IETF Logo Mail Archive

Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers

"Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com> Tue, 30 June 2020 23:25 UTC

Return-Path: <Glenn.Deen@nbcuni.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F0CA3A02BE for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 16:25:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.796
X-Spam-Level:
X-Spam-Status: No, score=-1.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nbcuni.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hYzUaYodiRMs for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 16:25:11 -0700 (PDT)
Received: from mx0a-00176a04.pphosted.com (mx0a-00176a04.pphosted.com [67.231.149.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 558183A011B for <add@ietf.org>; Tue, 30 Jun 2020 16:25:11 -0700 (PDT)
Received: from pps.filterd (m0047964.ppops.net [127.0.0.1]) by m0047964.ppops.net-00176a04. (8.16.0.42/8.16.0.42) with SMTP id 05UNLC2n042442 for <add@ietf.org>; Tue, 30 Jun 2020 19:25:10 -0400
Received: from usecmgip001.mail.tfayd.com ([50.228.147.33]) by m0047964.ppops.net-00176a04. with ESMTP id 31x1q6j84e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <add@ietf.org>; Tue, 30 Jun 2020 19:25:10 -0400
IronPort-SDR: C7+j/C4zcHk5NR5A7Cep+f3j3pN2at4OlSB4a4heZ6BkrUjS0fbnvi5yFQNW5Q2QjJhadh8JsG 7031nhOuS6Bg==
Received: from unknown (HELO ashemwp00001.mail.tfayd.com) ([100.126.24.25]) by USECMGIP001.mail.tfayd.com with ESMTP/TLS/ECDHE-RSA-AES128-SHA256; 30 Jun 2020 19:25:08 -0400
Received: from ashemwp00003.mail.tfayd.com (100.126.24.27) by ashemwp00004.mail.tfayd.com (100.126.24.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1913.5; Tue, 30 Jun 2020 19:25:08 -0400
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (10.56.130.76) by ashemwp00003.mail.tfayd.com (100.126.24.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1913.5 via Frontend Transport; Tue, 30 Jun 2020 19:25:07 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mvYW1nfTfBmYxZe5m8jShWxzg+YFxlOkmeEfHdtf9TgqoYW2oQFS1dJxdtk653zCH+zcWSB3QvHjUkdoSD2Txlpj7g+tmWkO2nkMP01j5kByjHeMFGTkHCGblKqSotM5WC9pgquKlsKwUH4uYuANrSqRbG9j7m9vhaAmVcZ6oEe+dvgkbqtAbeiUUtZLYJqKpoM/S7Eegzcsj/hJUs9ThfQo3wp8bX4VSLRORj+pfvmRne/oXqodx/raj4Tw8jUcdrCevlthz9oLYkAhDQy7RMwzaj/GvRArzeBbDqyERkv+uD5cSCiqykGqiOpf6hK/MISEl6tGTUms6OycOY+1gw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gyfNgXOB6WOXdBvnKtNbauIlUKndpuP4vwLXodKe3YA=; b=fUgRDG+PWrNANaFfXNxxfyYXr9xWEbMwJbk20ReBPvYiejit65H+2wHKAfWSHnyYxySLYjywvQP/ARwK1QP04jIjuqM7tcTPfFZTpEJ8sMzzVAx7vgWVMuhAmFoagU90I4++sIZ0YX3DjYDLLZnvxBIxiDK/119tvFfZv0wAOzaPAl2nCVbRDqCG+osBwwp1rXaRKBDl1iOJCvuIafhpb9d/61VyRUVK0R0EDV5vCpsUqRTmqfAjWydTV3P40Dl+ldTNDXzsNt9OinBZ2ycxUFNEagagBnUwWd3yRq4faABuEd/Xk44U5ah4/bsa5SpgkAUKD2JiltWlHAsxT0yiPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nbcuni.com; dmarc=pass action=none header.from=nbcuni.com; dkim=pass header.d=nbcuni.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NBCUNI.onmicrosoft.com; s=selector1-NBCUNI-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gyfNgXOB6WOXdBvnKtNbauIlUKndpuP4vwLXodKe3YA=; b=MBzEfydR4fuh++S8R0Ujlv4pCuAG0T6FxseGDewsA+JuNPerYpxgO3EgoYY1U9RVCdq93TQuSFigJTM5z1K2D5A0fqJS1ZHLHQQZWcV0TRozNBGyeDUYIK7AevN0as9uRW/nsPysW1qfmmrinXKu+IO0fQKJxlD77b36f8b9PyU=
Received: from BYAPR14MB3094.namprd14.prod.outlook.com (2603:10b6:a03:14d::30) by BYAPR14MB2679.namprd14.prod.outlook.com (2603:10b6:a03:de::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.20; Tue, 30 Jun 2020 23:25:06 +0000
Received: from BYAPR14MB3094.namprd14.prod.outlook.com ([fe80::e074:901e:d085:be5c]) by BYAPR14MB3094.namprd14.prod.outlook.com ([fe80::e074:901e:d085:be5c%7]) with mapi id 15.20.3131.027; Tue, 30 Jun 2020 23:25:06 +0000
From: "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
To: Eric Rescorla <ekr@rtfm.com>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
