Re: [Add] [EXTERNAL] Re: New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt
Paul Vixie <paul@redbarn.org> Mon, 15 March 2021 02:13 UTC
Return-Path: <vixie@redbarn.org>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B8FF3A0FF0 for <add@ietfa.amsl.com>; Sun, 14 Mar 2021 19:13:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GTBs8Iy-PtvS for <add@ietfa.amsl.com>; Sun, 14 Mar 2021 19:13:15 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F29F3A0FFA for <add@ietf.org>; Sun, 14 Mar 2021 19:13:13 -0700 (PDT)
Received: by family.redbarn.org (Postfix, from userid 716) id 2B221759A2; Mon, 15 Mar 2021 02:13:12 +0000 (UTC)
Date: Mon, 15 Mar 2021 02:13:12 +0000
From: Paul Vixie <paul@redbarn.org>
To: Paul Wouters <paul@nohats.ca>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>, tpauly=40apple.com@dmarc.ietf.org, bemasc=40google.com@dmarc.ietf.org, add@ietf.org, kondtir@gmail.com
Message-ID: <20210315021312.ng5xgq23kkohvsgb@family.redbarn.org>
References: <1c618bd9-e039-2dac-80f3-1f11b7b44bc4@cs.tcd.ie> <9486D9AE-047B-4046-AB8A-74E8AB0D83B5@nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <9486D9AE-047B-4046-AB8A-74E8AB0D83B5@nohats.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/9j7cS59ZCKVJ0l6t_8k2zQsLe_8>
Subject: Re: [Add] [EXTERNAL] Re: New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2021 02:13:18 -0000
On Sat, Mar 13, 2021 at 09:43:36AM -0500, Paul Wouters wrote: > On Mar 12, 2021, at 20:08, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > >> On 12/03/2021 21:24, Tommy Jensen wrote: > >> Summary, my personal dead horse: if we do want networks to be able to > >> communicate policy to a client in a way that can be differentiated > >> from an attacker, it should be more general than DNS and it should be > >> not in ADD. is that a nice to have or is that a got to have? for me it's the former, and if there were an effort underway by ambitious commited qualified distributed system architects to create the former, i would want to join with them. but no such effort is underway, and so i think it's a false choice -- it's like a proverbial winged pig, with which pigs could fly, but they can't, so we ought to constrain our thinking to something which actually _can_ be done. a handset's inability to reliably know whom to trust on the local network can be worked around. for example it's already trusting DHCP and SLAAC, so adding more variables to those handshakes is not unreasonable. for another example the in-addr space for the network as defined by RFC 1101 or for the exit gateway as defined by RFC 1034 can be confidently assured to to under the control of the network operator, so new variables could also be lodged there. > > FWIW, I think the above is correct. That said, we have some > > serious obstacles in the way of figuring out how to do that. the seriousness of those obstacles should be compared and contrasted with the seriousness of deciding that since pigs don't have wings we must not try to use some other life form that actually can fly in order to accomplish a goal desired by many. i should reiterate my desire for a way to build more trust faster for local network policy matters, but also my willingness to put that desire in context among the hierarchy of costs and benefits of alternatives. > Agreed. And this was clear when discussing the charter. i chose this re-entry point back to this thread because i'd really like to know more specifically what you're agreeing with, and also if in light of my remarks herein, your agreement might be more nuanced than you first believed? > > For example, I don't think we even know the potential set of > > possible policies for when there's a "smart speaker" and a > > house-guest involved, never mind how to possibly represent, > > secure and process those in some electronic format. i think we could enumerate a set of policies which would seem complete to those in this forum at this time, which would be subject to later revision like all internet protocols. the cost of addressing this challenge is to me far less than the cost of ignoring it or punting it down-road. can we try? > One feature of Apple that is great is the ability for phones to communicate > if you are in each other???s address book. It is used to share the wifi > password when my friends visit when they try to join the network. if we were looking at the larger problem (larger than what DNS needs today) i'd want to explore such options. if we knew that the relying party and the resource had human interfaces, we could do what bluetooth does when i bring my smart phone to my car for "pairing". but we not only won't always have human interfaces, we also won't always have humans. so this is a very large problem and won't be solved on the ADD WG's timeline. > It would be great if something like that is standardized and with options > for the network owner to give out access to specific devices like TV, > security cameras, etc. > > Making special rules for DNS