNVAxZ4TgpWMj7cpHJP32g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2605:e000:141b:121:1cb0:9df2:f711:e237]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ca6e275a-6f71-4218-1e30-08d8711d4688
x-ms-traffictypediagnostic: BYAPR11MB2840:
x-microsoft-antispam-prvs: <BYAPR11MB2840D24EA3888BB6B1DAAC5FEA020@BYAPR11MB2840.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wbWJHClDCaXmIReDKfYU512qd8E1F3YKqsj2SA2cv7kCusSJQZMSsYgM7OYH/EwsyGYAEHLeG6bjK/Be8fmOvLBxpxRKDhSqLZ45sLWelTPEssaYIWyomkWe4xFHsEnO/KaXtmPfpqwMQ0UfBy1HsGiusSP80pCV11Tmfwc4fTs0NKcc8lK6F9bHI8RSpjFrY8+QUx2AITXdMDYu9wx0RZbyN6DJ/b/SAMRhwnjuecvDmDURBcIkQE1TQCFH7sY6AmkzYXPm84j0HH9XooeGa1MEpmGSLIRjEAqUgNts2jwGL5mPWeQxBbCixYbQrBhFx4OEKjRqTSXxY3wQxDDBtA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3111.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(376002)(366004)(346002)(396003)(39860400002)(33656002)(478600001)(8676002)(53546011)(7696005)(8936002)(6916009)(6506007)(83380400001)(71200400001)(2906002)(5660300002)(52536014)(66446008)(316002)(9686003)(66476007)(55016002)(66946007)(64756008)(66556008)(86362001)(186003)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: sC89vZJF+pZHqGg1nxUDbF4g5RN5pShrCc5m27ZXqd00PqJWas5iNh5RvjM6HImSN5LqhyNpT9g/FNpqPHpPn6gmfxvVGWDVrtSpsFkFAtUTKH72Chi2MsN32sZ7zZp5g2rPwM7aGsMJeKIVqtuh1KLSfCtPqMygk0QORAfb3GP+YrtfQXMS6RjfiZdUwQITgM2lhIXAPxqNvTQOfMAmqN8HUdx6PDiBwFsNlDkGifxAwaSco4ruLofvmKTry5rxLIlW3qeduKTZGibeaSYj6kve5hGnVxalguvkf6cKe/UFc4BnaaTS1NtVvR977SHJxMO+OT94GBJbaJvlMp9J+eCake0DkJpewegWSniwPvwuHzs4MIR1Uis3hKUug/+tgnvfbWx8XZ+mKGVS+lYv/lTskPmzSSA2ux9HyXa80HZ30M7VTTG/4vXcEXXW6i24lIkZ5w/ADsUJrvtzB4KiQG70Aetop1hyoDVCYwwV+0gD3najUZPkoTzeaExOaUv6X+bMJhGl3wlyi1RXH7OVm3a8AnVNRcpZsGeKkJTq52F/BTML95hoiigY2fM7GTs+SJVtRGCK3Corv4yc/foL93LJGm6kdI7GWMWCxrm3UPkuqAWglDtde9+FrxT6/QWypUkLP0qwkZH7PoB+5e/0KNgEr/c8rG0ogpyd8Hu27NfCyD+9uaTW9bnqA/jgo5w+ubZ1rAFn50Fb6t7+pWv/ig==
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FCn18rRgsgHPsZdc3bOsS90zgITsWJR6xWL2QWzUVno2LUsrqqgItuvEmBm3oyFUFvpoB35fZFlZRXMnpTtTxTE3MxuvYWsGadVsu0mdSWYPYietXlH136uNyJeXeY8oyKW6f8zZTvoLV06qgJpDkXbXRrVICzPFu5viHemRebnwEfjSXuv4KFCKPsB6PHZeDKwMtfNPajn9eywWiDVd0WyjSmBDPoi0mYtpchBgCECI3cnBsHsHB2ciYwnQvqcen6nvngQpnXU4WvVuYS813i5l2qDr4AgYc7dtlGPt35buc3sejc1ygWGN631uDncxauGL/jy/jbw1Q9IaAoHYeQ==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pp/QPhaJP5HmT6W0JpOXs2BP6R5k12sODixU8YRWNjM=; b=Y2/iPpm8tlBKn4QQ9s+SksKpQF2jqmlW6TbS+iZmc8IKAGQF4J9sWMhCFcv0atbBWmke5yyV8p+2L3gwK+yTB9oDtrpSvCHlJt+ArVSG7YEnFtTSZ+5SKfWa2K1Ur3REDYq4aE4RU4t8MgD2p4KFfmj+qDTmd1QTbtHdV1ke+qlp9mUTGdbeNpDHBSLUnDGZ97k1+6DLY5YcPZBrYaQEEcQB/mq7qG0P6TVjtcENqq1oKwkCXXyg1B7Zg6Vx1o0UbPJytTIU0BebGn4gS2H+hBuXNgrco4oVABlN9JLSko8ok0+3wrRGKGM2DbIsQRG54zgRWh0Vfe1WoxocuSUE2Q==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Pp/QPhaJP5HmT6W0JpOXs2BP6R5k12sODixU8YRWNjM=; b=eUKN27G2j8V2kONyyH6GHwyi83KFM9HSya0DWHEDE01Z6d+6NojlPQtk41kGkjWHZsZAgBusmAQhUU5Cscrci6o1BiXwTeVB29zTGbLFAX6Qyi5VouQO+gflNQofs1pszdqQbjyffjjVc0pobPdVb/kRsUrZs6zIilTTw+gzSow=
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: BYAPR11MB3111.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: ca6e275a-6f71-4218-1e30-08d8711d4688
x-ms-exchange-crosstenant-originalarrivaltime: 15 Oct 2020 15:16:22.3243 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: osDoVi+E0k49gl8i02P3gxROls7GvBeExaXW0MZBwx7RrGbYGxWj5eN/sRhYGd8lb8DD2NLNe08MYm+J1V9F3+qX0JhNp83oGNQqaEly1YY=
x-ms-exchange-transport-crosstenantheadersstamped: BYAPR11MB2840
x-originatororg: comcast.com
Content-Type: multipart/alternative; boundary="_000_BYAPR11MB3111C6005774E0BD073B8F46EA020BYAPR11MB3111namp_"
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWA
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-15_08:2020-10-14, 2020-10-15 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/7o8iMKzEFyutYIUT1OjmEl4ro-k>
Subject: Re: [Add] ADD State of Things Observations
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Oct 2020 15:16:42 -0000

