IETF Logo Mail Archive

Re: [Add] I-D Action: draft-btw-add-home-00.txt

mohamed.boucadair@orange.com Sat, 07 March 2020 17:18 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 029923A1673 for <add@ietfa.amsl.com>; Sat, 7 Mar 2020 09:18:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rh4jUfb24jYi for <add@ietfa.amsl.com>; Sat, 7 Mar 2020 09:18:13 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CD283A1670 for <add@ietf.org>; Sat, 7 Mar 2020 09:18:13 -0800 (PST)
Received: from opfedar00.francetelecom.fr (unknown [xx.xx.xx.11]) by opfedar25.francetelecom.fr (ESMTP service) with ESMTP id 48ZWQp299lz8t8w; Sat, 7 Mar 2020 18:18:10 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1583601490; bh=CMOyKkvqK20F8edSNST+S56okBCBRMSfms5F/PnwSUo=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=ESx34JdyCb3Vh0PiSeYfGK9OiGf/e4bYybCKw2VXvUyXUyfUAvC9O2cVPqooB1upW 2qoUZz5WOwjQ3NHifsPDTfWDHDGkXhFVPfu6ivBDlQE5o2XVA8D7518Pm7C1bIUPwU VDSPbFe9Xy/ZIhB42TKQzjZapyW+lC+qfHrg6CntZvvXknSg9BScnn0zDhq7qEfMSc q/I97J/7KB8D6RX6TBv6Ci7vYKU7XM+y8OnHqR/hGwNdTXHUIcNkQHqK+NGDcLJ2Ds artrhLdwjOK6wWvbHPxxDk3NISZ8vKE0YATsNqqTuWx+anUsdbW1KbKbAE3DNbCQem cmasdrgbzAtrg==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.20]) by opfedar00.francetelecom.fr (ESMTP service) with ESMTP id 48ZWQp11VrzCqkG; Sat, 7 Mar 2020 18:18:10 +0100 (CET)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBMA1.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0487.000; Sat, 7 Mar 2020 18:18:09 +0100
From: mohamed.boucadair@orange.com
To: Tommy Jensen <Jensen.Thomas@microsoft.com>, ADD Mailing list <add@ietf.org>
CC: "Konda, Tirumaleswar Reddy (TirumaleswarReddy_Konda@McAfee.com)" <TirumaleswarReddy_Konda@McAfee.com>, "Dan Wing <dan@danwing.org> (dan@danwing.org)" <dan@danwing.org>
Thread-Topic: I-D Action: draft-btw-add-home-00.txt
Thread-Index: AQHV8fw6alZmvTuzX0C0vQF8PbSscqg4MEgAgAKRAJCAAnvncA==
Date: Sat, 07 Mar 2020 17:18:09 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B933031463FFC@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <158330934617.29404.4287578882183435520@ietfa.amsl.com>, <787AE7BB302AE849A7480A190F8B93303145E6CC@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <MW2PR00MB0410F2E1D3575DD07752082AFAE30@MW2PR00MB0410.namprd00.prod.outlook.com>
In-Reply-To: <MW2PR00MB0410F2E1D3575DD07752082AFAE30@MW2PR00MB0410.namprd00.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B933031463FFCOPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/HJMxBct7445fFUKu4VqjEyXs2_g>
Subject: Re: [Add] I-D Action: draft-btw-add-home-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Mar 2020 17:18:16 -0000

Hi Tommy,

Thank you for the comments.

Please see inline.

Cheers,
Med

De : Tommy Jensen [mailto:Jensen.Thomas@microsoft.com]
Envoyé : vendredi 6 mars 2020 19:03
À : BOUCADAIR Mohamed TGI/OLN; ADD Mailing list
Cc : Konda, Tirumaleswar Reddy (TirumaleswarReddy_Konda@McAfee.com); Dan Wing <dan@danwing.org> (dan@danwing.org)
Objet : Re: I-D Action: draft-btw-add-home-00.txt

Hey Med,

Thanks for sharing. Based on Section 10,
[Med] I guess you meant the Security section.

it seems the intent of this draft is to ensure use of DoT/DoH servers is prohibited until the user sees and agrees to a privacy policy (exception: the device is configured ahead of time by an admin to trust the given server). Is that accurate?

[Med] The draft discusses many options under which the DNS client auto-upgrades to use a discovered local DoH/DoT server without seeking for the user consent, but we have one particular case (called out in the security considerations Section) in which some 'input' is required to avoid a misuse of the service. That input can be a global configuration parameter, an explicit consent, a default, etc.

