IETF Logo Mail Archive

Re: [Add] meeting hum: should the IETF take up this work?

Vittorio Bertola <vittorio.bertola@open-xchange.com> Sun, 28 July 2019 02:50 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2DCB1200DF for <add@ietfa.amsl.com>; Sat, 27 Jul 2019 19:50:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vBcvoBi2ed6W for <add@ietfa.amsl.com>; Sat, 27 Jul 2019 19:50:11 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B0AE1200D7 for <add@ietf.org>; Sat, 27 Jul 2019 19:50:10 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id 95E646A30C; Sun, 28 Jul 2019 04:50:07 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1564282207; bh=os0N1Kp1bmfhhAGx+g41ks48hGQcVd+hdRRDoedMZPs=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From; b=n8CQmAdWZVuK3MrL9pD7lEe+Jn02W7ngOUgQx2lXaX9zRTXluxqggGA4E7eZz2x78 lDptF0tpRnxQsB4T0wNB/cy7kRneseaJ/qsovhTss6zaHWnv+GCpySA/SWipfIohIq njNkJmsKLwP2/BphvfmalLf73dTBTA8u7GMk7vcViz3XhQ/8XIJt5uRS2Xx3qPIHwn vxI0NwU/6sxx42hhtQpwYAl4CD+7zZvpQ6fgXUnCL5npKdlCnlXiiegFOD/5sCfIBk ACQ3BiWYcq1X57d0N0pY0tLWB3d5hZoY+/AexHqCf4dTVT9g5/hIGPAXv44HCx7uyz g8BqZMedp9usA==
Received: from appsuite-gw2.open-xchange.com (appsuite-gw2.open-xchange.com [10.20.28.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 7C7213C0063; Sun, 28 Jul 2019 04:50:07 +0200 (CEST)
Date: Sun, 28 Jul 2019 04:50:07 +0200
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
Reply-To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: ADD Mailing list <add@ietf.org>
Message-ID: <1938073477.1358.1564282207426@appsuite-gw2.open-xchange.com>
In-Reply-To: <CABcZeBPZBksubxV6WANToTWB=LbTbRKksv6f87taDLW4A0Bpeg@mail.gmail.com>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <AAEA003A-58DB-4FEE-81B2-BBFE9BBB2A37@rfc1035.com> <CAChr6SwA+HM4u5-xpUxQXPH8G8k7sfm6AETJJ019HE=bsq+OXA@mail.gmail.com> <8F094057-DFBC-4732-9DA4-BE46E7914C8A@rfc1035.com> <20190724165951.GB29051@laperouse.bortzmeyer.org> <821B448B-F7EA-46A5-837D-DA0E8C60643A@open-xchange.com> <d653d422-4a71-9fab-fd2e-b8ddaa476f91@nostrum.com> <25583.1564181379@dooku.sandelman.ca> <CABcZeBNnajRyEtOdhk2nS7uNgQM_z04FbEyxSFWMQ8ho82dPiQ@mail.gmail.com> <1856.1564239150@localhost> <CABcZeBPZBksubxV6WANToTWB=LbTbRKksv6f87taDLW4A0Bpeg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.2-Rev9
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/EU8jFOBBo_4zxaIsoMNpIGif9GM>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jul 2019 02:50:13 -0000


Il 27 luglio 2019 17:55 Eric Rescorla <ekr@rtfm.com> ha scritto:




On Sat, Jul 27, 2019 at 7:52 AM Michael Richardson < mcr+ietf@sandelman.ca> wrote:

If the extension said what the privacy was, rather than just that Mozilla had
vetted it, then perhaps there could be other levels of privacy.

It's not quite clear to me what you have in mind here, but one thing I would like to emphasize is that the Mozilla TRR program is more than just a self-assertion about privacy policy, in that we actively manage the list, rather than just trusting people's self-assertions. If people were interested in some other set of privacy policies, then it's not clear to me who would be responsible for running such a program.
I understand your viewpoint, but from the opposite one - the resolver operator's one - having to apply for membership to multiple lists of trusted resolvers, possibly with different or even contrasting requirements, just to be usable on any browser and any application, looks like a nightmare. Also, this would definitely be a push towards a smaller number of bigger and more centralized resolver operators, as smaller operators would have a harder time managing multiple accreditations.

So there would be merit in thinking of a joint industry program to evaluate and accredit resolvers, which could even foresee different levels of accreditation or different policies, so that applications could still pick different requirements, but at least the resolver could apply once and, if meeting all the requirements, be validated for all clients. All in all, it would not be too different from the CA machinery.

But your point on who would run it, and "is there actually anyone willing to work on this?", is also valid; and also, even the simplest resolver certification program would still be more restrictive, and thus more prone to centralization, than the current situation in which people can just deploy a DNS resolver without having to ask for permission and it becomes immediately available to everyone.

-- 

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy

v2.23.0 | Report a Bug | By Email