doesn't seem to address the issues of real > users. I suspect we are reaching the point soon where we don't really want > to join random networks for just internet access - we would only do it to > reach certain devices otherwise not reachable. in fact, this counterpoint seems even more vital than the thread that got us here. internet access is now often free (in monetary terms) because the provider either wants to sell you coffee or a hotel room, or wants to watch what you do online for political or capitalist surveillance. while we cannot expect every user to trust every attestation by every network operator, we should imagine some kind of web of trust whereby the operator's certificate might be itself certified by an upstream authority. for example if apple or google who are the makers of my smartphones attest to the trustworthiness of some network operator to speak truth to me about their surveillance policies, i would be inclined to believe those attestations. in any case that's off-topic no matter how compelling, and i'd like to reduce this thread to the question of how we could usefully address in this WG. for that we should be concerned with how a device can learn the local network's policy in a way that's trustworthy enough to make a use / don't-use decision for the network, and a follow / don't follow decision for its stated policies. * * * in a historic oversight, RFC 2317 failed to explicitly update RFC 1101, and so the implementation of the later has to apply the implication of the former. as part of the CIDRD effort i actually did implement this in getnetbyaddr() in the BSD 4.4 libc, and it worked fine. i think if we applied the mappings described in RFC 1101 [3.2, 3.3] we could easily add a well-known subdomain along the lines of "_rdns._policy" which could contain a TXT RRset that explained this network's recursive-dns access policies in pidgin form. if a relying party has reason to fear fraud, it would only believe such expressions if they were signed with DNSSEC. that's not a full proposal but it does show the triviality of the problem some members of this forum say they are trying to avoid because of nontriviality. i would welcome further discussion along those lines, but i will likely not welcome further dismissal of the ask due to the unstated cost of the tell. -- Paul Vixie
- [Add] Fwd: New Version Notification for draft-red… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Ben Schwartz
- Re: [Add] Fwd: New Version Notification for draft… Paul Vixie
- Re: [Add] New Version Notification for draft-redd… Tommy Pauly
- Re: [Add] New Version Notification for draft-redd… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Tommy Jensen
- Re: [Add] New Version Notification for draft-redd… Tommy Pauly
- Re: [Add] [EXTERNAL] Re: New Version Notification… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: New Version Notification… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Wouters
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: New Version Notification… Ben Schwartz
- Re: [Add] [EXTERNAL] Re: New Version Notification… Andrew Campling
- Re: [Add] [EXTERNAL] Re: New Version Notification… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: New Version Notification… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: New Version Notification… Eliot Lear
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Victor Kuarsingh
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Vixie
- Re: [Add] New Version Notification for draft-redd… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Bill Woodcock
- Re: [Add] [EXTERNAL] Re: New Version Notification… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: New Version Notification… Ben Schwartz
- Re: [Add] [EXTERNAL] Re: New Version Notification… Ben Schwartz
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy
- Re: [Add] New Version Notification for draft-redd… tirumal reddy
- Re: [Add] New Version Notification for draft-redd… Ben Schwartz
- Re: [Add] New Version Notification for draft-redd… Vittorio Bertola
- Re: [Add] New Version Notification for draft-redd… Ben Schwartz
- Re: [Add] [EXTERNAL] Re: New Version Notification… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXT] Re: New Version Notification for … Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: New Version Notification… Ben Schwartz
- Re: [Add] [EXTERNAL] Re: New Version Notification… Tommy Jensen
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Wouters
- Re: [Add] [EXTERNAL] Re: New Version Notification… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Wouters
- Re: [Add] New Version Notification for draft-redd… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… tirumal reddy
- Re: [Add] [EXTERNAL] Re: New Version Notification… tirumal reddy
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Wouters
- Re: [Add] New Version Notification for draft-redd… Andrew Campling
- Re: [Add] [EXTERNAL] Re: New Version Notification… tirumal reddy