IETF Logo Mail Archive

Re: [Add] New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt

Andrew Campling <andrew.campling@419.consulting> Mon, 05 April 2021 19:18 UTC

Return-Path: <andrew.campling@419.consulting>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E91D3A2466 for <add@ietfa.amsl.com>; Mon, 5 Apr 2021 12:18:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T7vy9WX_UpwF for <add@ietfa.amsl.com>; Mon, 5 Apr 2021 12:17:58 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110064.outbound.protection.outlook.com [40.107.11.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CCE23A243F for <add@ietf.org>; Mon, 5 Apr 2021 12:17:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mEtBqi1vATNHGZF3NPXHLuCG0t4Aw+RqB3N4/eWJ32oe+zVnKWTcT9f41BX8HmYrgbxmB5mqRDcD6HAxb+AnaAvYdr7s8dPwxnG75Nq924K+watfnToWKzy7W1PfeXm3CSvsPMej6h7/OcFKbRGObqEeZNXKGBM71LMkDuT9pmf18n4gX6hWViVqdLXs21OK7gudL8atHg/JWkZOqX9ea2z6AyM/8vt//lSee4RMey2uIZPdBZQhPM3wzCwMIgyEkJ8dtrElNAGX78eMdU2jziPhRaJviucGzg2gWvgubK4OLV6LyDbYaGhsSSJgC37nnvl73TrnQoDpkLBM4vJKfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s72Oj34E86CBKjR2mV6HXY0asgJ3yPMXzmjdlqz2o0w=; b=L6KyRbWI16XfGrEkkNbvPwhMdNbLqXwkW1isb3e6Ep9fZYL116qBxSJjRNHCo7WoCr/dl/6kP73o6K99t5Gx0cY3SO0IKguUqWAhVa9C/9SE103sxSg8pgw7qBqZ+BBoaZnd7asM4/rGHVeFw6+bl5ijQrS+5ds4JrWyHJJEOZ/uTS4DyCtUdm3poiMwnxhABbERB1X34AnbvxH9Q/xofnWIGEKzVIz650OpXwE3CuFx0COJ3LWnkO2wcY5fbdipFFnRQ3r6dCTtHFXjiwnRh+gVFdvfy0pNPHhpi60L1oO1cPlx//ux42F9ERMC4wqODjJo16GXvn7TfvopkWUYTA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s72Oj34E86CBKjR2mV6HXY0asgJ3yPMXzmjdlqz2o0w=; b=owSihYmi1eBtpdIoeBFgNh3nHqhGEEuw6C4Uz/oK9SXHLzuIIjFnY1IJsU8xY8ueE4KR2fBBEtEBq6XCyRkb8rWDxQgYQPHXCwhAwPPqG6g3QxptaNg2zw0r212rEWuXFSImkRvYeALSs8lJS+gQikyo7YWNM6FVcxygJYxtLVM=
Received: from LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:67::18) by LOYP265MB2128.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:111::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.32; Mon, 5 Apr 2021 19:17:56 +0000
Received: from LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM ([fe80::1107:ec3d:f5b3:7520]) by LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM ([fe80::1107:ec3d:f5b3:7520%5]) with mapi id 15.20.3999.032; Mon, 5 Apr 2021 19:17:56 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: Paul Vixie <paul@redbarn.org>, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, ADD Mailing list <add@ietf.org>
CC: tirumal reddy <kondtir@gmail.com>, Tommy Pauly <tpauly@apple.com>
Thread-Topic: [Add] New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt
Thread-Index: AQHXJ/KcpRoWaRgI5UeQvYb+TN3b96qmT/jg
Date: Mon, 05 Apr 2021 19:17:56 +0000
Message-ID: <LO2P265MB0399D51D91D445350C1B59E9C2779@LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM>
References: <161544385340.18570.13061001177806683345@ietfa.amsl.com> <CAFpG3geAq9oTEJp+uFQ_vHdATgT9Faza-tJURciO=RheLgLDug@mail.gmail.com> <CAHbrMsCK5BUNzF+8nd722R-BR612mM+3oA6x9RzoT_osHWWRzg@mail.gmail.com> <BFF52DBA-5A64-46E5-B51A-9012EF9E09BD@apple.com> <CAFpG3gcUroKr=BD+pqy7-+D48osdM3wmtEjuVP6V+Gra3BqwFA@mail.gmail.com> <CAHbrMsB0zH_0exyZYd2ZaC0NvbLdLCZZqu8o0BcRO=js5K7jeQ@mail.gmail.com> <20210402081807.2nsq2mhdviiy7wju@family.redbarn.org>
In-Reply-To: <20210402081807.2nsq2mhdviiy7wju@family.redbarn.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: redbarn.org; dkim=none (message not signed) header.d=none; redbarn.org; dmarc=none action=none header.from=419.consulting;
