Re: [Add] [EXT] Re: Fwd: New Version Notification for draft-reddy-add-server-policy-selection-02.txt

Vittorio Bertola <vittorio.bertola@open-xchange.com> Wed, 03 June 2020 17:45 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C93DE3A0C63 for <add@ietfa.amsl.com>; Wed, 3 Jun 2020 10:45:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wPZ-zyY-iGDy for <add@ietfa.amsl.com>; Wed, 3 Jun 2020 10:45:47 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D8C13A0C3E for <add@ietf.org>; Wed, 3 Jun 2020 10:45:47 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx4.open-xchange.com (Postfix) with ESMTPS id 337236A30E; Wed, 3 Jun 2020 19:45:45 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1591206345; bh=/76+W366e3+SznhulxIBQPnsSCa5ASXRsGFknhpNBe4=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=rCyorhl4g2QU3AYybgted6ApkXd2xPXfFSlywEtDbNvMwRuSGk/VLfjKaNSdA9kw/ aJOFMlHdCUH3CzIA9skqYRrx85wTBj38QOcGQXYmrHqaoUpFcK8xKnuiGchfbxNItQ 3tDS3Lhj2110HcUf6b5jj2M64srGQmvOtUYftiIzWK/xsCYdclWif33RiEg8lR/o4W udeeYOaiSgj209FC6Xjno6sZ8Soy30Psmtz5trG3/I3Rhv8oN//oT+ZvoufbbiHbLA cUvjnqoC/qiaO+OGPPLPRHkpQ2lureaHkWrxiF+BKskkK4fDA0ugl5dpFdLoOtY8wz C58s2ZHQVd7AQ==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 0998D3C0333; Wed, 3 Jun 2020 19:45:45 +0200 (CEST)
Date: Wed, 3 Jun 2020 19:45:44 +0200 (CEST)
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: tirumal reddy <kondtir@gmail.com>
Cc: ADD Mailing list <add@ietf.org>
Message-ID: <703165933.16255.1591206344926@appsuite-gw1.open-xchange.com>
In-Reply-To: <CAFpG3geQ+6MeKDg15yrh-rVGgqY2W=+QeTsOiumQqioYzTjLAQ@mail.gmail.com>
References: <159064546659.30784.12927519685709906985@ietfa.amsl.com> <CAFpG3gfwsyxf7UAd61LLfsF-4Rd+sDEqjc3o86iy_UOveQbY-g@mail.gmail.com> <86151027.6608.1590676320799@appsuite-gw2.open-xchange.com> <CAFpG3gcX0rqVMWaJ6F-gayGhu7kia0RFrHfXJvrp3st9XDS4Nw@mail.gmail.com> <199199696.10466.1591029935148@appsuite-gw1.open-xchange.com> <CAFpG3geQ+6MeKDg15yrh-rVGgqY2W=+QeTsOiumQqioYzTjLAQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_16253_601637814.1591206344899"
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.3-Rev13
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/W_6OxHudJDEWBxFwNXJz7jFOrDw>
Subject: Re: [Add] [EXT] Re: Fwd: New Version Notification for draft-reddy-add-server-policy-selection-02.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 17:45:49 -0000

>     Il 02/06/2020 14:15 tirumal reddy <kondtir@gmail.com> ha scritto:
> 
>     Good point, client authentication looks like a relevant use case for Enterprise provided DoH/DoT server to authenticate roaming users. For example, Firefox DoH setting accepts user credentials (network.trr. credentials) to authenticate the user to use the DoH server but I don't see any support client certificate based authentication yet. Anyways, I guess we can assume other DoH/DoT client implementations will also support client authentication in near future. 
> 
>     I don't get the ISP use case, what credentials will be used by the ISP's customers and how will the browser/OS be provisioned to use the credentials ?
> 
The same way as in the enterprise use case. Think of those ISPs that require you to authenticate before using their SMTP server from outside their network.

> 
>         > >         Even more for "policy blocking": there are at least two big categories (blocked by operator policy vs blocked by law); for the former category, there are several different possible policies (parental control, productivity control, audiovisual blocking etc) which could by the way be applied differently to different users; for the latter, you would at least need to know which law (which jurisdiction) is being applied. IMHO just knowing that the resolver does "some filtering" is not very useful; on one hand, all resolvers in most jurisdictions will be required by law/courts to filter at least something, and on the other, should you actually care about this kind of information to determine whether you want to use or not a resolver that you just discovered, you would need to tell what is being filtered at a more detailed level.
> > 
> >     > 
>     I would say this type of blocking access to domains falls under the category of "censorship" contrary to filtering malware/phishing domains.
> 
Well, to some people "policy blocking" seems to be an euphemism for censorship, no matter what gets blocked and why. In HRPC, actually, a draft currently under discussion defines even malware blocking as "censorship". However, the use of more or less loaded terminology is out of scope - the point is rather whether it would be useful for the client to know the policies more in detail or whether a generic "I filter stuff" signal is useful. But again, this depends on the clients.

--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com mailto:vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy