Re: [Add] A proposed charter for ABCD
Rob Sayre <sayrer@gmail.com> Fri, 20 December 2019 21:16 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E49C8120885 for <add@ietfa.amsl.com>; Fri, 20 Dec 2019 13:16:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DWDzvjrJJzDL for <add@ietfa.amsl.com>; Fri, 20 Dec 2019 13:16:09 -0800 (PST)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 455CA120859 for <add@ietf.org>; Fri, 20 Dec 2019 13:16:09 -0800 (PST)
Received: by mail-il1-x12a.google.com with SMTP id t8so9142274iln.4 for <add@ietf.org>; Fri, 20 Dec 2019 13:16:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lFQJjwDH1A7GZjwCU7jTBkZ5t8erP9ZqQwzLvjr6xFc=; b=LF06csJS81X5QFdkg0PoGfvif/TW+qBEHpoeA2ZLuKEKPXh9R6z4PdWjlFU9Lw5CiI sbu729bqK4QffUR6UgvBWRUaM33lTVenTdwt0EH8CM817Iaq9S94yIx5i/NipjwXHCAV GbDw9sAAa0qUk5dtDTs47v0iWRe3SdWac9a9ft2s6vBTJqIv5UHDHnfVnV7OWbHppE2B FTQ4rLDyWeVe6U7+yH0Cplc0NIm+7FxRTm4iKqWaRL2EhKfs7MSmYfvPvJZz9Vr2EoZY uH068xApYE7nOWY/HLLgDuVE1H6Z9bI6zEVP6c35IuIJCCqse52GWo6ATYKjEDM9tdmI 3RLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lFQJjwDH1A7GZjwCU7jTBkZ5t8erP9ZqQwzLvjr6xFc=; b=HZOgGsj85k/bHTwHE08cXNIBE1B+nN1ydvp8anoCOwZY8IOR9WFos4FmgORfEV133d 6SIwASFSxqwE2jh6wpSfoJizUCYhAllvi9v/5HhZH4XsWkvVsrg1nhoq9wnyDx5IQ9Vx xN/nQWMfNeYhLW4LVMQqbMu7TgqFycbiJUUVJdJZog/DaFYI3k5cOyZfzUMtOiHuVnvT 0N6sPFzjtOPdZvt1JJTvo+4ke3yrnYpVNsh8gxi96AHjQSXZBjLE6l2Fem/awx7s6EcE n4LzsicNyRtaDFI1cAKjb2FsUYFxIVbEJ/c6n8WNYwkptnoCQ6bUEsjRjq33Rwdo8Ehm RBUQ==
X-Gm-Message-State: APjAAAUtXskgrqWmFQxHPNxqDQU+xBNrepN7h9/AUYHqh/I3d1x5rW76 s4GuTllDK27LOLd8qBeSEtriLMSgvV8PG1L+GVA=
X-Google-Smtp-Source: APXvYqwbkENZczDv7lSOPnYe9I1Jp2XDAYo6v6vDn2VMooaseijOZQ5rwmcpXC/IZLMjNz2LS9ubLQQ34cXZbAX3jI8=
X-Received: by 2002:a92:3a88:: with SMTP id i8mr14117155ilf.254.1576876568267; Fri, 20 Dec 2019 13:16:08 -0800 (PST)
MIME-Version: 1.0
References: <CAHbrMsACEWWFxw04KUc4Q66G4hf_P3V3eOnAHqw18PDxCn-b2g@mail.gmail.com>
In-Reply-To: <CAHbrMsACEWWFxw04KUc4Q66G4hf_P3V3eOnAHqw18PDxCn-b2g@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Fri, 20 Dec 2019 13:15:57 -0800
Message-ID: <CAChr6Sx-ggY3Vzdo7bijsNXCWXMABFv-9asvU6SEDxy=g5AXng@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b4cf66059a292f3c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/LycRCCMj2vXvG91KWLicWNWyrB0>
Subject: Re: [Add] A proposed charter for ABCD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2019 21:16:13 -0000
On Fri, Dec 20, 2019 at 7:20 AM Ben Schwartz <bemasc= 40google.com@dmarc.ietf.org> wrote: > > ----------------------------------- > > Proposed charter text: > > This working group will focus on DNS client side topics, particularly > discovery and selection of resolvers. This complements existing DNS-related > working groups, which are responsible for improvements to the DNS protocol > itself, and for operational questions that are principally of interest to > DNS server operators. > > The working group is chartered to develop an extensible protocol for a DNS > client to learn detailed information about a resolver, based on > draft-ietf-dnsop-resolver-information, which will be transferred from > dnsop. Relying on this new protocol where appropriate, the working group > should produce standards-track, informational, or experimental documents > that provide the following items, using the drafts in brackets as input > (with no obligation to adopt them): > * methods for a recursive resolver to advertise support for an > alternative transport protocol [draft-sah-resinfo-doh], > * methods for a recursive resolver to indicate that it will sometimes > return DNS results that are different from the global DNS > [draft-grover-add-policy-detection], > * methods for improving user privacy by avoiding DNS queries that leak > information or directing them to a server that will have this information > anyway [draft-pauly-dprive-adaptive-dns-privacy], and > * a format for describing the client’s DNS configuration, suitable for > diagnostics and debugging. > > Where possible, any mechanisms that specify exchange of information > between clients and resolvers should provide the security properties > expected of IETF protocols, e.g., confidentiality protection, integrity > protection, and authentication with strong work factor. Each specification > must clearly indicate under what circumstances and assumptions these > properties are or are not provided. > It seems like the key difference between this proposal and Tommy Pauly's is the "Where possible," at the start of the paragraph detailing security properties. However, last I checked, these properties are not optional in IETF protocols. Several of the proposals above look like they'll hinge on this turn of phrase, so I don't think it's wise to punt on the justification here. It should probably be in the charter with alongside each work item, each of which should be more concrete. In some cases, it's difficult to argue that these drafts make things worse, but those that enable a downgrade from encrypted traffic are difficult to distinguish from attacks. In secure deployments, the network operator will be able to bootstrap DNS (via enterprise policy, parental control software, etc). For situations where the device is not controlled by the network, methods of authenticating the DNS server seem called for. Since the client (application or OS) needs to rely on the DNS for software updates to keep it secure, it doesn't seem like Web PKI provides adequate guarantees. Something like OIDC seems more appropriate for large-scale deployments, where managing each client is difficult to do (example: authenticate your ISP with OS or Browser Single Sign-In). One possible work item for the group might be to document the security of a variety of DNS bootstrapping options, starting from the bottom: unencrypted DNS learned via DHCP. thanks, Rob