x-originating-ip: [86.144.96.155]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d73bf8b4-b07f-4029-952b-08d8f867848e
x-ms-traffictypediagnostic: LOYP265MB2128:
x-microsoft-antispam-prvs: <LOYP265MB2128C89E5ECBA6231ACA14B3C2779@LOYP265MB2128.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HYWTXMEb1vr6hyaSMKK4yqcJdW/zW20VCaBvyUf/QEnRzEFDBwwC7Cvu7GPafqUe+yKIs1Hdr7pLiBCwpz16omso3skeEofGJIPGKpZKC+4azXttu8aNb5sCEgBxpj4la8FYxo5twZ0BSnNT2TxLo1RfiywitKViscHUlxuFKIOLD+DmSRlf8k2b8xBwOfByOesTAl6RaWKMwBG2TKmhgGBNpPBtCgGiNLcpe9SsfN9eEK8cK5AkG5SP1MQXzd/aIGP8790o+cXYnob99TAik7Cixx6gyBe7VZqcYu0lxG9xvGrj5CJVhwdznffAFMpThTEi4FQpXXOonUynIGd0JlRqOJWHxtRkUjG3itU2BRDRmjkWRG+bLCEKOsM9HjDiqcs3SVvq2GqLyg8XZcEFovx7viXzggE+V4MAy0OTBjdGSFG0rUmoQEDXqYeZwr2JmDzLAENV6LMsU4euQ7H3XwdrhZadkzuc8VaqnY7xX8ffJfhU/KKZiCzavExhihj8iX1BO0WB+FgLeXGpFSfa+ccJFO5FMR0Gs1FF7nniUh/zTpVbca99oGqcA5KMx81o/zxxtrTim6N4E5K0bBgCrBBu8693FkEkSwy64ofvHQV39TNfUnYn9kBPZ9cP6ETcEHNNxtt5CN0mtYe2ZHv9cDNeYf5+XsHYvLKMhSfWxSd6zDWBc46YTgmxozWn0NrOE2enklGzb9LYpoDvLyG83BPIMroeQ2kMtjqFq2/FMEVhdDsc0me4W5QVKgJBkpEaMYfkcBPst/LQyvj0LfvP0w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(376002)(136003)(39830400003)(366004)(396003)(346002)(6506007)(66946007)(53546011)(55016002)(52536014)(110136005)(76116006)(8936002)(64756008)(54906003)(15650500001)(83380400001)(966005)(8676002)(9686003)(66446008)(186003)(33656002)(478600001)(5660300002)(71200400001)(66476007)(2906002)(86362001)(316002)(44832011)(26005)(7696005)(66574015)(66556008)(38100700001)(4326008)(46492009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: ViGEkEP3XdWNuT95NeX1bl3z8B37P6Ny2aFA5KezzpeKWuN9SDBFtOIXHi64vV1HBqiigHhRcQFf6AlVKD0fRuv//PlcAz+nPCiZOycb8u/BtiH7BZgFYbUk98ViRZWFuq79fj3ydhrn6BcxEYPI9MQ9427U/UXOfHF+Y820+JYlPsc+NRZKvboXsbCrR2af8oObK43CqSMBFRLkawVt5rGRKIv72MY6sAE+vrxfPvqSc8+3+cAx4m+eYhPNr+F+Qnjg8quuUoj7n7WIx0vJYHEQYY1x6+nEK1YD1L8wx44BgEr6/Wd52wzuXc9oKoQrpIv/HLKD8MwUEi0IbuEjtDVtqHUjpjBVy0UuXdLblcBuWM7TBPKIRQKeJ8egNYnH+EAIr2t9Gz0HMLWqxRJuUV3P3dztHAa2TvyyUbEmOLDvo70TfoiY+7lSP3QJAirWYKUXRHT1UlI0t2OCjPS9P49SBhYcYsNPgbWtbVUbI7EvnLXGh7/qaaz63+P9yrxkZPJe4DMoCtVESrpKXUG7MEpehWz2/UlvKHtItx8AkzSypithVgPhfjzGOnsgpSKot0unZJSPZCABJIXA6Usc+6aRBf6Qylvy69luKZI0oYVa2hdEsDCGESEIyfplXf7oXzsAATbtUSM8n5JFdvK1SD8DA7pwYmNdpgLOxl5IbLujCnvNCYVehIlhiGHN0ohbAPCw66p5fFdmA8/YQZOD3obSswhnC+8dnnUCGsYxt2/TFtOFHngiUZbH4reLaJpCI65bcGgAhZzg9lufGMRysSpk/Nn37vrUJA030pojP/Qq569iI1fPDA9zWtF2HkuUBmo6WwwWoKzaagMOiI/cRbibV/sX9+Z2L3Ijz85jurBtMETm62jdFk3kIBJrOCH+8DrP8OixMS9TUtJ21VRdN0g/JY5OUbuH34kVCFFw/kBSwwNzKrHbwF3eAVpPP7WcjMJcEuoZqjhUbXGLYuMZLivJeiwe45eg9FuKXNYhbYa/zd7nVFh92VposAenf/vercDDh3WIj2ew7y4Re2i/Ne/sE5z6ZZzG5YiKW3oyRvaZOQhFBfV1gLAOIUgOysVMJvonxuddzjnnkX1bmkI/Slh3JeHFEd0PfAB/oDT0mTu0YDFqLo5R2SOWGPJZ1U5WJLUxGJp6bQa68S06l3T/CTLZjrUJy8EBkORem0aYKowUH1WDfewWPMRaoUrluInBcLmvnj4ZZcdw7oWQSiu9H5100kD7dc4cxe3PDCVhC4UjkCtCAoHNOAvZ8ybEEbjcbttJl3l4nFqMq9SUPHE++VJew6uWNI0WF/c0UbTSW98ulYouYpCsfufVbwJSCqAk
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: d73bf8b4-b07f-4029-952b-08d8f867848e
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2021 19:17:56.1342 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: cvrppsnkle6PGlnGvarZBtXbuMNg0usQQxqsZlCYdqp/prz7e9QP0jV/xPaDgpK3FP/vUZS7eO5hWTfv9LJfMgLPl7sELl2dJMllFI0Qmmc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LOYP265MB2128
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/BKqHj4R_AZcj_K-gjr0fSbMZsMU>
Subject: Re: [Add] New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Apr 2021 19:18:05 -0000

