Re: [Add] [Ext] My single use case
tirumal reddy <kondtir@gmail.com> Tue, 15 September 2020 06:30 UTC
Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 929F13A0417 for <add@ietfa.amsl.com>; Mon, 14 Sep 2020 23:30:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kn4x6piTKLwL for <add@ietfa.amsl.com>; Mon, 14 Sep 2020 23:30:38 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D215F3A0403 for <add@ietf.org>; Mon, 14 Sep 2020 23:30:38 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id j2so2826317ioj.7 for <add@ietf.org>; Mon, 14 Sep 2020 23:30:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kkfyAOo4ycTWdHzxTgdsDH1Tvibri8Ked/IxSycUqvA=; b=XuboV4N5HIbOAFbUsJIgXTSIE4ppdTbscEEfEHQClz440lZw0E6n+Irdl2pMkbmuL3 aorP1kQndNhN8Bpk9cEh76/hMVNdaJfkr23PkK6NH1nF7RBwB/u5pXmwa3fLyhlbWuIE Nj6NaFYi6RO4Hq+l+SZH96ni38rMePbq7rQ5gf7TRmkMozL5SX1ieLA5VOm3kJXQtXMT z0Yrt4eEkrlOE8kxbHdxgWLZ0iGuIAxVmXYOxflH1i9LBXtp0Kr/2bx+6mZ6IAQVxuwZ bWpTsMLPXZwOwcvaFnj9xfxdYECz4y8ueXfVsDusgczW3lk86h5mA/dHD59nqy+xWu8r xdsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kkfyAOo4ycTWdHzxTgdsDH1Tvibri8Ked/IxSycUqvA=; b=dt4teRBHfwAn+hhd6jOvWRGBtcSuj2ID5vZjF/N87wFcreMyLQ6gjMOhGYhADhx7pZ gRwt0LmocLCnh5iA66XCKWlAaFSy+fTidyCr41Yqp0OEveNYvwwYcyVfxK2mUzOPDyaj p3zcRW2lG6Tv6BhbVWy2QzwwIUYqNDZlKHzf5fQH8vyepr0h7DOUEOT7d0A1s8os63El Yinlos92CgbcUlykJO+9P0RT4VbYAw8dytvCuSoV/cxtNlXQyA5CRV4PiUr41DvD7B1G QPlzwhj+lI7CyK10zzQxwwqKI5uHXAk4EYBgiNv2DajpwwypH6Rf8pqoNkW5g8Yh4EUJ yHDw==
X-Gm-Message-State: AOAM531N8Mk0mbFuGjkYINSxnPYuxCsDgzI2Xrwis+HFM/uYHQx+e37b 3cl6ldxPGlL93u+hr8Eh9iHw8NC+BGPfCTYkh48=
X-Google-Smtp-Source: ABdhPJx2mmrTiemMpWn6nAoQGI4j5/h1RSNrmnLm7VgXUONkQ8iZFW/tSqSEOwAOJpZI4w1b5c4owHCu5UQK8qgZhoc=
X-Received: by 2002:a05:6638:cdc:: with SMTP id e28mr16652101jak.100.1600151437916; Mon, 14 Sep 2020 23:30:37 -0700 (PDT)
MIME-Version: 1.0
References: <d4bd287a-d2ce-40cd-b635-4f74efbc77f6@www.fastmail.com> <CAFpG3ge=fyBOKsjZr+uK+kdmUsp0U1+osJjHSiwB9V59ctq=RA@mail.gmail.com> <CABcZeBPOjAor0js5RYkpzm0-6-Awx8Px06ycwu_W5XWakxYt2w@mail.gmail.com> <CAFpG3gfUr86haKDrMGTt7YjEG4uufdwF=16SbGb+5xs8JrLteg@mail.gmail.com> <3C102757-D2CF-41A3-965B-85471722A1EB@icann.org> <CAFpG3gf+z2eBRL+GT5THvr1M4J_r3CkH2=MY62zS18FPrB6zwA@mail.gmail.com> <CABcZeBOLbnbr7kSkJuJLUcRjftTWycDmcLV=6ux1ryic217y3g@mail.gmail.com> <CAFpG3gf=4n7n+9YTNwwRnMAptiQGGJV6MsDMuHQkJW8aLZrxHQ@mail.gmail.com> <CABcZeBPm2SfjJJn6gP1t=-D3aEV9pgrsheBNDEiX-ddWeOVybA@mail.gmail.com>
In-Reply-To: <CABcZeBPm2SfjJJn6gP1t=-D3aEV9pgrsheBNDEiX-ddWeOVybA@mail.gmail.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 15 Sep 2020 12:00:26 +0530
Message-ID: <CAFpG3geZCmkaMV2xCq6=C0TOxpZrvOD76OaY+5zvM=USRsonMA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Paul Hoffman <paul.hoffman@icann.org>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000b3e0205af544a40"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/FHtr9CP9jBqPCqwsd-wFxq19m6o>
Subject: Re: [Add] [Ext] My single use case
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2020 06:30:40 -0000
On Mon, 14 Sep 2020 at 18:18, Eric Rescorla <ekr@rtfm.com> wrote: > > > On Sun, Sep 13, 2020 at 11:47 PM tirumal reddy <kondtir@gmail.com> wrote: > >> Hi Eric, >> >> Please see inline >> >> On Fri, 11 Sep 2020 at 20:57, Eric Rescorla <ekr@rtfm.com> wrote: >> >>> >>> >>> On Fri, Sep 11, 2020 at 8:18 AM tirumal reddy <kondtir@gmail.com> wrote: >>> >>>> On Fri, 11 Sep 2020 at 20:21, Paul Hoffman <paul.hoffman@icann.org> >>>> wrote: >>>> >>>>> On Sep 11, 2020, at 5:06 AM, tirumal reddy <kondtir@gmail.com> wrote: >>>>> > >>>>> > On Fri, 11 Sep 2020 at 16:45, Eric Rescorla <ekr@rtfm.com> wrote: >>>>> > >>>>> >> For wired network you plug into the wall. >>>>> >> For a wireless network, someone gives you an SSID and a (common) >>>>> password. >>>>> >> >>>>> > You seem to be referring to home/coffee shop use cases and not >>>>> relevant to on-boarding devices in an enterprise network. >>>>> >>>>> It is wrong to say that Ekr's model "is not relevant" to enterprise >>>>> networks. >>>> >>>> >>>> I only meant common password is "not relevent" to an Enterprise network. >>>> >>>> >>>>> Some enterprise networks use extra configuration for handing out >>>>> resolver information, >>>> >>>> many enterprise networks (including the one I'm using at