IETF Logo Mail Archive

Re: [Add] I-D Action: draft-btw-add-home-00.txt

Tommy Jensen <Jensen.Thomas@microsoft.com> Fri, 06 March 2020 18:02 UTC

Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B72303A0C5C for <add@ietfa.amsl.com>; Fri, 6 Mar 2020 10:02:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ffxH2zZnsW5P for <add@ietfa.amsl.com>; Fri, 6 Mar 2020 10:02:50 -0800 (PST)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650101.outbound.protection.outlook.com [40.107.65.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C5123A0C4D for <add@ietf.org>; Fri, 6 Mar 2020 10:02:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BNLLBedIYuPB9iIjSHDZR9csWJ+Zw42GC03qFIBSP6VCHMqZQ9R2wINXyOggO4UpH3Jh5wcmZBl4/qoDMu9dKMnWiXGNjeQQ5gdSI4pGzd8u9vJMmey8JzsLa0PEsGGwoaiqS4qE9zrz+WY5lB/+zzgPhckZqcZzg+INgopS3moSLJ1sfJh4E9A4Kfw3Rppf6yL8CnGH+DueR299lg8TDRShVvNKYI78oS5jY9LafmNcCTKfkn5p8QaWYoFebrxzNVjiStWOfeJ01+l0R7lBDLp/0OWCfTf/cWTdmQS8U8YJL4do1qgGiU/t3Gk6lCnVVdut1BYE+0sKcxUFqrHlQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=6yVbYdPAUr6oOtZ29RD0K+iHeTTmBM6HcxCcGZ0SIn0=; b=EYnIVFwhq7RjPIWSQEKFJ8i/bC1AfOxXazx9BPdgeuLdZDec4mqy8H0rFqT/002IFZ/d3L6XFYVDEAD6GVQt8vw6uyAJeNOJRqi1EEZJTKipW4IZZfeAD9W5vGuFjngF8emxu1rtceFsLDi0gjHLWvPQTD5MbaHVFEe3FgKsUqdnv7HLC3QO6iRPwpu+OHHs5jqtBaOWnhq5m639/OTMn4sLs44Pl7SNHMyO9hTOmF9YIcSr3AHZxlj2o7q0p//6zhb6q+ayMiKcfC+9ReSOBwYyHS4R2KjxuKrET+pSwhAAx4MSMz/iM7qBK2fk3b0CueJrognrONfPGcesgx0EUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;bh=6yVbYdPAUr6oOtZ29RD0K+iHeTTmBM6HcxCcGZ0SIn0=; b=TWDCDmzmaC5aHwsfVVFumLOAhM6gPQMGAaeZ01PYmWHlMVNinp8WFwwau4fyaiHweDz8eglghAYTpsaTkQwQcSZNT/RzECJVJYvXbQEFHs73Rlm3ol3JTEIJ0cGHOd145si4cPxmZWn2dtIyk+QLup0JesY75jOlxHLqgpK7t/0=
Received: from MW2PR00MB0412.namprd00.prod.outlook.com (2603:10b6:302:b::12) by MW2PR00MB0395.namprd00.prod.outlook.com (2603:10b6:302:9::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2838.0; Fri, 6 Mar 2020 18:02:42 +0000
Received: from MW2PR00MB0412.namprd00.prod.outlook.com ([fe80::9ded:1b42:26b8:2ae5]) by MW2PR00MB0412.namprd00.prod.outlook.com ([fe80::9ded:1b42:26b8:2ae5%7]) with mapi id 15.20.2829.000; Fri, 6 Mar 2020 18:02:42 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, ADD Mailing list <add@ietf.org>
CC: "Konda, Tirumaleswar Reddy (TirumaleswarReddy_Konda@McAfee.com)" <TirumaleswarReddy_Konda@McAfee.com>, "Dan Wing <dan@danwing.org> (dan@danwing.org)" <dan@danwing.org>
Thread-Topic: I-D Action: draft-btw-add-home-00.txt
Thread-Index: AQHV8fw6alZmvTuzX0C0vQF8PbSscqg4MEgAgAKRAJA=
Date: Fri, 06 Mar 2020 18:02:42 +0000
Message-ID: <MW2PR00MB0410F2E1D3575DD07752082AFAE30@MW2PR00MB0410.namprd00.prod.outlook.com>
References: <158330934617.29404.4287578882183435520@ietfa.amsl.com>, <787AE7BB302AE849A7480A190F8B93303145E6CC@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93303145E6CC@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-03-06T18:02:40.946Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Jensen.Thomas@microsoft.com;