Given the current interest in draft-reddy-add-enterprise-split-dns-01.txt on the list, some may find the presentation by Tiru and Dan on our weekly call last Monday, together with the ensuing discussion, of interest.  The recording is accessible at https://419.consulting/encrypted-dns/f/discovering-split-horizons. 

Andrew

-----Original Message-----
From: Paul Vixie <paul@redbarn.org> 
Sent: 02 April 2021 09:18
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: tirumal reddy <kondtir@gmail.com>; ADD Mailing list <add@ietf.org>; Tommy Pauly <tpauly@apple.com>
Subject: Re: [Add] New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt

On Thu, Apr 01, 2021 at 01:44:11PM -0400, Ben Schwartz wrote:
> There's no meaningful distinction between an "expression" and a 
> "prescription".[1]  Whether this flag represents a demand to comply or 
> a notice of enforcement, the effect is the same.[2]

you had me at [1] but lost me at [2]. there is no difference, but neither side of "demand" vs. "notice" need be present. we express policy for reasons of our own. those who do not follow the policy do so at their own (unknown) risk. that's how the networks work, of which the internet is a "network of".

> Defining a flag of this kind would amount to the IETF endorsing the 
> practice of network operators demanding access to all of their users'
> DNS activity, ...

no.

> ... i.e. browsing history.

and, no.

> That's out of scope for our working group.

if both antecedents held true, then this would be at least arguable.

> It also violates RFC 8890, "The Internet is for End Users".

RFC 8890 is not an internet standard. at least one member of the IAB has taken the time to remind me that it is an individual submission; however, had it not been, the mere fact that it was not a POISED-style standards action makes it an opinion piece -- no matter whose opinion we think it is.

the internet is a network of networks, and that the networks of which the internet is a "network of" are "for" a lot of purposes, and some might be "for the users", or perhaps "for some users". others are "for some investors" or "for national defense" or "for national security". i do not ordain the IAB to tell me what my networks are for, nor by extension, to tell me what the network of such networks (that is, "the internet") is for.
for the same reason the IAB cannot dictate to me my Acceptable Use Policy or Peering Policy or Transit Policy or Firewall Policy, they could usefully remain silent about what _my_ purpose is for building and operating (some
of) the networks that "the internet" is a network of.

i need a clear shot at every app, every device, every user, every OS, and apparently now every protocol, which violates my network's stated policy.
i plan to hunt down every violator and fire it or them.

because "ADD" is a radical and controversial change to default behaviour, my need for "a clear shot" has been placed very exactly in-scope.

--
Paul Vixie

v2.23.0 | Report a Bug | By Email