the moment) do >>>>> not. >>>>> >>>> >>>> Yes, it depends on the enterprise network. In addtion, whether it is a >>>> IT-owned devices, BYOD with MDM or configuration profile or a BYOD with >>>> unique credentails. The use case should consider all the above type devices >>>> including IoT devices. >>>> >>> >>> I disagree with this. In particular, I do not think it should include >>> anything that is managed (MDM, enterprise config, etc.) because those >>> entities can just directly configure the DNS provider. It might still be >>> useful in some way to have a signaling protocol, but it is a far lower >>> priority. >>> >> >> If the discovery protocol works for unmanaged BYOD, it would also work >> for other types of devices. >> I understand device management tools can be used to provision managed >> devices with network provided encrypted resolver but it is not yet fully >> supported, for example (1) configuration profile (provisioned using OTA) >> does not yet support configuring the encrypted DNS resolver and the >> configuration profile is specific to Apple (3) I see policies (GPO) can be >> set on Chrome/Firefox and OS like Windows to use a DoH server but not sure >> about other OS/Browsers. (3) I don't think MDM (from several vendors) >> supports encrypted DNS server configuration yet. >> > > So? Any of this would require something to change on the endpoints. > Yes. > The question is what the appropriate change would be in this setting (if > any), and what I'm saying is that the appropriate change is to use the > existing device management. > It depends whether the discovery standard gets deployed first or device management tools upgrade before the standard is developed. I am hoping in the near future if the standard secure discovery protocol gets adopted by endpoints, no need to wait for an upgrade to device management tools. -Tiru > > -Ekr > > >> -Tiru >> >> >>> >>> -Ekr >>> >>> >>>>> It's fine to say that Martin's use case is not the use case you >>>>> personally are interested in; please don't dismiss it as "not relevant". >>>>> >>>> >>>> I am interested in the use case :) I would like to understand whether >>>> the use case is for a Home or Enterprise network. >>>> >>>> Cheers, >>>> -Tiru >>>> >>>> >>>>> >>>>> --Paul Hoffman >>>>> >>>>> -- >>>> Add mailing list >>>> Add@ietf.org >>>> https://www.ietf.org/mailman/listinfo/add >>>> >>>
- [Add] My single use case Martin Thomson
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen
- Re: [Add] My single use case Chris Box (BT)
- Re: [Add] [EXTERNAL] My single use case Jim Reid
- Re: [Add] [EXTERNAL] My single use case Robert Mortimer
- [Add] Zone ownership in DNS server discovery Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Ben Schwartz
- Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
- Re: [Add] Zone ownership in DNS server discovery Tommy Jensen
- Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
- Re: [Add] [EXTERNAL] My single use case Martin Thomson
- Re: [Add] My single use case Martin Thomson
- Re: [Add] My single use case tirumal reddy
- Re: [Add] Zone ownership in DNS server discovery tirumal reddy
- Re: [Add] Zone ownership in DNS server discovery Vittorio Bertola
- Re: [Add] Zone ownership in DNS server discovery Joe Abley
- Re: [Add] My single use case Eric Rescorla
- Re: [Add] My single use case tirumal reddy
- Re: [Add] My single use case Eric Rescorla
- Re: [Add] [Ext] My single use case Paul Hoffman
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [Ext] My single use case Eric Rescorla
- Re: [Add] [EXTERNAL] Re: [Ext] My single use case Geist, Dan (CCI-Atlanta)
- Re: [Add] [EXTERNAL] Re: Zone ownership in DNS se… Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Martin Thomson
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [EXTERNAL] My single use case tirumal reddy
- Re: [Add] [Ext] My single use case Eric Rescorla
- Re: [Add] [EXTERNAL] My single use case Daniel Migault
- Re: [Add] My single use case Daniel Migault
- Re: [Add] [EXTERNAL] My single use case Vittorio Bertola
- Re: [Add] [EXTERNAL] My single use case Andrew Campling
- Re: [Add] My single use case Steffen Nurpmeso
- Re: [Add] [EXTERNAL] My single use case Daniel Migault
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen