IETF Logo Mail Archive

Re: [Add] Authentication Sub-topics for Tuesday Interim (homework for Tuesday's meeting)

Eric Rescorla <ekr@rtfm.com> Sun, 13 September 2020 23:21 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0FB33A0AB5 for <add@ietfa.amsl.com>; Sun, 13 Sep 2020 16:21:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtDji_6irssj for <add@ietfa.amsl.com>; Sun, 13 Sep 2020 16:21:23 -0700 (PDT)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 926183A0AC6 for <add@ietf.org>; Sun, 13 Sep 2020 16:21:22 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id z17so11386260lfi.12 for <add@ietf.org>; Sun, 13 Sep 2020 16:21:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1vnG0o4FkokbFBtYWKUAvGRKRSJgInRHcUNhaFp4y30=; b=qbacUU3bdXAJgrGvoq2UyiiQaI2/IJ4s+sTS9I/FvD38Ta0RW/lNZlAga873sn7G3r UeBLZyZV7OaiOmEvUE2YdLQBSgbTqHDKmMBrKHcF4JGgpmK9B6NhJKw08ZtjSjacSYbz 1u8dDWLiQhfnJZLNv5cPslLUeykpfUnI2Q0GX3Sl+8G1Llrg/nB65upsfWjLcwS51lfK 753TFPCb1rkZBvF3KlaRiueUHdI/WjfhabRgqRVo+b0KkIgu8TwYPmWc2qskOOlh0dPF i1Zk1u3WSOmRw0eOqaWkZaVs1j3Vhiz6TXYC9hI/3PtgJjbly8eT00ljahz8FyTtfzVP riwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1vnG0o4FkokbFBtYWKUAvGRKRSJgInRHcUNhaFp4y30=; b=HwDa4bozRMbGRQFe2CD0ac8oMxxBPwDB/1OHeh1t+5bd0b4D2rK0LwJKy0ysqDnHr+ 9NNCNkmIR5NcFNs1nfUMvYfRCtw5BVN9/CI7/jCKjgF8zz8eLA8jxJ0JA7H6iPBA+7Bh 81bOjwr/fGFeg5gU1PIH3FGRNf3x2iZMV2JPcW8/9RsCzAIS//BpzGxbqT4TBFS6BgF4 LHtHlSE3d+ZuTdwtiWX4seLin6S0/nXUNHziI/t1Y5b79bjLZQVHPSNY6YtLfiYu6bvG Dz82RaD3fP5u5E64650A45yX4BSNDJK2iUYfnSFV3UIiNbVPi+qJ/qwL2AQE+6h5ptzb bPwA==
X-Gm-Message-State: AOAM532obbf43GlhPZvY8y7WzmBDP79hCkDKezIkh/8tFJj7oVGtIgo/ Q2hg+OrGFK3I71/SH6aJdWhtnuPw6rzcaxBYrs3x/w==
X-Google-Smtp-Source: ABdhPJwj4iJcA0ejhLFLDHjHetSnwo87kst1wZhWTMoHdQJ9E70XhNzo+MzBLZNn/ISpi0rgsvF30maBJbUQnO/Oa7s=
X-Received: by 2002:a19:c07:: with SMTP id 7mr3036872lfm.516.1600039280805; Sun, 13 Sep 2020 16:21:20 -0700 (PDT)
MIME-Version: 1.0
References: <200E7364-7635-4C21-9CF7-86C93EFB7E4F@comcast.com>
In-Reply-To: <200E7364-7635-4C21-9CF7-86C93EFB7E4F@comcast.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 13 Sep 2020 16:20:44 -0700
Message-ID: <CABcZeBPuq86Fj0VYQ+1j8ZWo+4BT1bDJGfnRmi82oUc8Xns=PQ@mail.gmail.com>
To: "Deen, Glenn" <Glenn_Deen@comcast.com>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f5a01005af3a2cfd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/OfUgk0_kcrp-Fu5bfmIrnNySZa0>
Subject: Re: [Add] Authentication Sub-topics for Tuesday Interim (homework for Tuesday's meeting)
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2020 23:21:26 -0000

(1) What capabilities are we going to assume an attacker has in the local
discovery model? Do we have *any* candidate design which does anything
useful in those circumstances? If so, what does that design do?
(2) Do we have any secure way to tell clients which resolver the network
wants them to use?
(3) Assuming that we had a secure way to tell clients which resolver the
network wanted them to use, what would we want to say there?

Spoiler alert: I have opinions on the answers to these questions, but that
seems like a topic for the interim.

-Ekr



On Fri, Sep 11, 2020 at 11:51 AM Deen, Glenn <Glenn_Deen@comcast.com> wrote:

> Hi ADD,
>
>
>
> Authentication clearly has emerged as a topic important to the group.   It
> showed up during the ADD Interim on Sept 10th in both comments and in
> jabber. Prior to that It has shown up in  drafts, list traffic and GitHub
> issues.      Coming out of the Interim yesterday it was proposed as the
> starting topic for the next interim on Tuesday Sept 15.
>
>
>
> To help focus and facilitate productive conversation the chairs would like
> to ask for the group’s help in breaking down the topic of authentication
> into sub-topics for Tuesday’s interim session.
>
>
>
> Here’s a small homework assignment for the next couple of days to help set
> the Interim agenda:  We ask that ADD participants please take a few minutes
> and post to this list thread authentication sub-topics you’d like to
> cover.
>
>
>
> To get you thinking on the question,  consider that authentication has
> come up in a variety of ADD discussions:
>
>
>
>       (1) Topic:  the question of can DHCP play a role in discovery which
> has resulted in many saying “No” since it isn’t authenticated;
>
>       (2) Topic:  the question of authentication’s role in resolver
> discovery and validation;
>
>       (3) Topic:  the question of authentication to enable identification
> of resolvers that are associated or affiliated with one another or an
> organization
>
>       ….
>
>
>
>
>
> This list is by no means complete and is meant to illustrate a few of the
> places and contexts the topic of “Authentication” has popped up recently.
>
>
>
> Please share what authentication topic, scenario, role, need you believe
> the ADD group should spend time discussing on the Tuesday agenda.
>
>
>
> Please limit discussion on this particular thread to only sharing what
> authentication sub-topic aspect you’d like to see discussed and not expand
> into a discussion of the sub-topics themselves.   Yes this all interesting
> stuff, but the thread can quickly become overwhelming for readers to
> follow.
>
>
>
> So limit, for now, responses to what you’d like to discuss – not the
> actual technical discussion.
>
>
>
> Also, this may prompt some responders to feel like now it is a good time
> to stray into policy discussions.   Please try to self-regulate and not go
> there.    ADD is limited to technical mechanisms to do discovery and a
> means to convey information about the discovered resolvers – and the
> discussion needs to stay withing those boundaries.
>
>
>
> Regards
>
> Glenn Deen & David Lawrence – ADD Chairs
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email