Re: [Add] Proposed charter and BoF request for IETF 106

[Richard Barnes <rlb@ipv.sx>]

On Wed, Oct 9, 2019 at 2:32 PM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Wed, Oct 9, 2019 at 11:04 AM tirumal reddy <kondtir@gmail.com> wrote:
>
>> On Wed, 9 Oct 2019 at 18:15, Paul Wouters <paul@nohats.ca> wrote:
>>
>>> On Wed, 9 Oct 2019, Eric Rescorla wrote:
>>>
>>> > You're misunderstanding me. I'm not saying that we should not enable
>>> network operators to shift to encrypted transport.
>>> > As I said in the section of my message that you cut, I'm more than
>>> happy to have the IETF standardize a mechanism for
>>> > the network to tell endpoints that it supports encrypted transport.
>>> I'm merely observing that this does not address the
>>> > issue that Mozilla is trying to address with our DoH/TRR deployment.
>>>
>>> And it seems doing this at the DHCP / Captive Portal level is enough. I
>>> don't see the need for a WG to be spun up for this.
>>>
>>
>> DHCP is not a secure way to discover the local DoT/DoH server.
>>
>
> It would probably useful to start by defining what "secure" means in this
> context. For instance, I am in an airport and I see the name of the WiFi AP
> printed on the wall an join a network with that SSID. How would you define
> securely learning the DoH server?
>

I would probably be happy with the property that some random other host on
the LAN couldn't feed you bad information.

Not that this has much to do with DoH.  The impact of rogue DHCP servers is
just as catastrophic for Do53.

--Richard



> -Ekr
>
>
>> -Tiru
>>
>>
>>>
>>> Paul
>>>
>>> --
>>> Add mailing list
>>> Add@ietf.org
>>> https://www.ietf.org/mailman/listinfo/add
>>>
>> --
>> Add mailing list
>> Add@ietf.org
>> https://www.ietf.org/mailman/listinfo/add
>>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>