IETF Logo Mail Archive

Re: [Add] [Ext] Updated charter proposal for ADD

Patrick McManus <mcmanus@ducksong.com> Fri, 17 January 2020 15:17 UTC

Return-Path: <mcmanus@ducksong.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 604F3120074 for <add@ietfa.amsl.com>; Fri, 17 Jan 2020 07:17:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ducksong.com header.b=Eanq4Xsg; dkim=pass (2048-bit key) header.d=outbound.mailhop.org header.b=ShPdKh5d
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eqDHyv77JL_3 for <add@ietfa.amsl.com>; Fri, 17 Jan 2020 07:16:58 -0800 (PST)
Received: from outbound2r.ore.mailhop.org (outbound2r.ore.mailhop.org [54.200.129.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44A9D120018 for <add@ietf.org>; Fri, 17 Jan 2020 07:16:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1579274218; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=SBT8t+eOYaPDucD2mynH76xNTIIcX0Ji6HQyiOy6unbB4ISBzqkcB3huEzH4qmp1Hk5JrRsdIMFa7 zwyyx5BidrpgjvAHsiYOyihBeLd+s2D/GQSshV8NhmpCW0MG9p3mHzFGITrc44O8HO4Pb4RKmzDRLm Nabw72zPYZs+yKMnRBjI34ETP8QsARZMefxHEjroNa+ChvimUgNnbWZrHrqaEja3ioX0I9ahkDT5yq Iu++qsA8Fwh21alBH2rntpjZlrwZ4j9zeyocWvkhhs5QqjXl1/GpVmY1YhQJ9+Azp28cGnWUbyiDIi zOufJYUK0GsLTc3/iNStkWjvHMiWbuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:dkim-signature:dkim-signature:from; bh=wBVU2PQGwjPSnCawnzLsRgwtvwcnUwsH+diaKOj1HWA=; b=iGSXm2S8bKEpWiFqw8XiHUAOJHOkhiBNd/tJP6KmDa5Z4f7EtXyhFGiWmr0mywlfFkeCXawwJyc2u RO3o0fs68ARqDqivohcicVvCODUyoGH8HCSS7wYE0etdz+TathIuMB/5BXfL9of/qzjy+55iFXISDx 5JC88QDsHf5B0OwqX1iJlaVCoS/ie/9Vjk+T4zG62PKsdzxq0pvG4gdUNeU60JrZWbPOUB0OpI3wSS APIsogjVcG8KTlkpZpZrHxv9o19kZuLgUP2Tr0nSZ+bV1OQ3xBy3JfNQrfKWYRiL1JWZqF3BvS5We2 /7i1Y4rx4FkCB/7o6NH0il9s36g8NtQ==
ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=pass smtp.mailfrom=ducksong.com smtp.remote-ip=209.85.210.53; dmarc=none header.from=ducksong.com; arc=none header.oldest-pass=0;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ducksong.com; s=duo-1537391512170-ea99bbb3; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=wBVU2PQGwjPSnCawnzLsRgwtvwcnUwsH+diaKOj1HWA=; b=Eanq4XsggnMeM6Cb3fy6/Vpaxl8h4srTj9V0FYX7aUm2oXFerBwpheIKveLOrhwq/x/AS91uTYGzL aBnR+14g61h4Dn33KL2eHFamHV/1vt7HFBbQG53pW6cf41KBHTxx/Zrd64VyMkqEejyhkM9FnL3eki lqtIIhOBd4r51j9Q=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=wBVU2PQGwjPSnCawnzLsRgwtvwcnUwsH+diaKOj1HWA=; b=ShPdKh5dJgb2I7scZHmgBoG8s/oPz3X+azh5vcpx9IgKHLn67Sf0LzcFl1M7ePqGV6qcNGbimbOoh HI+BgTIE3z90YHmGRjO9mkGL/j1P+r377P0F5C4Z+qmq2HQwqhRrj986fJcOKO1BvH8os81iJQDcQ2 dwePkTOib5sagQCxTMUkhvY0Y9taMLsskMycYEPBPyhLcXy9mbGc6POF41XBMZ5mmN0A35CxcHLHvD 4uNY323ZRgr2nWGyAlC4fVerdLXr/g0OFJeV1NmDxgiAXSNKtockmMzFiUuqeKaAKH+Cr9WnvRglHr F6LlCwP8WXwb4QIqDFOzeKwGauQXWfA==
X-MHO-RoutePath: bWNtYW51cw==
X-MHO-User: 6643efc7-393c-11ea-9eb3-25e2dfa9fa8d
X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information
X-Originating-IP: 209.85.210.53
