IETF Logo Mail Archive

Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers

"Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com> Wed, 01 July 2020 04:01 UTC

Return-Path: <Glenn.Deen@nbcuni.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F59C3A0B45 for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 21:01:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nbcuni.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R7ULA3NgqBBW for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 21:01:26 -0700 (PDT)
Received: from mx0a-00176a04.pphosted.com (mx0b-00176a04.pphosted.com [67.231.157.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DC5F3A0B33 for <add@ietf.org>; Tue, 30 Jun 2020 21:01:25 -0700 (PDT)
Received: from pps.filterd (m0048207.ppops.net [127.0.0.1]) by m0048207.ppops.net-00176a04. (8.16.0.42/8.16.0.42) with SMTP id 0613qPFf007459 for <add@ietf.org>; Wed, 1 Jul 2020 00:01:25 -0400
Received: from usecmgip001.mail.tfayd.com ([50.228.147.33]) by m0048207.ppops.net-00176a04. with ESMTP id 31x1cfe531-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <add@ietf.org>; Wed, 01 Jul 2020 00:01:24 -0400
IronPort-SDR: KiGAjnIQTfLe1/VwDPkuOSz6ax6PIUlA+rFoQtnpVRo1KcpaxrhfKFZZI7Al1Tm5cbVboBbJl0 yZM5PzqUtDEw==
Received: from unknown (HELO potemwp00006.mail.tfayd.com) ([100.124.56.30]) by USECMGIP001.mail.tfayd.com with ESMTP/TLS/ECDHE-RSA-AES128-SHA256; 01 Jul 2020 00:01:23 -0400
Received: from potemwp00001.mail.tfayd.com (100.124.56.25) by potemwp00004.mail.tfayd.com (100.124.56.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1913.5; Tue, 30 Jun 2020 22:01:22 -0600
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (10.40.33.204) by potemwp00001.mail.tfayd.com (100.124.56.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1913.5 via Frontend Transport; Tue, 30 Jun 2020 22:01:22 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lcGAZQrauNJR/R3PhLzcI0hlGfn8AYGTncOcQM2hO+wy4PllGW/XwiRTa7HMPLQTovyH25W8aWa1jRc1+Q/bj7rGN3ls7j+mR4zKzPkhQ+sIAR0ZderDRbaUKrC27vu4ETTiTgj08bjB1Kr5rV9ZievK5iEVYVXwG0NKZZqFOV40wQZY/D7zQt8tNm2pL6laJYJh6JSantCKVIuUrIyn5jE0roiIK/A+ziNEQmdpKq5uN6r/Y/tJhucFHUJQi8FnvrFzZKl2ruyzCReDOsXb8Lt0wp2e0O9ZvL1S5a/f0/M27DPnthWLK3GnqFSj0ZZG88anGuYsIRHmLad1S27ozw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cW+7hvj5YkYP1lmbD3S4PZB9YxFdgocUHKTbH7dGlrE=; b=X4jOKtxXydj9r4DglWApKq9fawMQOa6VPMVg2koIQTTIxc42N0PwSSYcmYkxvTOWM4qcgK3ZaI/crBUfxnHLRzvO11DKN9PQZzgDDIFut/A3QOSF3H7nZ5dLadgjI6mqyuFfvr/6MsXR0mzdDhjv0VHV+Zhzzmd8kwcVC+biRcelClrboO63MPqarnmgGGWcY1WWDBrrX47rN7eQ7iV8QUgdvy11Q+rNdCHsdyfr8yIPEGISb++QHaHYuqI/AQTEaO/YvCbeLA7NEG4itbKSW3U/jflgO2ttUhcF27gE8/pvepnOzyye1NNX1Z7aYn1rxOoBBh8oRIK5/BwYPF5pHg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nbcuni.com; dmarc=pass action=none header.from=nbcuni.com; dkim=pass header.d=nbcuni.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NBCUNI.onmicrosoft.com; s=selector1-NBCUNI-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cW+7hvj5YkYP1lmbD3S4PZB9YxFdgocUHKTbH7dGlrE=; b=JnrZ+SKQ7Ny8ZVFRVn6xLfws11x22Xot0ixo6EQ08dyiF+v5WF4mLynOfLa/LDo1St2/IHggLp2zqILI+mx1HBT4zz2/nMBt6iFHDprIl+XAsZROvSh3ZC7yhbbAWgkN5ZGdTWDxogc6seojs5f3pxoNFjIkh8eA1HL/gKcCTok=
Received: from BYAPR14MB3094.namprd14.prod.outlook.com (20.179.154.222) by BYAPR14MB2246.namprd14.prod.outlook.com (52.135.221.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.21; Wed, 1 Jul 2020 04:01:20 +0000
Received: from BYAPR14MB3094.namprd14.prod.outlook.com ([fe80::e074:901e:d085:be5c]) by BYAPR14MB3094.namprd14.prod.outlook.com ([fe80::e074:901e:d085:be5c%7]) with mapi id 15.20.3131.027; Wed, 1 Jul 2020 04:01:20 +0000
From: "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
To: Rob Sayre <sayrer@gmail.com>
