[Add] Current add drafts
Ralf Weber <dns@fl1ger.de> Tue, 28 July 2020 13:25 UTC
Return-Path: <dns@fl1ger.de>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF1D3A0C45 for <add@ietfa.amsl.com>; Tue, 28 Jul 2020 06:25:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8E7O4XDTMBfI for <add@ietfa.amsl.com>; Tue, 28 Jul 2020 06:25:42 -0700 (PDT)
Received: from smtp.guxx.net (smtp.guxx.net [IPv6:2a01:4f8:a0:322c::25:42]) by ietfa.amsl.com (Postfix) with ESMTP id 2360F3A0C1B for <add@ietf.org>; Tue, 28 Jul 2020 06:25:36 -0700 (PDT)
Received: by nyx.guxx.net (Postfix, from userid 107) id 616E45F40B13; Tue, 28 Jul 2020 13:25:35 +0000 (UTC)
Received: from [172.19.189.219] (p54b8acc8.dip0.t-ipconnect.de [84.184.172.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id C253C5F40539 for <add@ietf.org>; Tue, 28 Jul 2020 13:25:34 +0000 (UTC)
From: Ralf Weber <dns@fl1ger.de>
To: ADD Mailing list <add@ietf.org>
Date: Tue, 28 Jul 2020 15:25:34 +0200
X-Mailer: MailMate (1.13.1r5671)
Message-ID: <660302C3-0EA4-44C3-9C9E-30E9697E843A@fl1ger.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/V7EL3OidZBVI99laqwKYN9QUCLw>
Subject: [Add] Current add drafts
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 13:25:46 -0000
Moin! So in preparation for the add wg meeting I read all the documents that are add related as per data tracker and some others. And while I gave some feedback to some directly I took a step back and categorised them for me and want to share that with you, maybe using this to find some common ground or a way forward. 1. The first category is “informational drafts”: These are drafts that look or describe the status quo of the problem space or at least some aspects of it. The drafts in this scenario are: - draft-campling-operator-observations - draft-deen-add-threats - draft-mglt-add-signaling-filtering-policies 2. The second category is “use existing network technologies to upgrade to a secure transport”: These drafts are using existing network technologies like DHCP or RA (and a lot more) to convey a secure transport to a client. I was amazed by the depth and width of the technologies covered in these drafts. They are: - draft-btw-add-home - draft-btw-add-ipsecme-ike - draft-btw-add-rfc8484-clarification - draft-reddy-add-enterprise - draft-reddy-add-iot-byod-bootstrap - draft-reddy-add-server-policy-selection 3. The third category is “just put it in the DNS”: These drafts use the DNS as direct as possible to get you to a secure transport. These drafts are: - draft-cook-doh-discovery-trial - draft-pp-add-resinfo - draft-pp-add-stub-upgrade - draft-rescorla-doh-cdisco 4. The fourth category is “create another layer(s) to solve the problem”: These drafts use DNS or HTTPs, or both to create one or more additional layers to discover “resolvers”. These drafts are: - draft-mglt-add-rdp - draft-pauly-add-resolver-discovery - draft-schinazi-httpbis-doh-preference-hints This of course is how I see the drafts and is a very rough categorisation and some aspects of some drafts might fall into other categories, but I am happy to discuss this. However coming from this categorisation my view on working group work is like this: Category one is needed, but is very controversial as we already seen, so it will take a long time to come with something that everybody can agree on. Category two looks like a desirable end goal for me as it is the right place for the network to do stuff, but given that it is very complex and broad and requires interactions with other groups so it might take some time to finalise it, but it should be at least our medium term goal. Also as most of category two is really in the lower levels of an operating system it might be hard for an application to get the rights from the OS to do these things. Which is were category three comes in that I see a good short term solution to get users to secure transport as the barriers for applications and providers of DNS services are very low. I’m struggling with category 4 as it creates another distributed overlay over an already distributed DNS system. I can understand the need to make a direct DNS connection from the end user to the content, but if you want to do this an IMHO better solution would be to put the recursive resolver in the end user device and work with dprive to secure the recursive to authoritative DNS connections. So long -Ralf —-- Ralf Weber
- [Add] Current add drafts Ralf Weber
- Re: [Add] Current add drafts Stephane Bortzmeyer
- Re: [Add] Current add drafts Ralf Weber