We need collectively to think about the exact behavior to follow. For example, it does not make sense to seek for the user consent to upgrade to DoT/DoH while that same server is used for Do53.

If this is the case, I would be opposed to this version of the draft. While I agree users and admins should have more control over their DNS queries, blocking Internet access on DNS server approval for home users (with no enterprise admin to do the hard work for them) seems like a deal breaker for OS vendors. I wouldn't block an HTTPS connection until the user reviews the certificate chain either. Having this information available to decorate Internet connection UI seems wise but blocking connectivity on approval is too heavy handed for the general use case for OSes.

Other feedback:

  *   I see you're using "Do53" and referring to RFC8499. That RFC doesn't specify whether "Do53" or "classic DNS" or something else is the appropriate term. There is a draft<https://tools.ietf.org/html/draft-hoffman-dns-terminology-ter-02> to address this by defining "classic DNS" but it expired. Probably time for us to revisit that and formalize a term we can all use.
[Med] Agree Do53 is not defined in RFC8499. It is defined in the dnsop I-D cited in Section 2.
   This document makes use of the terms defined in [RFC8499<https://tools.ietf.org/html/rfc8499>] and
  [I-D.ietf-dnsop-terminology-ter<https://tools.ietf.org/html/draft-btw-add-home-01#ref-I-D.ietf-dnsop-terminology-ter>].
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  *   Section 1:

     *   s/sotrage/storage
     *   s/resolexpervers/resolvers
[Med] Thank you for catching those. We have already fixed them in -01: https://tools.ietf.org/html/draft-btw-add-home.
Thanks,
Tommy

________________________________
From: Add <add-bounces@ietf.org> on behalf of mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
Sent: Wednesday, March 4, 2020 1:52 AM
To: ADD Mailing list <add@ietf.org>
Cc: Konda, Tirumaleswar Reddy (TirumaleswarReddy_Konda@McAfee.com) <TirumaleswarReddy_Konda@McAfee.com>; Dan Wing <dan@danwing.org> (dan@danwing.org) <dan@danwing.org>
Subject: [EXTERNAL] [Add] TR: I-D Action: draft-btw-add-home-00.txt

Hi all,

We submitted this new I-D.

Comments and suggestions are welcome.

Cheers,
Med

-----Message d'origine-----
De : I-D-Announce [mailto:i-d-announce-bounces@ietf.org] De la part de internet-drafts@ietf.org
Envoyé : mercredi 4 mars 2020 09:09
À : i-d-announce@ietf.org
Objet : I-D Action: draft-btw-add-home-00.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : DoH/DoT Deployment Considerations for Home Networks
        Authors         : Mohamed Boucadair
                          Tirumaleswar Reddy
                          Dan Wing
        Filename        : draft-btw-add-home-00.txt
        Pages           : 17
        Date            : 2020-03-04

Abstract:
   This document discusses DoT/DoH deployment considerations for home
   networks.  It particularly sketches the required steps to use DoT/DoH
   capabilities provided by local networks.

   One of the goals of this document is to assess to what extent
   existing tools can be used to provide a DoT/DoH service.  As an
   outcome, new DHCP and Router Advertisement Options are specified in
   order to convey a DNS Authentication Domain Name.


The IETF datatracker status page for this draft is:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-btw-add-home%2F&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=F8pys3zEoy0vOGnOgT78LOJIbKzaNlMgtDconAJ2hLQ%3D&amp;reserved=0

There are also htmlized versions available at:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-btw-add-home-00&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=EhFMoMg65FtPOpz2IJTWO%2BsYDL178RA75fjy7V2yHI0%3D&amp;reserved=0
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-btw-add-home-00&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=758uOmwdnh7QdcYVc4HtGgbeMIFHuLjtMp7wFsdS1mE%3D&amp;reserved=0


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fi-d-announce&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=oLdsbny2vjhDliNJRVwM3r%2FpRXlUIlApOwf7cz2Snho%3D&amp;reserved=0
Internet-Draft directories: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ietf.org%2Fshadow.html&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=fiRJ58jcj7gEilNpexiWBmXpiIWPdj11WgqbIESfhSg%3D&amp;reserved=0
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

--
Add mailing list
Add@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fadd&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=a8stqwwalz8Cvab2vjAurTftzQfuiwhOqYSy048prJw%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email