Re: [Add] The ADD WG has placed draft-pauly-add-deer in state "Call For Adoption By WG Issued"
Tommy Pauly <tpauly@apple.com> Wed, 20 January 2021 16:32 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F8403A14ED for <add@ietfa.amsl.com>; Wed, 20 Jan 2021 08:32:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.351
X-Spam-Level:
X-Spam-Status: No, score=-2.351 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FrTlHqRYXMQq for <add@ietfa.amsl.com>; Wed, 20 Jan 2021 08:32:46 -0800 (PST)
Received: from nwk-aaemail-lapp03.apple.com (nwk-aaemail-lapp03.apple.com [17.151.62.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B47E3A14EB for <add@ietf.org>; Wed, 20 Jan 2021 08:32:46 -0800 (PST)
Received: from pps.filterd (nwk-aaemail-lapp03.apple.com [127.0.0.1]) by nwk-aaemail-lapp03.apple.com (8.16.0.42/8.16.0.42) with SMTP id 10KGVBRW012775; Wed, 20 Jan 2021 08:32:42 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=20180706; bh=ODiJVohBYwAypWWdLZynhIKnr4lp+9rRGZ0LX8mV5lM=; b=Rp9hgeN7MOAX/Iaqz/Kwb1XJPhrFtK1/Q8jx/0D0OdEHUO49a1ZV+fOVIaw7oRUrT0rQ DhyH868m3Ad1+ivKSm/IF7cvm3RCOeHXR4nWu4O2hx/MndHzG4UF6Fal+2row9Panjp3 KUgACOpB+LSUfdwdjp6PtZabeUcMojQBZEOPIDWapLXCqk5sVWDfkGoPBcygRrAs6rtZ Mc/QjkXbXVqJx2qCsLqbJgf1feS+jErIT3QVKNlBl5371fpQuFITj+fwHXidpDLUE/2M JfC+qnmPXLf+d+ugma0vgSB52c8b1uynScByTzWbbc0QCFB9hb2Bstgrs2g4xM2BBRBZ IA==
Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by nwk-aaemail-lapp03.apple.com with ESMTP id 3668r8wmm0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 20 Jan 2021 08:32:42 -0800
Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPS id <0QN800A48RAI7W10@rn-mailsvcp-mta-lapp02.rno.apple.com>; Wed, 20 Jan 2021 08:32:42 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) id <0QN800800R7MNF00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Wed, 20 Jan 2021 08:32:42 -0800 (PST)
X-Va-A:
X-Va-T-CD: 5f4f92d06e2695ee76e1373b9e14682d
X-Va-E-CD: c8d20de3819d687cd22008cb77097499
X-Va-R-CD: c58fbf9c263e24e78175c0a1e499ab91
X-Va-CD: 0
X-Va-ID: 9376e047-14ff-49c6-b6a1-682e1e4e7dcc
X-V-A:
X-V-T-CD: 5f4f92d06e2695ee76e1373b9e14682d
X-V-E-CD: c8d20de3819d687cd22008cb77097499
X-V-R-CD: c58fbf9c263e24e78175c0a1e499ab91
X-V-CD: 0
X-V-ID: 3f139d6c-ad13-4a05-8527-3d6c10c50a04
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-20_06:2021-01-20, 2021-01-20 signatures=0
Received: from smtpclient.apple (unknown [17.235.37.38]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPSA id <0QN80092ORAHOF00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Wed, 20 Jan 2021 08:32:41 -0800 (PST)
Content-type: text/plain; charset="utf-8"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.6\))
From: Tommy Pauly <tpauly@apple.com>
In-reply-to: <f9603460-debb-32fe-c164-d6896d099b5c@cs.tcd.ie>
Date: Wed, 20 Jan 2021 08:32:41 -0800
Cc: add@ietf.org
Content-transfer-encoding: quoted-printable
Message-id: <1F085125-A19F-4564-AF19-B14D40BBC308@apple.com>
References: <161067453617.22534.9288030355633227917@ietfa.amsl.com> <f9603460-debb-32fe-c164-d6896d099b5c@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3654.80.0.2.6)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-20_06:2021-01-20, 2021-01-20 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/KioJihEiR29q_zggEyxsrDU9JlQ>
Subject: Re: [Add] The ADD WG has placed draft-pauly-add-deer in state "Call For Adoption By WG Issued"
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2021 16:32:50 -0000
