IETF Logo Mail Archive

Re: [Add] [EXTERNAL] My single use case

Martin Thomson <mt@lowentropy.net> Sun, 13 September 2020 23:00 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CA253A08C0 for <add@ietfa.amsl.com>; Sun, 13 Sep 2020 16:00:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=DXtAkWqK; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=UrIUPw2p
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvtCqDrdApM7 for <add@ietfa.amsl.com>; Sun, 13 Sep 2020 16:00:24 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50B163A08B9 for <add@ietf.org>; Sun, 13 Sep 2020 16:00:24 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 91F3C5C012A for <add@ietf.org>; Sun, 13 Sep 2020 19:00:23 -0400 (EDT)
Received: from imap10 ([10.202.2.60]) by compute2.internal (MEProxy); Sun, 13 Sep 2020 19:00:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm3; bh=kIhmGH16L8jNQXLiToIJLXCvOoZ7UB6 iymiUCClf6OY=; b=DXtAkWqKiT5o3cBwACQvqC3lIv7nJ2YvMCN2qeKG3gaJfhJ +pgkpqV6qfvLVKnX33rN1xG9MULG5iSnboqEW0Ebv5Ud0BRknZplpNhJCs7wwxIR y5kRLz2frloAiJv8ycoMiqEoQkKQecKCU5qFPpGsXNsrJxHP+T8TjWovgpZc2qef aQljmn/VASd9udSytKTRWizyW55iILq6YwP4+bhVXD3xojm5wm2z7tcJ2YHbyX6L 5eKbDhdlDYG9rnt5W/AhVtJ5f2UAAVSGzLij7GQv6p3PDp/YrYh/nnzfoNyfEA7r sFrzfm2lMSEUOLSnTWSksCpUXlhy9IY3wqNZqXQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=kIhmGH 16L8jNQXLiToIJLXCvOoZ7UB6iymiUCClf6OY=; b=UrIUPw2phhaUvx41jmMuGX RNzBS82+V1vzEPibqygDdU3aB+DwNt/oeG9AvDRX/mj6Rh2dYrzfm9IevBklaMzn uCluR2t4D467dzpu4L8hR3eYbEnCgT2yOO3DESwyyZWIYDgiQ7YHzdJPiMyBd27h tVpMLEKEOQdkP+x0cgaU6OzosBT3c7cbpEEH46pZgVcurVIEHaQqw8rUXoCo21hN dXd6/RTFaBtvr0pwOf7TadRt6ALck0MrF1XAZ/atOCUoW+C1wY27JosOB9C7DudB ToTcW5byBgXfETaXmx9BQPzBVsV1YKuoImftiXFwbQKPtjsehRP/J0IoQgtxiqrA ==
X-ME-Sender: <xms:h6ReX01N1hSzYQ0yAMcSee4Z3SRUuhTnMR3P9n0s57hB3HzRLIFZiw> <xme:h6ReX_EzpLlAp0FUJB-hArqVZPMMBZiRWBndu2P9I4ADwmT1rNAl7GYyTOquGWNTP B_GmLlgQKiaKQWwvXU>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudeihedgudehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeekteeuieektdekleefke evhfekffevvdevgfekgfeluefgvdejjeegffeigedtjeenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvg ht
X-ME-Proxy: <xmx:h6ReX877IGm1cf3tiwHhZ4Lt9jDcffUztH4XkbRAg8N3ZYhIHqo6jQ> <xmx:h6ReX922EXDG9erxhwrkLzpYAxe99HPJyM7WtMgweeGCQXQR6yZ60A> <xmx:h6ReX3Eu1RcvaTxXNdx1I3vCTY3A-LOQKvu12lEnMxKGL-2MITUm1g> <xmx:h6ReX7Q0FFWxiFaf0UQpX4dQLMlR_pAtSGjSIR1xFjwBH4jysNzKgQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3000020064; Sun, 13 Sep 2020 19:00:23 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-259-g88fbbfa-fm-20200903.003-g88fbbfa3
Mime-Version: 1.0
Message-Id: <97d64ef8-756e-44c3-89a4-aa263993e7c0@www.fastmail.com>
In-Reply-To: <BY5PR00MB077332F0EDAAE11B5CBA4CE3FA241@BY5PR00MB0773.namprd00.prod.outlook.com>
References: <d4bd287a-d2ce-40cd-b635-4f74efbc77f6@www.fastmail.com> <DM6PR00MB07815F5B6F43F63DB23485A7FA271@DM6PR00MB0781.namprd00.prod.outlook.com> <f60fdeb1-a1cc-4636-8e6e-2c497051bed3@www.fastmail.com> <BY5PR00MB077332F0EDAAE11B5CBA4CE3FA241@BY5PR00MB0773.namprd00.prod.outlook.com>
Date: Mon, 14 Sep 2020 09:00:02 +1000
From: Martin Thomson <mt@lowentropy.net>
To: add@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/RuoA8H22usP-XWZDaV6i5GS7oxo>
Subject: Re: [Add] [EXTERNAL] My single use case
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Sep 2020 23:00:26 -0000

On Sat, Sep 12, 2020, at 06:34, Tommy Jensen wrote:
> My concern is 2) encompasses more use cases than 1). 1) is limited to 
> the use case of joining a network and needing a recommendation. 2) 
> includes other channels of address acquisition such as offline endpoint 
> configuration. I can accept feature parity for 1) which is no 
> authentication. I can possibly accept lower security for 2) when the 
> address came from network advertisement such as DHCP which isn't secure 
> today, but not when it came from endpoint configuration which may be 
> secured. 

This is a good summary of this situation.  I share those reservations also, but would add that even in cases where the discovery is not cryptographically authenticated, that doesn't mean it isn't protected somehow, so the second case (talk to the resolver or something akin to that) increases exposure to attacks even when configuration isn't authenticated sometimes.  So you have:

2a) unsecured discovery/configuration
2b) discovery/configuration secured by means that is not apparent (e.g., at layers 1 or 2)
2c) discovery/configuration secured cryptographically (and thus known to the endpoint)

The former two are indistinguishable to the client; the latter two are cases you might want a different policy for.

In the end, this is a subjective decision that might be made in client policy, so our responsibility is to identity the scenario and document the consequences, not necessarily decide it.  The reason I think that this remains in scope is the forwarder case.  This is so common a deployment topology.  And, as those devices are a mix of hard to upgrade or unmaintained, finding some way to route around them seems to be important.

v2.23.0 | Report a Bug | By Email