[Add] ADD State of Things Observations
"Deen, Glenn" <Glenn_Deen@comcast.com> Wed, 14 October 2020 19:56 UTC
Return-Path: <Glenn_Deen@comcast.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD86A3A100F for <add@ietfa.amsl.com>; Wed, 14 Oct 2020 12:56:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b=LnZYhLuX; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=comcastcorp.onmicrosoft.com header.b=oov8vGNP
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sWQUJxJPEfC1 for <add@ietfa.amsl.com>; Wed, 14 Oct 2020 12:56:48 -0700 (PDT)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C5173A100D for <add@ietf.org>; Wed, 14 Oct 2020 12:56:48 -0700 (PDT)
Received: from pps.filterd (m0156892.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 09EJtIqD020434 for <add@ietf.org>; Wed, 14 Oct 2020 15:56:48 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : content-type : mime-version; s=20190412; bh=bqSCh9c90zX14IldcDEMKFXXD1OPdp6HvbzPDt4981E=; b=LnZYhLuXjhrYchM1aqwah5j2IR6HVyDLAtKYNorJnG7il42L/mGmywbTJz/8y0W8tSUa qH4PTikfwZMlTCBTruVyZjL0Lm5uquirBzyi5b1LBXsuvRlRC4EueCnzFkghAlFvMyq3 0tfsC8HkM6rOdNL5FkJIgep+0Qr9Ygs9SzBBv4krUHgueuw2sO8XtPeR8S2xxR4HQX4i HIntaZzR+rMeY6pCXTGF90RW5fWg3EItfIvKjgHNexL9bBNOJQ4+7/y1bJmH37V5Q7M2 uRyr9nIok3Tn+Lkuw4wcHPYVFB0fv+K5i6un23vbep66zzX4lu7JDvDI14SN+6bh6VWl 3Q==
Received: from pacdcex11.cable.comcast.com (dlppfpt-wc-1p.slb.comcast.com [96.99.226.136]) by mx0a-00143702.pphosted.com with ESMTP id 34389ka1aa-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <add@ietf.org>; Wed, 14 Oct 2020 15:56:47 -0400
Received: from PACDCEX47.cable.comcast.com (24.40.2.146) by PACDCEX11.cable.comcast.com (24.40.1.134) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 14 Oct 2020 15:56:45 -0400
Received: from PACDCEXEDGE01.cable.comcast.com (76.96.78.71) by PACDCEX47.cable.comcast.com (24.40.2.146) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 14 Oct 2020 15:56:45 -0400
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.102) by webmail.comcast.com (76.96.78.71) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 14 Oct 2020 15:56:37 -0400
Received: from BYAPR11MB3111.namprd11.prod.outlook.com (2603:10b6:a03:90::25) by BYAPR11MB3301.namprd11.prod.outlook.com (2603:10b6:a03:7f::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Wed, 14 Oct 2020 19:56:35 +0000
Received: from BYAPR11MB3111.namprd11.prod.outlook.com ([fe80::914:929a:4363:21ea]) by BYAPR11MB3111.namprd11.prod.outlook.com ([fe80::914:929a:4363:21ea%5]) with mapi id 15.20.3455.029; Wed, 14 Oct 2020 19:56:35 +0000
From: "Deen, Glenn" <Glenn_Deen@comcast.com>
To: ADD Mailing list <add@ietf.org>
Thread-Topic: ADD State of Things Observations
Thread-Index: AQHWomQewQWDoy7NfE2zPHu5HGo94w==
Date: Wed, 14 Oct 2020 19:56:35 +0000
Message-ID: <22A74993-38FD-4A59-BFAF-4917ABEFC2CB@comcast.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=comcast.com;
x-originating-ip: [2605:e000:141b:121:9078:73cf:3bbf:b0c6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a4e8b4bb-a0db-4bb9-4dbd-08d8707b4149
x-ms-traffictypediagnostic: BYAPR11MB3301:
x-microsoft-antispam-prvs: <BYAPR11MB3301D5C7E4B582B04558D101EA050@BYAPR11MB3301.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: uI/tlhjjAgy/0L6aQexpT5vAPY+MVGbw+XbJW9PXCy+ODE5iaJL8XOQBWNpTBm46kK28E2hU/lTJiyMst7ayGcrHmb+4Psu1QP6Bx/lJhwYScelUOlImovWd1MMsPk1l+whd+2ls/GkC4UKRwqgZ4SOkS6p177GWPzWZdMJVkFsf/mhKQd89MWZb1MLhoUY+ViUhda4VWPz+QYFv+86ePWMIJXAWSkalGkj7XjGfOXa/JtQbk8SzYHQv05thuuPi37xULAP4Sou38x9vruF4+1jbV+0t4urig12bYalvyvj4Y/O1fdntiCY45p0ah3qntDVvUwBfsbjUXAWPDDiPfqJxFqQUW9xFtRtQmmUbcuLKoRdV6ZNBc4FjtNMbgjN42m6bM9XCR35sog06MFOw8g==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR11MB3111.