x-originating-ip: [2601:600:a080:aff0:dcc3:bf9d:d6a0:b3f8]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 3ed260d0-72d9-4998-48d8-08d7c1f89137
x-ms-traffictypediagnostic: MW2PR00MB0395:
x-microsoft-antispam-prvs: <MW2PR00MB039598973B23FAFE79315A6AFAE30@MW2PR00MB0395.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:590;
x-forefront-prvs: 0334223192
x-forefront-antispam-report: SFV:NSPM; SFS:(10001)(10019020)(4636009)(366004)(189003)(199004)(86362001)(498600001)(66476007)(66556008)(66446008)(66946007)(10290500003)(64756008)(19627405001)(2906002)(66574012)(6512007)(966005)(110136005)(9686003)(54906003)(6486002)(71200400001)(4326008)(52536014)(33656002)(186003)(8676002)(53546011)(8936002)(81166006)(81156014)(6506007)(8990500004)(5660300002)(91956017)(76116006); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0395; H:MW2PR00MB0412.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 92GKRky3EVgj4oR34WPv5WIEsaimoGgRq3JtNnYHXayO5L7jJwUFxNlg9WaBrdGrffWfYwEM25vR8tqDj2Bzx3vi1WoVis3GfwJXVE6wPh9IUKosZVZqxc/bfcEmyRgMASNtUQ6flfaJG5lQu2AeQo65ppuGsCDbWReBzqHWzOcBwtsvBJ5rmGR2hFDYio+yHXbPygW7FjXk0UkeMgUACUUeopOtEvDvmeTA0lhR5er6q5aufNceKIyvKqmuxITFGDmX2DgZ3s8rQBFCx0rFaBB7Ka9J2epDFOto3rJYhCRJDBkn+ybq53n0f7qdkylUuaZxFx6+H+a/pTbuu0AKRXJ8ZLMC6n5UEY2WAB2w17SlTB0oziM6/Ku0n8DhjfV0XVmRW8BQA8VIXewuJYJkDpDrek2LTuDuWTAcwQXsqn+wDIs6AJ51g7F1BR0hYCKg/2e1fIsQYdKOLfYuF6NLfRs38TdfOwbndmdv2CHT9bALfoH7UNDVapVxi6aNQuIWhXetlI4W/Cep8xIbIFkwALbPBbf9gMcRKmkIcONJvS3cifWPrKS9cc82r8stdub5stofozTbmut/gZXfvUEOhVUcN1akJs2nkTfO2ws0IkVZVrnoqb8WBZmVisPLthgO
x-ms-exchange-antispam-messagedata: 7cYVzcP80YkSz21SeHB/HpfPQEq5yuHUZGfJ3zwR3kCb2FtQF8bDn9TgO7QH1W1tXJ8e6k7FaZmIhf7izbNYPl3F5W5DOF3SrJ9LItkFyqt00KmueqYAOwA2WLsTqTokfl1EswNZl52lJ+7IO+DrIUiQQFWk9tsxQ637nggjlHNpX82lTTIoOewR0ZNNUw1tSxj2yZnW2puJTu4W4ONZYg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MW2PR00MB0410F2E1D3575DD07752082AFAE30MW2PR00MB0410namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3ed260d0-72d9-4998-48d8-08d7c1f89137
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Mar 2020 18:02:42.7644 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bTT57dVncVyTZzJWV8mkFBcVYxkKYhhopVeqkidAbv8s8Bg351mCSDoYTEV9MHnavY30kIjIvwQV0zaybU7HOA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0395
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/SgIQA1nxUIc8vAVYyflhZYN_cv0>
Subject: Re: [Add] I-D Action: draft-btw-add-home-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2020 18:02:53 -0000

Hey Med,

Thanks for sharing. Based on Section 10, it seems the intent of this draft is to ensure use of DoT/DoH servers is prohibited until the user sees and agrees to a privacy policy (exception: the device is configured ahead of time by an admin to trust the given server). Is that accurate?

