IETF Logo Mail Archive

Re: [Add] meeting hum: should the IETF take up this work?

Stephane Bortzmeyer <bortzmeyer@nic.fr> Wed, 24 July 2019 17:17 UTC

Return-Path: <stephane@laperouse.bortzmeyer.org>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDB3A120112 for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 10:17:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Level:
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l027cNwI8Y_x for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 10:17:28 -0700 (PDT)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [92.243.4.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C42B120059 for <add@ietf.org>; Wed, 24 Jul 2019 10:17:28 -0700 (PDT)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id 976C9A0531; Wed, 24 Jul 2019 19:17:26 +0200 (CEST)
Received: by godin (Postfix, from userid 1000) id 9BA43EC0AFD; Wed, 24 Jul 2019 19:15:49 +0200 (CEST)
Date: Wed, 24 Jul 2019 13:15:49 -0400
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: "STARK, BARBARA H" <bs7652@att.com>
Cc: 'Rob Sayre' <sayrer@gmail.com>, "'add@ietf.org'" <add@ietf.org>, 'Barry Leiba' <barryleiba.mailing.lists@gmail.com>
Message-ID: <20190724171549.GD29051@laperouse.bortzmeyer.org>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114E23910C@GAALPA1MSGUSRBF.ITServices.sbc.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <2D09D61DDFA73D4C884805CC7865E6114E23910C@GAALPA1MSGUSRBF.ITServices.sbc.com>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 18.04 (bionic)
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/YPev9EYqFQIWkshNA7QjzT4-TM0>
Subject: Re: [Add] meeting hum: should the IETF take up this work?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 17:17:30 -0000

On Tue, Jul 23, 2019 at 10:46:05PM +0000,
 STARK, BARBARA H <bs7652@att.com> wrote 
 a message of 183 lines which said:

> But I don’t think they have the operational experience/knowledge to
> fully understand what might happen in various access networks
> (especially mobile networks)

It is not just a matter of experience and knowledge. People (and
organisations) also have opinions and practical interests. Those in
power do not want to relinquish this power, those who have access to
data do not want to lose that access, etc. Framing the issue as "those
who know" vs. "the ignorants" is not the right way to go, IMHO.

> if they started defaulting all their application users to DNS
> servers outside the local (ISP, enterprise, university, etc.)
> network.

The IETF is certainy welcome to discuss that trend (although, as I
noted in a recent message
<https://mailarchive.ietf.org/arch/msg/add/yqQV8KAmVKaJG2YussbSlJOdB7E>,
it has nothing to do with "Applications Doing DNS") but with some
modesty: we design protocols, we can provide advices on how to use it,
but people can make deployment choices of their own. Using the access
network DNS resolver was never an IETF standard (or was it? Any
references?)

> The IETF is a place where we can and must have this discussion, so
> all parties can participate in understanding and mitigating the
> potential harm.

As I said above, people have different opinions. Some call "harm" what
some others call "privacy". Some people want to modify DNS requests
and responses, some does not want their requests and responses to be
modified. No amount of IETF discussion will solve this fundamental
tussle.

> I’m also trying to understand why there seems to be resistance to
> providing ISPs with advice on deploying DoH.

I'm tempted to say that I don't see the point for an access network to
deploy DoH. If the network is safe, DoH is not really necessary
(paranoid may use DoT, since the access network can ensure that port
853 is clear). If it is not, for instance because the resolver
modifies the answers, then users will want to bypass it, anyway.

My guess is that DoH operators will be different from access network
operators.

v2.23.0 | Report a Bug | By Email