Re: [Add] ADD State of Things Observations
Andrew Campling <andrew.campling@419.consulting> Thu, 15 October 2020 20:06 UTC
Return-Path: <andrew.campling@419.consulting>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A357F3A1340 for <add@ietfa.amsl.com>; Thu, 15 Oct 2020 13:06:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZuCX6WS3_CiE for <add@ietfa.amsl.com>; Thu, 15 Oct 2020 13:06:22 -0700 (PDT)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100058.outbound.protection.outlook.com [40.107.10.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DC363A135B for <add@ietf.org>; Thu, 15 Oct 2020 13:06:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DmvCKD/2ZiOvqY+gQPn/mYJRs/wGH9Dk4fIcOmMIEX+98NnEF8z6GOENWKk2ZRLfAAPCDgD8PrLw3G32AzeYLYLVyUyg86oTsVQGLZ2IB6nLZVOb+T2bnTfwwBH/Vpup1m24kzKCLkklZ82F7O9tYO7ZErKIOHADT6U3rKwTKhN9OZiBSp6nDa6LuJp4Br4WVxRMhm9H3ANZ2P8oPMIuNNQ5AA2jVejtQQBWl8iZMVEBr/aTO9+YIr25ZdzJHmqo6Xrv1JfV8/mzSpLrrCtSn6N/LBFgXNcGTEl+YKjugvq1Dd8dr2XSm+W81x8qUloXeA1l6fT8XECoOKTxPkD/WA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qVcr+touix5ZlKV8g4vjwobznhpjo+vqg3KZjOSjwps=; b=A6kE9PjTBZeyHXnf9gDi5DCS8l9fdv9rgKU3ZgTKAViUSLXFpctNwCTjUrElT0XdMn6zRAKGWnODaGcc/P+GqaXI9Mk+WMHnOT5yqqIXu1ZmsLIVbmNh7pnOh8fEciFxwnh9jtcJbW+I9tu+rwS/KnI9ZiXemJvxv1+YOmBGthA0kosdJpF4xALEWeOP2ZrwTTbvd0vT9C+F2y8fmGpQsZbDDG8qNy9PQ66Cxd66n2+bXbdflFVKYNU/3O6mFOdR10H1LMkQlDzev4S0VqhUcGBtLPASB4K5IooyVBGhiA76IYbsE+ud4N99qFLTrH0o0PCMM9XvEu6LM670Tj5dPA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qVcr+touix5ZlKV8g4vjwobznhpjo+vqg3KZjOSjwps=; b=DEJiD8/MVV8c0/Zp1euAiiS/wzrNcUcAVyEr9EzN9DewdiqRz6V4Ng1Dg/ho9KntyJDDdGQm7S6ri0ITC52aXrE0PfN0WuN6kBQVb3npRzfMmlTf7frdzbu7r5wX/55AsfE6ktzkWguEFtrc4lCK+Us33MFttZN0a7P05XXdEEE=
Received: from LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:71::15) by LOYP265MB1968.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:123::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.23; Thu, 15 Oct 2020 20:06:19 +0000
Received: from LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM ([fe80::199b:a430:6264:9bf6]) by LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM ([fe80::199b:a430:6264:9bf6%7]) with mapi id 15.20.3477.024; Thu, 15 Oct 2020 20:06:19 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: "Deen, Glenn" <Glenn_Deen@comcast.com>, ADD Mailing list <add@ietf.org>
CC: "Box,C,Chris,TLW1 R" <chris.box@bt.com>
Thread-Topic: [Add] ADD State of Things Observations
Thread-Index: AQHWoyWaX16eCEcob0eBhoQRJCe4H6mZFjOQ
Date: Thu, 15 Oct 2020 20:06:18 +0000
Message-ID: <LO2P265MB0573C0129D0DE9847AED28EBC2020@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM>
References: <22A74993-38FD-4A59-BFAF-4917ABEFC2CB@comcast.com>, <CACJ6M14+t3b_sWWC9+SxvdCADBtdbNVAxZ4TgpWMj7cpHJP32g@mail.gmail.com> <BYAPR11MB3111C6005774E0BD073B8F46EA020@BYAPR11MB3111.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB3111C6005774E0BD073B8F46EA020@BYAPR11MB3111.namprd11.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: comcast.com; dkim=none (message not signed) header.d=none; comcast.com; dmarc=none action=none header.from=419.consulting;
x-originating-ip: [81.141.77.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 288480b7-2b70-469f-badc-08d87145c7cd
x-ms-traffictypediagnostic: LOYP265MB1968:
x-ld-processed: 9c2ced3e-7522-4755-87dc-f983abc66ec3,ExtAddr
x-microsoft-antispam-prvs: <LOYP265MB19681AB6E8FE03612ACC8F7DC2020@LOYP265MB1968.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: U9vW1kkfJumd6BP69dxdJhnFsr1AvyuFAJgqIUSYA1Hh6qJ0QfXjMsT9yrd/KpFgriOezNckDnxMKR1wn+7EWmoEyNA9eZ7uR7YJ9HWsvlfiEqfOh8D6Hgtbt6NnCKQSGc8RdjLrH7J1ZpoZXDzHKaGHSuJzfrJvQmjqWtCm3WatZ6Jt+Vtaeo7faSKhQGPN/OShonALpGWT1nn7UctDkhOSXDw4GUgIxKuy6FvS4CFYlo7vsz95QUR6esGmyYDB25WxDDDwgkaW9SVECbNma8WxEeA+TNFPte5BHczDVcMWwne+kWcieNDWn6mAvm0kohVd1D3ibtVlwzJbJwYyrgbuWfQk8FD4n+0ZeNGf/4CY74SHps4bU5KNbPckjR+W