CC: Eric Rescorla <ekr@rtfm.com>, ADD Mailing list <add@ietf.org>, Paul Vixie <paul@redbarn.org>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Thread-Topic: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers
Thread-Index: AQHWT1xH0VpuIEHuFEipTxkNL6pkCg==
Date: Wed, 01 Jul 2020 04:01:20 +0000
Message-ID: <94C306DF-A9D9-4FAC-8C4B-AE3E90E29417@nbcuni.com>
References: <CAChr6SyTv7Oc3XX19b5T2uVn2MGATneVfaoKfDRpxVpYc19u1w@mail.gmail.com>
In-Reply-To: <CAChr6SyTv7Oc3XX19b5T2uVn2MGATneVfaoKfDRpxVpYc19u1w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: nbcuni.com; dkim=none (message not signed) header.d=none;nbcuni.com; dmarc=none action=none header.from=nbcuni.com;
x-originating-ip: [2605:e000:141b:121:c55f:110a:b52e:3b03]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4e30a166-40ad-4ea4-5fb2-08d81d7369c9
x-ms-traffictypediagnostic: BYAPR14MB2246:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BYAPR14MB2246CC82B1611D50B631378AE26C0@BYAPR14MB2246.namprd14.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 04519BA941
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LqHiC4CJG/SRRYn92suO5fyMX3HHDq5R0AmNxiL+q55cTfd1BbBrsENxXFAJjCHfrymJ21yVN9vCK0U+fKyLZhVFSCJe1leqTCfiwqUns4ZGWyMZYzP9QSGFpRbjl011UPFa/EEkBVqBKl4PJrY1l5rapIYxJR7iOHMu62OahB0niiz/4+1WTPqzqbtvwZKS2Oj13GBDJwYNeOhCT+DxcV3zEl81fTDQyRfeFlIfpWLrRsFwV1juxnIfOvYVlw3k3Mn2P9WpRyoBV5kh0w4HA8k5IvEy2kcS77lFKP3R43sh3U/sr9TYs7E59h/uguioYGagcWpgcZ1pi/Rli9OXLVpvhlgx+B+PKVn3cGEmzC7IISDjO+N2U8Nz207nJJZ3YxAfLH4+rEzzeSa3jT3DHA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR14MB3094.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(39860400002)(346002)(376002)(136003)(396003)(966005)(478600001)(2906002)(186003)(166002)(76116006)(66946007)(66476007)(86362001)(66446008)(66556008)(33656002)(64756008)(5660300002)(316002)(71200400001)(36756003)(6916009)(66574015)(2616005)(6506007)(4326008)(53546011)(6512007)(6486002)(83380400001)(8936002)(54906003)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: mMWdvZ1Kmn5T0zk7dDLK34Xr4r3cQ6FI2Cx9wPKmb7RMkxMBnhQMOhHu0sYblDXLeIQ1e+AMbAziv20ZzZhKoJrFoCrr7Q2HcXYZ81xkAjnkVUtqgNTOsk/Mujj6Kt/vTaN+/O71vSQah9IifqstRK1VsPvCjcOZwX70CYOjm3t+rvtOdKVl/rukirk984tSVIZzqIP23rlMyxio1mz/mNKuswVLfXoFXxRvn4tTPPzgP3nIalZIv4T6f7Fu07OosYG4PpQKt0FdxhWocMs7kLysS2kXvnI56nCs2pbDiG/Lcy/u7tifsxw/beNbTAMa+EpXW/IVI53htT34MvsE9vXoY9jqqhwZjIQNtnVinwNQ8mVDWFKRc4COerQ2gWMBf3L/6Zcstd4jYO8v60DOjBziJEuKddlGJkvTicBmYHz+spsjIN21PplqzzU7qfL0OEKCu0eY/i3prJvrPeWEg5Te3ljMKtVlaDh9exHl4lj8wC7+8DZy2RjawxFvCgvPOVdOxPqHfQCKcr6MK4DQatYseJezCEcKCjaj3Cz8DX/fgztrOzQiAdCTQ/orYKia
Content-Type: multipart/alternative; boundary="_000_94C306DFA9D94FAC8C4BAE3E90E29417nbcunicom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR14MB3094.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4e30a166-40ad-4ea4-5fb2-08d81d7369c9
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jul 2020 04:01:20.3666 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4f3526f9-97d6-412d-933a-4e30a73110f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nneoxJetHvlHRZyfz2EQu6p1HHaxY9yZAGby63asmTsIk4dQmo0pyUArJ1uXaYspOeOKmGNzmm43nWtQ3BZsoA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR14MB2246
X-OriginatorOrg: nbcuni.com
X-EXCLAIMER-MD-CONFIG: 47edc00f-f2d6-45ef-be83-8a353bd47e45
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-01_01:2020-07-01, 2020-06-30 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 lowpriorityscore=0 clxscore=1015 mlxlogscore=999 cotscore=-2147483648 mlxscore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 adultscore=0 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2007010024
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/QplUA7Y9CerVrAqOZqarnydkBGI>
Subject: Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2020 04:01:29 -0000