> On Jan 20, 2021, at 7:13 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > Hiya, > > On 15/01/2021 01:35, IETF Secretariat wrote: >> The ADD WG has placed draft-pauly-add-deer in state >> Call For Adoption By WG Issued (entered by Glenn Deen) > > The mechanism defined here (using SVCB) is fine so I'm not > against adoption but ISTM the draft is currently based on > some false premises, the first of which is IMO likely to > lead to extended and mostly-pointless debate: > > - The equivalence called for here won't apply in many cases, > neither in terms of some (impossible?) functional definition > for equivalence, nor in terms of involving the "same entity." > I think this all looks like an RFC6919 "MUST (but we know > you won't)" and I don't see how we benefit from adding that > to an already controversial and complicated area. I'd say > better to not insist on any particular semantics except > that using SVCB like this ought always result in an as-good > or better TLS setup, so (were it up to me, which it's not) > I'd re-title this as something like "Discovering Encrypted > Related Resolvers" and re-word a good bit accordingly. The name and terminology is based on the discussion going on in the ADD working group previously; I think I’m speaking for all the authors when I say that that terminology can certainly and should change, and would be certainly eligible to refine even after adoption. > > - 4.1 will call for a SAN containing an IP address that > cannot be authenticated by a CA in many cases (the address > of the unencrypted resolver) - I don't see the utility of > that TBH. (This is separate from use of private addresses.) Again, this is a point we can continue to discuss or change. I think it is useful given that some resolvers can and indeed do support such certificates already, but that can be decided by the WG. > > - 4.2's insistence on the same IP address seems odd to me. > I suspect there's an underlying difference in interpretation > of the term opportunistic there, which isn't uncommon - IMO > even very "weak" opportunistic modes are useful if they can > lead deployments towards use of a fully authenticated mode > but the text here seems to instead consider opportunistic > mode as an undesirable end-state and not as an intermediate > state. I doubt we'll all agree on that based on this draft > though, as this has been an ongoing disagreement for a > bunch of years already:-) > > In case the above isn't clear: again, I'm not against > adoption but would argue we'd all be better of if the > above were fixed first. While that’s certainly a direction, I’d prefer to see such decisions be made as a matter of working group consensus and agreement, and not under individual authorship. Thanks, Tommy > > One other change that (if needed) would be fine to fix > after adoption is that I'm unsure that all of the clients > we'd like to do this will be able to handle, and keep up > with, the full complexity of SVCB. Could be the best way > to handle that is to wait and see what people implement > and then profile down to requiring use of SVCB records > that are supported by all known implementations. OTOH, > if it turns out everyone uses some well-tested and capable > SVCB library, then this'd likely be moot. I'm not aware > there is any such library at the moment though. > > Cheers, > S. > > > <OpenPGP_0x5AB2FAF17B172BEA.asc>-- > Add mailing list > Add@ietf.org > https://www.ietf.org/mailman/listinfo/add
- [Add] The ADD WG has placed draft-pauly-add-deer … IETF Secretariat
- Re: [Add] The ADD WG has placed draft-pauly-add-d… Stephen Farrell
- Re: [Add] The ADD WG has placed draft-pauly-add-d… Ben Schwartz
- Re: [Add] The ADD WG has placed draft-pauly-add-d… Tommy Pauly
- Re: [Add] The ADD WG has placed draft-pauly-add-d… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: The ADD WG has placed dr… Tommy Jensen
- Re: [Add] [EXTERNAL] Re: The ADD WG has placed dr… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: The ADD WG has placed dr… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: The ADD WG has placed dr… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: The ADD WG has placed dr… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: The ADD WG has placed dr… Eric Orth
- Re: [Add] [EXTERNAL] Re: The ADD WG has placed dr… Andrew Campling
- Re: [Add] [EXTERNAL] Re: The ADD WG has placed dr… Tim Wicinski
- Re: [Add] The ADD WG has placed draft-pauly-add-d… STARK, BARBARA H
- Re: [Add] The ADD WG has placed draft-pauly-add-d… Daniel Migault