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from mail-ot1-f53.google.com (unknown [209.85.210.53]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id 6643efc7-393c-11ea-9eb3-25e2dfa9fa8d; Fri, 17 Jan 2020 15:16:57 +0000 (UTC)
Received: by mail-ot1-f53.google.com with SMTP id 66so22786877otd.9 for <add@ietf.org>; Fri, 17 Jan 2020 07:16:56 -0800 (PST)
X-Gm-Message-State: APjAAAWtPzL4QtThfsQlDo0Pk+DqO4E1VOQus7neQufI3zm+nhLgHcCd ZHfbE4BNgXEpnj98rGAOeY6OzAiOETngXqld7dQ=
X-Google-Smtp-Source: APXvYqyxww7LD1D7RChnWBVBvIA/zsyRRG7MC7LLDD5qECrkI6/A1wEkSyzeBpMVEHPDDnB8NG8eU49eMiPDemeaAoo=
X-Received: by 2002:a05:6830:ce:: with SMTP id x14mr6335394oto.289.1579274216105; Fri, 17 Jan 2020 07:16:56 -0800 (PST)
MIME-Version: 1.0
References: <CAChr6SwZMid9ruggYAu5bqBEcujhczp34mJ=TZPAjSXw50ZBKQ@mail.gmail.com> <C70ECC76-7431-4FC2-B555-0E1D8D82B449@nbcuni.com> <CAChr6SwYtJh84CLE9n+fuqjdFAaSzNP=aFKqa70KY=Mx+F76MQ@mail.gmail.com> <CWXP265MB0566FDF1030771C6916BE37AC2360@CWXP265MB0566.GBRP265.PROD.OUTLOOK.COM> <F82221F8-35B8-497F-8AA9-F2405000650F@fugue.com>
In-Reply-To: <F82221F8-35B8-497F-8AA9-F2405000650F@fugue.com>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Fri, 17 Jan 2020 10:16:45 -0500
X-Gmail-Original-Message-ID: <CAOdDvNqyJhu_q8ALpBeg=zcjyUpHW=fpTxSsoCV0_c=oiXg=pA@mail.gmail.com>
Message-ID: <CAOdDvNqyJhu_q8ALpBeg=zcjyUpHW=fpTxSsoCV0_c=oiXg=pA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Andrew Campling <andrew.campling@419.consulting>, "STARK, BARBARA H" <bs7652@att.com>, "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>, ADD Mailing list <add@ietf.org>, Brian Dickson <brian.peter.dickson@gmail.com>, Rob Sayre <sayrer@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000a76cae059c576e27"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/ULWk06rcY8ESyu0euGpNzXrAHqU>
Subject: Re: [Add] [Ext] Updated charter proposal for ADD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 15:17:04 -0000

Discovery requires authentication - otherwise the encryption is just snake
oil security. everyone wants to apply policy (even if the policy is
'unfiltered') and you can't deliver that policy without authentication. And
you can't seriously offer confidentiality without authentication either.
The proposed charter is clear on this. A charter that allowed the creation
of a an unauthenticated "secure" protocol in 2020 would fail to recognize
what is possible and really ought to be irrelevant.

This, btw, does not rule out unauthenticated network mechanisms (e.g. dhcp
or pvd) as transports any more than TLS rules out unauthenticated TCP. It
just means you need to layer something else on top if you go that way (e.g.
an out of band trust root can sign a connection without caring about the
domain name as the webPKI would..)

the role of opportunistic is in ratcheting legacy systems forward - this is
a new system and should be held to a modern bar.

v2.23.0 | Report a Bug | By Email