On Jun 30, 2020, at 8:31 PM, Rob Sayre <sayrer@gmail.com> wrote:


On Tue, Jun 30, 2020 at 5:52 PM Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:


On Tue, Jun 30, 2020 at 4:25 PM Deen, Glenn (NBCUniversal) <Glenn.Deen@nbcuni.com<mailto:Glenn.Deen@nbcuni.com>> wrote:
This all comes back to the three slices of access types that had been discussed some months ago:


  1.  Trusted & known networks – this is your enterprise, your home.  You have a relationship with them.
  2.  Unknown networks – This is the café, school, hotel - you choose them because they are available, but you know very little to nothing about them.
  3.  Hostile networks – you may not have any choice in network and must use this is you want any Internet access at all.  However, not only do you not trust them, you know they are actively acting in ways you do not want.

Another slice around threat levels would be: Green, Yellow, Red networks


Certainly in terms of policy and security concerns one size does not fit all 3.  The question is can we fashion a discovery means that works in all 3, but perhaps mitigates the policy and security concerns in each?

DHCP may be a perfectly fine choice in a green network, but in a yellow network there is a need for validation and assurance of the choice, while in a red network – can you trust anything at all, even things you explicitly specified such as IP address of resolvers without some additional validation ?

This is a great taxonomy. Thanks.

I think the question I would ask is: in a green network, how much benefit do you get from Do[HT]? We can probably divide this up into the local network environment (e.g., the wireless network) and the access link from the ISP.

There are lots of attacks that create compromised "Green" networks. For example:

https://www.zdnet.com/article/brazil-is-at-the-forefront-of-a-new-type-of-router-attack

I might categorize an "enterprise" network as something managed well enough to do an investigation in the event of a security breach. Most business and home networks do not fit this definition, so they are category 2 ("Yellow"), because people set them up and forget them.

Should we design for the edge case where something bad happens, but is the exception or should we design for the 99% case when the home network is just fine?

Granted hacks and attacks will happen, but while we should and do take reasonable steps to mitigate obvious problems, most of the time and most of the experience of home networks is that they aren’t compromised and behave the way their users expect.

If we classified networks based on the concern that something bad may happen. Then everything would be yellow, or even red as it’s easy to find examples when bad things happened in any situation. Example: Home Depot was compromised - thus corporate networks can’t be trusted. Example: The NSA was compromised - thus highly secured networks can’t be trusted. Each such reaction is a fearful over generalization of an incident and not the normal expected state of such network types.

If you look broadly at home networks the common generalized case is that The vast majorityaren’t compromised and the configuration information from the network can be trusted.

So instead of designing for edge case of a previously trust network being compromised , why not design for the more common state of the network being trustworthy but and then add in some mechanism to verify the information you get from it. Basically a version of the trust but verify approach, which has been proven repeatedly as a reasonable strategy in the real world.

For instance, if you get a DoH resolver from the green network, why not trust but verify by checking the reasonableness of the answer you were directed to?  This could something like validating with DNSSEC or some other validation method.

This gets back  to Ekr’s question of declaring what threats you are actually worried about.

-Glenn

v2.23.0 | Report a Bug | By Email