If this is the case, I would be opposed to this version of the draft. While I agree users and admins should have more control over their DNS queries, blocking Internet access on DNS server approval for home users (with no enterprise admin to do the hard work for them) seems like a deal breaker for OS vendors. I wouldn't block an HTTPS connection until the user reviews the certificate chain either. Having this information available to decorate Internet connection UI seems wise but blocking connectivity on approval is too heavy handed for the general use case for OSes.

Other feedback:

  *   I see you're using "Do53" and referring to RFC8499. That RFC doesn't specify whether "Do53" or "classic DNS" or something else is the appropriate term. There is a draft<https://tools.ietf.org/html/draft-hoffman-dns-terminology-ter-02> to address this by defining "classic DNS" but it expired. Probably time for us to revisit that and formalize a term we can all use.

  *   Section 1:
     *   s/sotrage/storage
     *   s/resolexpervers/resolvers

Thanks,
Tommy

________________________________
From: Add <add-bounces@ietf.org> on behalf of mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
Sent: Wednesday, March 4, 2020 1:52 AM
To: ADD Mailing list <add@ietf.org>
Cc: Konda, Tirumaleswar Reddy (TirumaleswarReddy_Konda@McAfee.com) <TirumaleswarReddy_Konda@McAfee.com>; Dan Wing <dan@danwing.org> (dan@danwing.org) <dan@danwing.org>
Subject: [EXTERNAL] [Add] TR: I-D Action: draft-btw-add-home-00.txt

Hi all,

We submitted this new I-D.

Comments and suggestions are welcome.

Cheers,
Med

-----Message d'origine-----
De : I-D-Announce [mailto:i-d-announce-bounces@ietf.org] De la part de internet-drafts@ietf.org
Envoyé : mercredi 4 mars 2020 09:09
À : i-d-announce@ietf.org
Objet : I-D Action: draft-btw-add-home-00.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : DoH/DoT Deployment Considerations for Home Networks
        Authors         : Mohamed Boucadair
                          Tirumaleswar Reddy
                          Dan Wing
        Filename        : draft-btw-add-home-00.txt
        Pages           : 17
        Date            : 2020-03-04

Abstract:
   This document discusses DoT/DoH deployment considerations for home
   networks.  It particularly sketches the required steps to use DoT/DoH
   capabilities provided by local networks.

   One of the goals of this document is to assess to what extent
   existing tools can be used to provide a DoT/DoH service.  As an
   outcome, new DHCP and Router Advertisement Options are specified in
   order to convey a DNS Authentication Domain Name.


The IETF datatracker status page for this draft is:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-btw-add-home%2F&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=F8pys3zEoy0vOGnOgT78LOJIbKzaNlMgtDconAJ2hLQ%3D&amp;reserved=0

There are also htmlized versions available at:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-btw-add-home-00&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=EhFMoMg65FtPOpz2IJTWO%2BsYDL178RA75fjy7V2yHI0%3D&amp;reserved=0
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-btw-add-home-00&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=758uOmwdnh7QdcYVc4HtGgbeMIFHuLjtMp7wFsdS1mE%3D&amp;reserved=0


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fi-d-announce&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=oLdsbny2vjhDliNJRVwM3r%2FpRXlUIlApOwf7cz2Snho%3D&amp;reserved=0
Internet-Draft directories: https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ietf.org%2Fshadow.html&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=fiRJ58jcj7gEilNpexiWBmXpiIWPdj11WgqbIESfhSg%3D&amp;reserved=0
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

--
Add mailing list
Add@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fadd&amp;data=02%7C01%7CJensen.Thomas%40microsoft.com%7C5f21d93bdb3949ebf5d608d7c021c80a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637189123649108842&amp;sdata=a8stqwwalz8Cvab2vjAurTftzQfuiwhOqYSy048prJw%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email