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(366004)(39860400002)(346002)(376002)(66946007)(8676002)(66556008)(66476007)(71200400001)(86362001)(8936002)(66446008)(64756008)(5660300002)(6512007)(6486002)(2906002)(6506007)(76116006)(6916009)(186003)(166002)(33656002)(83080400001)(2616005)(45080400002)(478600001)(83380400001)(316002)(966005)(36756003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: FTb7z9ca1JKKnNQIprO2PxORHR86zktfikaZ+TJlOaVpM/uBNAnI4D4uvnqD8nWs7ivanLt9EEBvXB36vHsThCLRcIpXV84jNJX1I90LG+KUtvw/Q8iEF7HIAk66CU/uLi12zs7FlpEhHjtTdcELsnI7whUG4X5cXeXxuDPRWq5RIUT3GiwMO+Zv3mbmWYI8zA7B06sOGB2z75hqZ6shzyzTIj9fIAKrZSSA/VA20iZM35pisvQNBcrjo40F3W/Gdjh0FpwMmiVU6gIuPZgs/6xEPlQoJVur0M2W9RWmvvHdv/obIqBdz/YK0IK4QTIlI3raHkU40yu/Qx+3c7NdFRAvErCGZWR4jMykQ489/O+WLof3C75W2ETnn/gBoicmf5Sf992Ba6Gn0rBKmyXAun7Uaj0EtrnLfE3ClcUex/ny+HUuLBpAnHLbSctenv2fZzFzc44U34Bcjk8MMsdPti+isDiLK3weN610Z21k5DuUQJ4bBPlV6RUa4L0hriE7gR7iPI/Zq52Xflb/rFOfYFRVN2Aqdi6kpxlrucpGuf+ouiNdmgoyLjcKl8HeLcs5lni/3nqcMTZcw5RfOaJptSExrWcwaHt16lLVaCBe7nzAMYWcd2HCCIfx2T+/Hl5+/uXJvXkHbLJBRrQ0WOIJ2gyBLwvs059LyLea7rsnQMhBuuS9QdHJuH0v6pRYkROlGnEQXWeOLjqLLc1S3SH2ew==
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EmYwDKfRuvxppiAGjGyocMBJL3+Cinp219fwX2Eig9WMOSjTNltfYcyYPIEoRIZUiRM3IyBDiiRSgBtNcEBULv9CFytUumFBbnYVxXKncvuWixF5I6CzhjJJW2dykZJe5Addg0MDkGFWcm+Pyrq3b30ZbeqoLjnCWHXSJ97GC/MTUyW0dWVDyQrEjX9pIAxpfTuwKFzwUiGZLoplIys1DqERv33EevU9hqOX7I1kov5g0vMrFZ1lUqW+NxOGI5qoCGweYLBtXeOajLkHH80Xm45cIokdpYrhOL/wtY5MludXlGftLWQnY+P7Jj4pPguvb608P71PGrHzxAug1rWYdw==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u/9KmEkdW5kZIVp8ekQ7mB3W3VVpr8Z2V/mftCaqKqg=; b=GF8krOq0nyCkrWPki0mGtNWJvDIwXc7HJpDLz0VjBzIO6MSAi18p8H6bkY4+D7i7itt8uQfXtx1pIrMMlq0eRpvxlihLT1St0hmir9TM9BqJ5SpvbbRDZ1785e2VBC9DxXBuFyeAUHumUOH71tFP46U28gOKNFLNFMCeNHTKJyzIZ5voPmNDJx7GFXqzBWXwwDBMjZBJtofuULjQj5AYnSWDEQh2fhvW+7Ac9p3qoXtMzYfnAkSAtpavLmHjlI7O0uCbJu/t7vVSLbTvfLAx/IdgUTGPXUKXjikRXnENtElN0FapCPLk5/K2RQIbqeaywxE7PPk9xqpRG1duWvCx+A==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u/9KmEkdW5kZIVp8ekQ7mB3W3VVpr8Z2V/mftCaqKqg=; b=oov8vGNP0xUfJm/I4Z63FLONWHLzR/FJdR2is1d09zvwG2Q62g7PYUHltfjS8LusYCViRCimjf9yUBh7t/STOi7BkWTbrxdmh5z1HxPgk6ZjFADB4TsE0K8e33OWY/V/zC2/jXrry/UkOkZM//zADw440V6LRb+D1Hml+9xn+2I=
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: BYAPR11MB3111.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: a4e8b4bb-a0db-4bb9-4dbd-08d8707b4149
x-ms-exchange-crosstenant-originalarrivaltime: 14 Oct 2020 19:56:35.0219 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: 6qMS5hhQ1vPC6rf43IqProK0pD7flGktMoNjIcUWChChLfCY+TOjZHj0VaQkbVOSz5oSPkVLnbmXuLguWWzEQ8BBiOoVKnohkdZk78rNkFY=
x-ms-exchange-transport-crosstenantheadersstamped: BYAPR11MB3301
x-originatororg: comcast.com
Content-Type: multipart/alternative; boundary="_000_22A7499338FD4A59BFAF4917ABEFC2CBcomcastcom_"
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWB
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-10-14_11:2020-10-14, 2020-10-14 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/IuendCscxUp6KOiqdZpiIn9JjMA>
Subject: [Add] ADD State of Things Observations
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Oct 2020 19:56:51 -0000
Disclaimer: I’ve discussed the following with my co-chair and our AD for a sanity check, but if in the end if you don’t like it please send the hate mail to me as David and Barry are both innocent. --- ADD State of Things Observations Wearing my ADD co-chair hat, I’ve been thinking about the discussion had during the Sept 10th [1] and Sept 15 [2] Interims, and the subsequent list thread “My single use case” [3] and the current draft-box-add-requirements [4] and it seems that there may be emerging two classes of Discovery situations that the group is discussing that are based on the complexity of the environment that the client is in. I’ll expand on what I mean by complexity father down in this note, but for now the two classes are: (1) Low-complexity environments. – this would include the case that started the “My single use case” thread (2) High-complexity environments – this would include the RFC1918 situations, networks