IETF Logo Mail Archive

Re: [Add] meeting hum: should the IETF take up this work?

Valentin Gosu <valentin.gosu@gmail.com> Sun, 28 July 2019 09:05 UTC

Return-Path: <valentin.gosu@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1F421200E7 for <add@ietfa.amsl.com>; Sun, 28 Jul 2019 02:05:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JWMZD_ifD5o5 for <add@ietfa.amsl.com>; Sun, 28 Jul 2019 02:05:25 -0700 (PDT)
Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBB1F1200E6 for <add@ietf.org>; Sun, 28 Jul 2019 02:05:24 -0700 (PDT)
Received: by mail-io1-xd44.google.com with SMTP id f4so113682906ioh.6 for <add@ietf.org>; Sun, 28 Jul 2019 02:05:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NVKbJp+wkgmQCbR9t6iwfnbziMZUYkIa8YUukNBG56I=; b=dALdsW4Wfz3j0b/YtAfzsxzPoi7/nVWWCkU2SfFHQTMwKybZ93n9qRitO8eMA9jyvC QEsAz87x/l2BrQ/BmPtCseMoPyy/CpGHaKTKqCCPb8gpGcfzn84YhAXQlFa45TTWvQHs OWQa7uDWEx2fcofueat9D1sI8YyPVq/i1RXNcxTD+0KpC6gKbC2EBGk28wSb3Rr/8Jcq wZmqbb2kxYHzNUQmzDCHi7Cf5pW8Nrm6C/oL35KSWnzsSAbWSCA4jXUazKTiNEep36C3 ZetYAQabm5ZvJ9/T73UJ35IyJ1UbrtDHd0VDshnGqQY7NKV6q1OsitNfLGEwdkp3S8Ns zJ0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NVKbJp+wkgmQCbR9t6iwfnbziMZUYkIa8YUukNBG56I=; b=jjPDiAkuDhTEZ81ZqZfwoJp5juvaMmew+curZnO7Li/GVgfCmcHFLVToyHnoBTwfoW bvvdHxvGc1C847JeEh7vXsVoe3RG9dqJNP3NhD6ux6FZ33Vat+ULZFSK/BSRxoJzrZDp itnoSnO6w3+JLgC0NfrVzQel2QaCKbRSCVmqVg62n1lKv+/f343F5lizfuH0AYmiQkk8 hKPLWxQYPpackRaXQopI37EuRrmZ+MNbivHb/ifXkqVMXrvwshYCqTdjPRRWJRPjQ+6V g+6NFUXWQLorecwG4zzv+dsFlhsx8+XO4FhWJXW8Ygj0ew9HZALTCmDoFV+wusyVv7Be kLOQ==
X-Gm-Message-State: APjAAAW3L3WGtcgUwlXg5v0DdQckfLPKEHILp23I4gkub+hMKHAjjpSc iXUOJE8cDmVJ0cKNzUQhnUYhcCUmYkm3YZUrOFPh+t6/
X-Google-Smtp-Source: APXvYqy0vwpeVEk5DyMJ6JkmnfBNkpFrbiLFtulwTRNZ8Dix6nyr1CgHg5DQlxJtLEEE+Itz5CsR1ym+tpbXMC9Mitc=
X-Received: by 2002:a02:b883:: with SMTP id p3mr34328623jam.79.1564304723909; Sun, 28 Jul 2019 02:05:23 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <AAEA003A-58DB-4FEE-81B2-BBFE9BBB2A37@rfc1035.com> <CAChr6SwA+HM4u5-xpUxQXPH8G8k7sfm6AETJJ019HE=bsq+OXA@mail.gmail.com> <8F094057-DFBC-4732-9DA4-BE46E7914C8A@rfc1035.com> <20190724165951.GB29051@laperouse.bortzmeyer.org> <821B448B-F7EA-46A5-837D-DA0E8C60643A@open-xchange.com> <d653d422-4a71-9fab-fd2e-b8ddaa476f91@nostrum.com> <25583.1564181379@dooku.sandelman.ca> <CABcZeBNnajRyEtOdhk2nS7uNgQM_z04FbEyxSFWMQ8ho82dPiQ@mail.gmail.com> <1856.1564239150@localhost> <CABcZeBPZBksubxV6WANToTWB=LbTbRKksv6f87taDLW4A0Bpeg@mail.gmail.com> <1938073477.1358.1564282207426@appsuite-gw2.open-xchange.com>
In-Reply-To: <1938073477.1358.1564282207426@appsuite-gw2.open-xchange.com>
From: Valentin Gosu <valentin.gosu@gmail.com>
Date: Sun, 28 Jul 2019 11:05:03 +0200
Message-ID: <CACQYfiLus=uQ2ZCew9w1pxK6f45Vd4gqV3FzEfvn4r4di1GYZQ@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
Cc: Eric Rescorla <ekr@rtfm.com>, add@ietf.org
Content-Type: multipart/alternative; boundary="00000000000063a31f058eba1319"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/QdjOiEuQ-LUX4jzanyeAUIxHLwE>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jul 2019 09:05:27 -0000

On Sun, Jul 28, 2019, 04:50 Vittorio Bertola <vittorio.bertola=
40open-xchange.com@dmarc.ietf.org> wrote:

>
> Il 27 luglio 2019 17:55 Eric Rescorla <ekr@rtfm.com> ha scritto:
>
>
>
>
> On Sat, Jul 27, 2019 at 7:52 AM Michael Richardson < mcr+ietf@sandelman.ca>
> wrote:
>
> If the extension said what the privacy was, rather than just that Mozilla
> had
> vetted it, then perhaps there could be other levels of privacy.
>
>
> It's not quite clear to me what you have in mind here, but one thing I
> would like to emphasize is that the Mozilla TRR program is more than just a
> self-assertion about privacy policy, in that we actively manage the list,
> rather than just trusting people's self-assertions. If people were
> interested in some other set of privacy policies, then it's not clear to me
> who would be responsible for running such a program.
>
> I understand your viewpoint, but from the opposite one - the resolver
> operator's one - having to apply for membership to multiple lists of
> trusted resolvers, possibly with different or even contrasting
> requirements, just to be usable on any browser and any application, looks
> like a nightmare. Also, this would definitely be a push towards a smaller
> number of bigger and more centralized resolver operators, as smaller
> operators would have a harder time managing multiple accreditations.
>
> So there would be merit in thinking of a joint industry program to
> evaluate and accredit resolvers, which could even foresee different levels
> of accreditation or different policies, so that applications could still
> pick different requirements, but at least the resolver could apply once
> and, if meeting all the requirements, be validated for all clients. All in
> all, it would not be too different from the CA machinery.
>
> But your point on who would run it, and "is there actually anyone willing
> to work on this?", is also valid; and also, even the simplest resolver
> certification program would still be more restrictive, and thus more prone
> to centralization, than the current situation in which
>


people can just deploy a DNS resolver without having to ask for permission
> and it becomes immediately available to everyone.
>

It seems to me that for both DNS resolvers and DoH servers people still
need to go through the trouble of pointing their systems to it.

You can easily set up your DoH server, and share it with your friends...
Who then need to configure their browsers/stub resolvers to use it.

The question is which DoH servers are trustworthy enough to be a default -
which is where Mozilla's policies become important.

The problem with centralization also exists today with the bigger DNS
resolvers... I suspect quad8, quad1 and quad9 get the majority of traffic
(from people who switched the default DNS service, or ISPs that forward
such traffic) - which makes sense since they provide a globally available
reliable service.


> --
>
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> vittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email