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(376002)(136003)(346002)(366004)(39830400003)(396003)(52536014)(5660300002)(83380400001)(86362001)(9686003)(44832011)(8936002)(71200400001)(55016002)(478600001)(53546011)(186003)(76116006)(316002)(8676002)(66556008)(66446008)(64756008)(66476007)(7696005)(26005)(4326008)(2906002)(33656002)(110136005)(66946007)(6506007)(46492008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: yu6xT28F0AHW3Z0w1i0OrI+uelELyif9WXgL2IirLtqNGuiBD3XL5+iQn7qqb3vqTUEUFjeEiCZcPImDnTly4QC/xp8xSJK0Zy56OGT4UON8PN05n//lrVpN/9G+JRI2f5qO9afqjScNtdhPpp+SZTMJDs/J3AxjNrkdI+4l95Gxr30pwcuxdSP/G1b8+96YCLOcp1yXIdt2FWo6S07x5QpmGwiJNv32yZlsxX2trCeJ92plwWvBooa5o2SS9KwWWQz9L8zryv33e68S5tEmMHjHGrYIrFl7buBWaEu/HxYaLTSJZN5IoNiQ0VjvwWKDZEP6fvQ96IDQe2kEG8cuPxpxgbbA1Ntx2mJzt5Nno+glWo6IYdVPrPl87CnjXaPw8s6JrJt4VSPYut+L0vYZd98y3f9sPAd0CDkxPWtSj4YTfkpvGQ2LmfitmbnTSuCMN300hUk3YqKXL1oOJFLcCGx1NFNJpyB4jLm2FJQysKDc9SYJffLH2aY0ijHF+QkYsP5lYIPe34xh0XAGbStZEzHJf/M1bRKPyaZG0ZkkZQwCD3kxqqaaR18D+yjKiSWHdX72DOCLDqmVfNLmLgbpifqgdLNBIcHPNYo0/lUaz+BrhXCldfk0+moPlJSD/tkkTraGVEqMC+hq4jkd+RD7XA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_LO2P265MB0573C0129D0DE9847AED28EBC2020LO2P265MB0573GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 288480b7-2b70-469f-badc-08d87145c7cd
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2020 20:06:19.0406 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: r3N7pG093a3mQmYc5x/CLr66tAku4nRY78u01aiTZ3KMVzCAt2khD18NiQHu5dmwfNB9IGqXGelFRBZj/McQRtTWG+QdU2poc8Av1vFenwc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LOYP265MB1968
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/icdbojGfApK9TWhzgZ1l9VvoR4Y>
Subject: Re: [Add] ADD State of Things Observations
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Oct 2020 20:06:30 -0000
Glenn The approach you’ve suggested seems like a reasonable way forward, especially if the split is along the lines suggested by Chris. Ideally we’d first flesh out the user requirements a little more and then have the WG adopt the document so that there is an agreed record of the use cases and associated requirements that we’re aiming to solve. Andrew From: Deen, Glenn <Glenn_Deen@comcast.com> Sent: 15 October 2020 16:16 To: ADD Mailing list <add@ietf.org> Subject: Re: [Add] ADD State of Things Observations Chris, Thanks for the comment. I meant the proposed complexity grouping as starting points, but if it’s possible to merge RFC1918/CPE with a less complex case that’s very nice. There do remain other complex environments that won’t be as easy. Ultimately such lines are drawn are drawn by authors and the WG group so we choose to draw as appropriate. Regardless of where the lines are drawn, for now do people feel the general observations around complexity and path proposed to be reasonable? Glenn ________________________________ From: Chris Box (BT) <chris.box.ietf@gmail.com<mailto:chris.box.ietf@gmail.com>> Sent: Thursday, October 15, 2020 2:12 AM To: Deen, Glenn Cc: ADD Mailing list Subject: Re: [Add] ADD State of Things Observations Glenn, I'm happy with the general principle of splitting into 2 or 3 areas and working on those in parallel. But I'm not entirely sure I agree with where you've drawn the distinction. (1) Low-complexity environments. – this would include the case that started the “My single use case” thread (2) High-complexity environments – this would include the RFC1918 situations, networks with more advanced technical controls, networks/devices with applied policy controls. I would see RFC1918-addressed forwarders as very much in the scope of "My single use case". In fact as Martin said: This might need the full matrix of DoT/DoH, v4/v6, with/without a forwarder, but this is fundamentally just a single use case. As others have said, such non-upgradeable forwarders are so common that any "tell me how to contact your encrypted version" protocol will need to deal with them. Likewise, a consequence of selecting the network's recommended encrypted resolver is that network-applied policy controls may be in scope. So they are not solely found in "high-complexity environments". But I do agree that it is useful to separate out such more complex items as Enterprise, and the provision of useful information about each possible resolver, such that the client can make a more informed decision if it wishes to. Chris
- [Add] ADD State of Things Observations Deen, Glenn
- Re: [Add] ADD State of Things Observations Chris Box (BT)
- Re: [Add] ADD State of Things Observations Deen, Glenn
- Re: [Add] ADD State of Things Observations Andrew Campling
- Re: [Add] ADD State of Things Observations Joey S