IETF Logo Mail Archive

Re: [Add] [EXT] Re: Fwd: New Version Notification for draft-reddy-add-server-policy-selection-02.txt

tirumal reddy <kondtir@gmail.com> Tue, 02 June 2020 12:15 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB953A0755 for <add@ietfa.amsl.com>; Tue, 2 Jun 2020 05:15:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bwxnjpSSODRs for <add@ietfa.amsl.com>; Tue, 2 Jun 2020 05:15:45 -0700 (PDT)
Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71F613A060A for <add@ietf.org>; Tue, 2 Jun 2020 05:15:45 -0700 (PDT)
Received: by mail-il1-x132.google.com with SMTP id p5so11564621ile.6 for <add@ietf.org>; Tue, 02 Jun 2020 05:15:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/zCsGxdDsbYhaXSfMGH/0Op5J46SCI+QEl1+OyqxLIM=; b=I6DGqfssiWmQtnO9zIDG5ugScQgPDh7+g0kXAOTOllXdic16WBml5Mmd2ZqlMn9pOh 8SccbclnBfA7/wml+dvc2ctkk9rjPSxR1mmTysnwiJJQp9GK4HLbPTELxjhPTT2KB0sS EJGUDhrnCj0qT12vaHDoDKs/z+Lih93EOTUTzXHvBCTAYkw/GZr8LYfBBrUSpVofDwb5 XTA97JVt/Lr7ld5y0Riw2TG+hX8rioRe+TPI63ZzdvvcvIKBXHDW523zVop3CmnUoHkO biQCTy2alg4xadHfUUOoZrMOR/3S+BAVUZ41oTCqNbSl46PWzvvVrSwqjpFgZ9lhZeIw 9ihQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/zCsGxdDsbYhaXSfMGH/0Op5J46SCI+QEl1+OyqxLIM=; b=Hh3ebDQgGIWsrOFrkcOHxJUGff+DQOSpxH6qFpMhSfXnjHoOCWy9yd/k7KruMlSY17 eZZe0p1eUYBGduLjhjmaxXNsLqYfGK3XaHODk2tSLwh3n8PA9d7C9P6O7T7q59UbdCER qXG5hip7HL9M+gYEnVlDgG8pHpsw3JaBcm5uaZl8WeiIrgdPmR1FeVHNyZ5/W4RpYHnq TlrGpiqCvrRLDaljRd130FaKABy7+7d1HPchR8O0fvKhEa/IDQW0S9qnO6jWAFqAhmyD wUKk7qfTNBI1JD4Ie1JjuQIxhYEgsNwCcJvniBCNrc+HtndO5vk8j/emW+0cRK001VZW LkMg==
X-Gm-Message-State: AOAM531A3DNpYva24FjY0joqpsT6JATiVIdS2WmnuF0SSdfN6eEQnCVh kNyYQa4rjw/Z6s0dZ6fveqisD9TIr6NnyANXaA0Uao4D
X-Google-Smtp-Source: ABdhPJw/dBLc4HYjpMZIm+2l00757cOWFuvCmitANAr2Lz92R8IAgT7gVjPfrmANEcT3Cl6xU9+5Jv1MELLlDHvBlHQ=
X-Received: by 2002:a05:6e02:144:: with SMTP id j4mr24693814ilr.214.1591100144627; Tue, 02 Jun 2020 05:15:44 -0700 (PDT)
MIME-Version: 1.0
References: <159064546659.30784.12927519685709906985@ietfa.amsl.com> <CAFpG3gfwsyxf7UAd61LLfsF-4Rd+sDEqjc3o86iy_UOveQbY-g@mail.gmail.com> <86151027.6608.1590676320799@appsuite-gw2.open-xchange.com> <CAFpG3gcX0rqVMWaJ6F-gayGhu7kia0RFrHfXJvrp3st9XDS4Nw@mail.gmail.com> <199199696.10466.1591029935148@appsuite-gw1.open-xchange.com>
In-Reply-To: <199199696.10466.1591029935148@appsuite-gw1.open-xchange.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Tue, 02 Jun 2020 17:45:33 +0530
Message-ID: <CAFpG3geQ+6MeKDg15yrh-rVGgqY2W=+QeTsOiumQqioYzTjLAQ@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ec34e705a718dea3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/P63cri94rFBD8ZX9LpQfvAvWSHc>
Subject: Re: [Add] [EXT] Re: Fwd: New Version Notification for draft-reddy-add-server-policy-selection-02.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2020 12:15:48 -0000

Please see inline

On Mon, 1 Jun 2020 at 22:15, Vittorio Bertola <
vittorio.bertola@open-xchange.com> wrote:

>
> Il 01/06/2020 12:22 tirumal reddy <kondtir@gmail.com> ha scritto:
>
>
> Can you please provide more details on what you mean by machine-readable
> authentication support and what kind of fine-grained description of
> filtering policies should be conveyed to the client ?
>
> This is really a question for client developers. However, perhaps a server
> with conditional access (example: an ISP server which is made available to
> the ISP's customers also when roaming onto other networks) would like to
> express that it requires user authentication (with certain methods, in a
> certain domain) before usage, so that the client knows that it has to be
> performed, or can avoid this resolver if it is just looking for open ones.
>

Good point, client authentication looks like a relevant use case for
Enterprise provided DoH/DoT server to authenticate roaming users. For
example, Firefox DoH setting accepts user credentials (network.trr.credentials)
to authenticate the user to use the DoH server but I don't see any support
client certificate based authentication yet. Anyways, I guess we can assume
other DoH/DoT client implementations will also support client
authentication in near future.

I don't get the ISP use case, what credentials will be used by the ISP's
customers and how will the browser/OS be provisioned to use the credentials
?


>
> In terms of filtering policies, "malware filtering" is quite general: does
> it include botnets?  Phishing?
>

Yes, malicious botnet command and control servers will be also be blocked.
Malicious bots are typically considered a subset of malware. We will update
to include capability of the resolver to block phishing sites.


> Even more for "policy blocking": there are at least two big categories
> (blocked by operator policy vs blocked by law); for the former category,
> there are several different possible policies (parental control,
> productivity control, audiovisual blocking etc) which could by the way be
> applied differently to different users; for the latter, you would at least
> need to know which law (which jurisdiction) is being applied. IMHO just
> knowing that the resolver does "some filtering" is not very useful; on one
> hand, all resolvers in most jurisdictions will be required by law/courts to
> filter at least something, and on the other, should you actually care about
> this kind of information to determine whether you want to use or not a
> resolver that you just discovered, you would need to tell what is being
> filtered at a more detailed level.
>

I would say this type of blocking access to domains falls under the
category of "censorship" contrary to filtering malware/phishing domains.


>
>
> But again, it does not make sense to delve further into detailing this
> information if it is not going to be consumed by the clients.
>

Agreed.


>
> --
>
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> vittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy
>
>

v2.23.0 | Report a Bug | By Email