IETF Logo Mail Archive

Re: [Add] Proposed charter and BoF request for IETF 106

Paul Wouters <paul@nohats.ca> Wed, 09 October 2019 20:24 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99265120B22 for <add@ietfa.amsl.com>; Wed, 9 Oct 2019 13:24:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B0XC4uAYIZRG for <add@ietfa.amsl.com>; Wed, 9 Oct 2019 13:24:26 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14ECD12004F for <add@ietf.org>; Wed, 9 Oct 2019 13:24:26 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 46pQfv0VLwzFbJ for <add@ietf.org>; Wed, 9 Oct 2019 22:24:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1570652663; bh=O7cewJRCsUiWh7nG/vXr9OPTA6eh0xwwdxCWqnuIgEA=; h=Date:From:To:Subject:In-Reply-To:References; b=GGHENmufrpO1Iwxc+mWIHq6V0+FvoxFLtTaYw0HEiNCaik7Z9cB1dmqFRXJUMvEkH srk2U9X8/iHTKY6M3qvGicA4vEbvvfYq7jvabKJp3y7zfmR6NX7E7uANA1W7GiTyBr p0Kawu7GeWfY7eRjCxvtYsoqvoayeb3vMG06i680=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id WQlhojClG4ke for <add@ietf.org>; Wed, 9 Oct 2019 22:24:21 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <add@ietf.org>; Wed, 9 Oct 2019 22:24:21 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 81EA4607F2CB; Wed, 9 Oct 2019 16:24:20 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 7E29723FE47 for <add@ietf.org>; Wed, 9 Oct 2019 16:24:20 -0400 (EDT)
Date: Wed, 09 Oct 2019 16:24:20 -0400
From: Paul Wouters <paul@nohats.ca>
To: add@ietf.org
In-Reply-To: <D6D4836A-C426-491D-AAC4-D1F3323D6AB8@rfc1035.com>
Message-ID: <alpine.LRH.2.21.1910091611240.11081@bofh.nohats.ca>
References: <CALaySJLxXVuHQNfTnaeKZ_R9xtBYWfbta+A1bWcE-ZQZwd3VZg@mail.gmail.com> <CABcZeBMkAFZW9mWjw92v+OR0Fa8ed+P80yc78eY07hCpsCNY6Q@mail.gmail.com> <1556423899.28427.1570640191209@appsuite-gw2.open-xchange.com> <CABcZeBNyRDqnVL68aXny=Ht69NjahmS4zRsnYizO53M--rhM5g@mail.gmail.com> <alpine.LRH.2.21.1910091313590.2297@bofh.nohats.ca> <CAFpG3gch-mgJJMO1rEg61PhYNKeKYiJwz4NTQ3QDbEb=WNkyQw@mail.gmail.com> <D6D4836A-C426-491D-AAC4-D1F3323D6AB8@rfc1035.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/Chq-S9_hio1ry0QVSMJBeaHnAlE>
Subject: Re: [Add] Proposed charter and BoF request for IETF 106
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2019 20:24:28 -0000

On Wed, 9 Oct 2019, Jim Reid wrote:

>> On 9 Oct 2019, at 19:04, tirumal reddy <kondtir@gmail.com> wrote:
>>
>> DHCP is not a secure way to discover the local DoT/DoH server.
>
> That may well be true. However that debate belongs on another thread and maybe even another list.
>
> I thought we were meant to be discussing the proposed charter for a new WG and a possible BoF in Singapore. Could we please focus on that?

It is relevant, because if we believe the only thing that is needed is
a DHCP option, then we do not need to spin up a working group. In fact,
I would expect whoever wants to spin up a new group to have done some
preliminary work in this area so that it is clear there is a real large
enough problem to be solved using a WG. I don't get the feeling this
happened. What I see is people looking for a business model for "secure
DNS" services. I don't think that business model needs protocol level
support from the IETF (because as I stated earlier, consumer trust
doesn't work by signed XML statements).

Compare this with starting up a WG to eavesdrop on TLS 1.3 traffic.
Look at how PATIENT hasn't seen any discussion since July 2018. We
didn't start a WG for that either. Why should we do one on eavedropping
encrypted DNS?

As for the "DHCP is not secure" argument. There is absolutely no
expectation of validatable security when someone joins a random
network. When I join a known preconfigured enterprise network, I already
have trust anchors. When I decide to trust a personal DoH server that is
not local, I already have the trust anchors I need as well. An insecure
DHCP option is useful for the enterprise/parental use case, where just
being on the network is a veriably secure action already.

Paul

v2.23.0 | Report a Bug | By Email