Chris,

Thanks for the comment.

I meant the proposed complexity grouping as starting points, but if it’s possible to merge RFC1918/CPE with a less complex case that’s very nice.  There do remain other complex environments that won’t be as easy.   Ultimately such lines are drawn are drawn by  authors and the WG group so we choose to draw as appropriate.

Regardless of where the lines are drawn, for now do people feel the general observations around complexity and path proposed to be reasonable?

Glenn

________________________________
From: Chris Box (BT) <chris.box.ietf@gmail.com>
Sent: Thursday, October 15, 2020 2:12 AM
To: Deen, Glenn
Cc: ADD Mailing list
Subject: Re: [Add] ADD State of Things Observations

Glenn,

I'm happy with the general principle of splitting into 2 or 3 areas and working on those in parallel.

But I'm not entirely sure I agree with where you've drawn the distinction.

(1) Low-complexity environments.  – this would include the case that started the “My single use case” thread

(2) High-complexity environments – this would include the RFC1918 situations,  networks with more advanced technical controls, networks/devices with applied policy controls.

I would see RFC1918-addressed forwarders as very much in the scope of "My single use case".

In fact as Martin said:
This might need the full matrix of DoT/DoH, v4/v6, with/without a forwarder, but this is fundamentally just a single use case.

As others have said, such non-upgradeable forwarders are so common that any "tell me how to contact your encrypted version" protocol will need to deal with them.

Likewise, a consequence of selecting the network's recommended encrypted resolver is that network-applied policy controls may be in scope. So they are not solely found in "high-complexity environments".

But I do agree that it is useful to separate out such more complex items as Enterprise, and the provision of useful information about each possible resolver, such that the client can make a more informed decision if it wishes to.

Chris

v2.23.0 | Report a Bug | By Email