IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00

Rob Sayre <sayrer@gmail.com> Tue, 16 July 2019 18:49 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B67F120DB8 for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 11:49:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 86v708GnfhoU for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 11:49:48 -0700 (PDT)
Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1988F120DBC for <add@ietf.org>; Tue, 16 Jul 2019 11:49:48 -0700 (PDT)
Received: by mail-io1-xd41.google.com with SMTP id k8so41731559iot.1 for <add@ietf.org>; Tue, 16 Jul 2019 11:49:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BdFDFs1n1jE6xBHJlGy9yD1zv46Y/+H5XyT/B+r3UKw=; b=k8F9dksWMp71w/6iL2/1szeSuv9mQF0e2PE2yerhXNXnBXAPwwsXSopWDeDcdkD63m IQQY7U56JJneSVDHFdLFWs8psQf9uENFduCDPE9aYywCaUtxNCrOmOmsKnj1B92n7DBx eCXPiXGH/bTdxaO1mVwjSdubwzz/fMlZDzUvbUigC4rSLpcru6vfDq4LNfDy8dekkMae Z+Bl6TPT3LuhdbQFVarh0A0dibLyJ9dJMjVxSyiqU15Om9R8V17DGGiL1w1d6R0vs+n0 HFBBu+79PwTDF3nNMvq7lYi+Egb1pnM+bv4I1OzawQXjw6tBnaaN8JIbBQMbz7jF5KO5 JmqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BdFDFs1n1jE6xBHJlGy9yD1zv46Y/+H5XyT/B+r3UKw=; b=toKwYqdfac/J3Ep+WbRmZRFweX36/kmHk88hIG0UKcPcAF6qXO89wnzbpkrwOiGCJo hUnaYb2coKEDnTpCdcdsXyXH/N+Nx65Uu0j3p+fAL80Iv7fHMFWS1/APyG/nvqmL4+IG o2/0NrhGTl6Dd+nxM/yFBPmVSHe6Z92vUF5KCUk1zDYLBrvVBMhCKL6puDWal9P1J5dX 2lsyHXAaYKmp7s/9Yt3Gyh2vopJ1IHK9y6S3u5pEMYuiQEay6e5Mbr++x27Cm7XTpMxG +jk1Q5mujrOHtYWUP1JOxpnEMKwGPoGXAZHAwd5Z8f+wPIl1YBTpNS/lFGvSJAgNuW6o k9NQ==
X-Gm-Message-State: APjAAAXwzS/z19T2JslHq/ZazslISg51oje9J9fTmYF4tpcSkI/NN+gw ONoWDAfsXbv4VFKZICtyLEOMc6LU6LPpUzeynW4=
X-Google-Smtp-Source: APXvYqxbQxopXBvMdv/Ndij9S7e455wbYz/7Fb+SOVySTb3yp9edGmH/aeZlVfXiC1T/hmD+eaRmUP5418XG+OJSuK8=
X-Received: by 2002:a02:13c3:: with SMTP id 186mr35632214jaz.30.1563302987292; Tue, 16 Jul 2019 11:49:47 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6SwEUz9MrdRA0bnv9f-oNi0oUHkfRKjd9-o6jwhuckLXdw@mail.gmail.com> <CAFWeb9LNdT=EYVKTsYDxcBCQKoQFNShKotYtWujt4U9GA-V1mg@mail.gmail.com> <CAFWeb9+eWKSKY9O2JLn9-0+Zq7hrD48F-y+Y4T-iRaaF0vtdOA@mail.gmail.com> <A45F4F74-D6C1-435A-A52F-C2DEA82E2999@sky.uk> <CAFWeb9JVBj+Yehup5q4v9X-7XDY+02frd-04AQGL2HoSLON2qA@mail.gmail.com> <CABcZeBMY9q9vKGse1svzbvXF_dSHA+9q06j4ugDVCZP9VT1koQ@mail.gmail.com> <CAChr6Sz5Rfz=UxOYuPguSvVK2HCX2ZoA1-FytW7+EOUxN8y46Q@mail.gmail.com> <CABcZeBNB7ASu2U3ZMBZ+OOxEhbSnhDXwFN3Lsex1uzVSDv3R=Q@mail.gmail.com> <CAChr6SwEwRRX7BA6ZCeBuC93hFxbfi3d7G_3G3VA7Lm09yuneg@mail.gmail.com> <CABcZeBNa97Vb6Fw-fMhoZnMezGtm3nJODENN4=XXsz7GWxf2Cg@mail.gmail.com>
In-Reply-To: <CABcZeBNa97Vb6Fw-fMhoZnMezGtm3nJODENN4=XXsz7GWxf2Cg@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Tue, 16 Jul 2019 11:49:35 -0700
Message-ID: <CAChr6Sxm__NroZ92v4HL_6iCa62fwYgNw9r8ZDAxCdzVwNoDGw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Alec Muffett <alec.muffett@gmail.com>, add@ietf.org, "Dixon, Hugh" <Hugh.Dixon@sky.uk>
Content-Type: multipart/alternative; boundary="0000000000003be5ee058dd0d71a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/TT3qKViHMCBxLhsbvOUx5wmnF-0>
Subject: Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 18:49:54 -0000

On Tue, Jul 16, 2019 at 10:22 AM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Tue, Jul 16, 2019 at 9:10 AM Rob Sayre <sayrer@gmail.com> wrote:
>
>> In any case, BCP 188 covers the issue we're describing quite well.
>>
>> "The same techniques to achieve [Pervasive Monitoring] can be used
>> regardless of motivation.  Thus, we cannot defend against the most
>> nefarious actors while allowing monitoring by other actors no matter how
>> benevolent some might consider them to be, since the actions required of
>> the attacker are indistinguishable from other attacks."
>>
>> Pervasive Monitoring Is an Attack
>> https://tools.ietf.org/html/rfc7258
>>
>
> I'm quite familiar with this BCP but given it's emphasis on passive
> monitoring and the associated interest in opportunistic security (RFC 7435)
> I don't see any conflict here.
>

I think the conflict is that the BCP states that the perceived benevolence
of an application (parental controls, malware blockers, etc) doesn't
matter, but that seems to be the case being made here.

Aside from that seemingly obvious conflict, it doesn't seem like DNS-based
solutions would really work very well for these benevolent applications.
It's sort of like using a coffee cup as an umbrella--it will catch some
rain, yes.

thanks,
Rob



>
> -Ekr
>
>
>
>>
>> thanks,
>> Rob
>>
>>

v2.23.0 | Report a Bug | By Email