with more advanced technical controls, networks/devices with applied policy controls. Complexity -------------- I call this differentiation Complexity because at the heart of the discussions it seems that it is the number different factors which need to be satisfied that emerges in the discussions and that these factors aren't simply classified in to distinct buckets that can be individually satisfied without consideration of other factors in other buckets. Throughout various drafts, threads, and discussions the group has had a variety of operational and technical factors raised from a variety of situations. Some factors have been operating in RFC1918 networks with CPE devices that use stub-resolvers; Other factors have been concerns about network or device configuration requirements set by secured networks or devices; While other factors have considered the desire to be able to group associated resolvers together either by being operated by the same org, or by having the same policy set, or by same behavior set; Others have been how to operate in captive portal environments; .... and the list goes on. This list can of course can contain complexities from the threat level of the environment or the device itself that could be considered. The presence of such a wide variety of factors increases the complexity that a discovery mechanism needs to operating in, and in turn the complexity of the discovery mechanism itself. Complexity is not a fixed thing - it is a spectrum of levels from very simple environments, to more complex environments such as the RFC1918/CPE situation, through to tightly managed situations, and even to very secured networks/devices. Where we seem to be at --------------------------------- That has led to a bifurcation that is well captured when you take into account the discussing in the "My single use case" thread, and the different breakdown of situations listed in draft-box-add-requirements. The group has members with interest in working of discovery in difference levels of complexity. We also have a couple of deployed, but not necessarily scalable, approaches being used today by Firefox, Chrome, Microsoft, and Apple that currently are could be classified as simplistic versions of how you approach the discovery problem in the least-possible complex environments. A good example of this is documented in draft-rescorla-doh-cdisco [5]. Recognizing that the complexity is a spectrum ranging from low-complexity, to mid-tired, to high-complexity it occurs to me that a path ahead maybe to recognize this aspect and instead of fighting it - incorporate it into the WG group's approach, and not to try to have one answer that works everywhere. To that end I'd like to propose the following: (1) To the authors of Draft-box-add-requirements: Draft-box-add-requirements details different environments, but it does so from a perspective of listing each environment and the requirement that is then needed. Based on comments at the Sept 10th Interim, some participants took it to a an attempt to create an aggregated list of requirements that any ADD Discovery solution would need to satisfy, with of course the entirely reasonable reaction from many that such a list of MUST requirements would be boiling the ocean and would potentially ignore that the lower handing fruit of the very low complexity environments. I don' think that it was the intent of the draft authors to create an all-encompassing list of MUST requirements. To that end, I would like to suggest to the draft-add-box-requirements authors (and anyone who'd like to help them) to update the draft with the technical feedback they received from the Sept 10 Interim, and to attempt to restructure the document and its requirements around the ideas of complexity of the discovery environment, and the second idea that while the document captures requirements that exist in a variety of