- [Add] A proposed charter for ABCD Ben Schwartz
- Re: [Add] A proposed charter for ABCD Paul Wouters
- Re: [Add] A proposed charter for ABCD Ben Schwartz
- Re: [Add] A proposed charter for ABCD Paul Wouters
- Re: [Add] A proposed charter for ABCD Barry Leiba
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Smith, Kevin, Vodafone Group
- Re: [Add] A proposed charter for ABCD Eric Orth
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Michael Richardson
- Re: [Add] A proposed charter for ABCD Christian Huitema
- Re: [Add] A proposed charter for ABCD Michael Richardson
- Re: [Add] A proposed charter for ABCD Michael Richardson
- Re: [Add] A proposed charter for ABCD Christian Huitema
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Melinda Shore
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD John Levine
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Christian Huitema
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Michael Richardson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Ralf Weber
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Winfield, Alister
- Re: [Add] A proposed charter for ABCD Ralf Weber
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Ralf Weber
- Re: [Add] A proposed charter for ABCD Paul Wouters
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Jim Reid
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Adam Roach
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Alec Muffett
- Re: [Add] Data sharing can not be detected with o… Ralf Weber
- Re: [Add] Data sharing can not be detected with o… Rob Sayre
- Re: [Add] Data sharing can not be detected with o… sthaug
- Re: [Add] Data sharing can not be detected with o… sthaug
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] Data sharing can not be detected with o… John R Levine
- Re: [Add] Data sharing can not be detected with o… sthaug
- Re: [Add] Data sharing can not be detected with o… Eric Rescorla
- Re: [Add] Data sharing can not be detected with o… Ted Lemon
- [Add] Filtering in the EU (was Re: Data sharing c… Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Adam Roach
- Re: [Add] Data sharing can not be detected with o… Jim Reid
- Re: [Add] Data sharing can not be detected with o… Rob Sayre
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Tommy Jensen
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Adam Roach
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Mirja Kühlewind (IETF)
- Re: [Add] Data sharing can not be detected with o… Livingood, Jason
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Ralf Weber
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD STARK, BARBARA H
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Glenn Deen
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Livingood, Jason
- Re: [Add] A proposed charter for ABCD Livingood, Jason
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Alissa Cooper
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Deen, Glenn (NBCUniversal)
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Tommy Pauly
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD STARK, BARBARA H
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Deen, Glenn (NBCUniversal)
- Re: [Add] A proposed charter for ABCD Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Rob Sayre
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Glenn Deen
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Rob Sayre
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Glenn Deen
- Re: [Add] A proposed charter for ABCD Rob Sayre
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Smith, Kevin, Vodafone Group
- Re: [Add] A proposed charter for ABCD Vittorio Bertola
- Re: [Add] A proposed charter for ABCD Livingood, Jason
- Re: [Add] A proposed charter for ABCD Ian Maddison
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- [Add] bikeshedding on the charter discussion Jim Reid
- Re: [Add] A proposed charter for ABCD STARK, BARBARA H
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] bikeshedding on the charter discussion Paul Wouters
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] bikeshedding on the charter discussion Mirja Kuehlewind
- Re: [Add] A proposed charter for ABCD Eric Rescorla
- Re: [Add] A proposed charter for ABCD Stephane Bortzmeyer
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Andrew Campling
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] A proposed charter for ABCD Kenji Baheux
- Re: [Add] A proposed charter for ABCD Ben Schwartz
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Deen, Glenn (NBCUniversal)
- Re: [Add] A proposed charter for ABCD Tommy Pauly
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Brian Dickson
- Re: [Add] A proposed charter for ABCD Stephen Farrell
- Re: [Add] A proposed charter for ABCD Ted Lemon
- Re: [Add] [EXTERNAL] Re: A proposed charter for A… Winfield, Alister