increasingly complex environments. These higher complex requirements don't all need to be addressed in the output of ADD for ADD meet the needs of the environments with the highest demand. The resulting new document would start with looking at low complexity environments and work up to higher complexity environments, with the requirements not being a set list of must-meet requirements, but instead a capturing for reference the spectrum of discovery situations that exist in the deployment land scape, with a recognition that there may be discovery methods which only work in the lower complexity ranges. It would also attempt to document the environmental complexities as it identifies requirements. (2) To the working group/other document authors If we view the landscape of discovery mechanisms as working within particular ranges of complexity, can we begin to recognize that aspect in the various draft approaches that have been put forward ? This would in practical terms end up with proposals that are specifically targeted at different levels of complexity. A discovery mechanism proposal would identify and declare the level of complexity and any specific environmental complexities that it is intended to operate in as part of the draft. I'm not suggesting that the ADD group try to produce distinct and unique discovery approaches for every possible environment. Practically speaking there seems to be a few - perhaps as little as 2 or 3 - specific levels of complexity that group participants have brought up repeatedly over time. If we accept that a single solution may not fit all situations, then the group can perhaps organically focus its work around the simple low-complexity case, and around 1 or 2 other specific complexities. After all the output of ADD is entirely dependent on the group's participants coming together to work on the aspects that they rate as important to put their effort into. Of course it would be nice if there was some commonality in how things work, and hopefully that is something that can come about by having the work commonly done in the same group, but it seems that recognizing that there are different levels of complexity that need solutions can be an important step. (3) Form tiger/design teams to work on this There’s already a number of good proposals that cover discovery from a couple of different approaches, and we’ve heard from many of them in WG sessions. With those ideas as seeds, and with the discussions the group has had now would be a good point to create design teams to work together and come back with proposals for the different complexity situations. For a start I would propose a group that will focus on the low-complexity environment and second group that would focus on the RFC1918/CPE Stub resolver environment. If there is a third one it likely would be set-policy/enterprise discovery, which could over a broad variety of environments beyond enterprise. It's up to the ADD group members -------------------------------------------- In the end the ADD group will go in the direction the group participants want it to go in. So please share your thoughts on the above approaches to the ADD mailing list. Is this a workable approach? Regards Glenn Deen, ADD co-chair ---- References: [1] https://datatracker.ietf.org/doc/minutes-interim-2020-add-01-202009101300/ [2] https://datatracker.ietf.org/doc/minutes-interim-2020-add-02-202009151300/ [3] https://mailarchive.ietf.org/arch/msg/add/IiYpAQ0ujdp0mlUzi1YB2cYYMT8/ [4] https://datatracker.ietf.org/doc/draft-box-add-requirements/ [5] https://datatracker.ietf.org/doc/draft-rescorla-doh-cdisco/
- [Add] ADD State of Things Observations Deen, Glenn
- Re: [Add] ADD State of Things Observations Chris Box (BT)
- Re: [Add] ADD State of Things Observations Deen, Glenn
- Re: [Add] ADD State of Things Observations Andrew Campling
- Re: [Add] ADD State of Things Observations Joey S