CC: ADD Mailing list <add@ietf.org>, Paul Vixie <paul@redbarn.org>, "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
Thread-Topic: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers
Thread-Index: AQHWTzWwJ0NQA5XM+ka8R5HmnPNV3Q==
Date: Tue, 30 Jun 2020 23:25:06 +0000
Message-ID: <39AB91D2-02F7-4618-8C5E-D3ED062A8286@nbcuni.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.36.20041300
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=nbcuni.com;
x-originating-ip: [2605:e000:141b:121:d0ac:ed9d:af97:3e9c]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 468f9e4c-496f-4010-2883-08d81d4cd2f5
x-ms-traffictypediagnostic: BYAPR14MB2679:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BYAPR14MB26793CF6CAAB77A87EE656CBE26F0@BYAPR14MB2679.namprd14.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0450A714CB
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kvNeE1HKr9116XE65ynCJ7CrIF5w5vK2ff7BGHjnq+K8lQWXFTq0Pxs7PxJq0GxkYXdf82apjNywHcb0VqfhH8QT4LsbK1hJhJDy1ZiDe0g0AeGZuloq198mnEFVDRcJz9NVgq02NZHmaI7Ip5HZ+XvEMXxddbNt0rJ/S9Sx7BwWeumEyPciZsvrN8juBhR43xd4alZL1eSrubIjCwpxezBX25+asu4wJj35ixSNVsFzyqbEBVR8xYhBcxgLOhkD57HuaOb44llsjBm6yoo8jgBKD0fcQi5iRzBxFAS8efsE0zC2t9kzEFj7RfiwlRKsV25/Xx72N0zHLHxzqhJ41Dn43+MrMO5qpUU4mcKX6wImt1cKUJGpSWjZFGeHLfnnD94Rb4u0r2bissLb3eYOag==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR14MB3094.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(346002)(376002)(136003)(396003)(366004)(8936002)(86362001)(2906002)(186003)(2616005)(53546011)(6506007)(5660300002)(966005)(4326008)(66476007)(66946007)(8676002)(83380400001)(478600001)(66556008)(64756008)(66446008)(76116006)(71200400001)(66574015)(54906003)(316002)(6512007)(110136005)(107886003)(33656002)(6486002)(36756003)(166002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 5RkAHjN9cfTxwJrqUkzyq5vdqngNQDi1pNR3/UxIBf0fX35StHepdhOom83kGZMGlebT5NwoQFDV1TjJW7//HowgB6Ewto2Wk3IpZo1CHksG7ZQJ5fu2y/SgPo+6zpywotm/MKKHnh+tT5cmiXA0ISbE5vMBht3b84xy76nGYgwZPysPC73sTH4fS1PVX4GwxjlV14Y2mSnqLi87mmhI0bSIuEg1AHCnH+FiUXGoaf9UeYtcxynPeQSwz7UmdL5HuFxuMklOnL5gYnZe3JmilG8cj6DkHTaToQeymxivzcLZKwM0Mp31263/NF6U4bd8z0/kChXiLEG//FWO03YudRec9lPj6r6JTtEbQ8H+VPy/UdsmI0lDB/COte1gyn58bkxOCxoDPQskcP8phXN4caefZwgZXwZv0nTjD8hSaEmFGBFHAHjnHk7nv5rvP9nJVQPeHHq/dGV7dkR4cp7AMU1af64SH91/8Gl0Ntm6zle2CsqiXKJc3QTztbqiR6vHSDDIXGqjTwbWPu+Tc3IgPguokOQczRUIY+f+dhaECJ9it+2+xvfEGXbCdpA+zc1J
Content-Type: multipart/alternative; boundary="_000_39AB91D202F746188C5ED3ED062A8286nbcunicom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR14MB3094.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 468f9e4c-496f-4010-2883-08d81d4cd2f5
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jun 2020 23:25:06.5777 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4f3526f9-97d6-412d-933a-4e30a73110f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EOCTzNBNLJ6IzqDypraKMBjAuq0bieQg6S3ZHbpRtpq8lYYa+ezEup6cDRNuz1Zp+Gg/3hZBzLTH+KhgQyiq7w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR14MB2679
X-OriginatorOrg: nbcuni.com
X-EXCLAIMER-MD-CONFIG: 47edc00f-f2d6-45ef-be83-8a353bd47e45
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-06-30_06:2020-06-30, 2020-06-30 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 bulkscore=0 adultscore=0 clxscore=1011 mlxlogscore=999 suspectscore=0 phishscore=0 spamscore=0 impostorscore=0 lowpriorityscore=0 mlxscore=0 cotscore=-2147483648 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006300162
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/_XxxDlPhasmYgIrkTju8qyf2MtQ>
Subject: Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 23:25:13 -0000

This all comes back to the three slices of access types that had been discussed some months ago:


  1.  Trusted & known networks – this is your enterprise, your home.  You have a relationship with them.
  2.  Unknown networks – This is the café, school, hotel - you choose them because they are available, but you know very little to nothing about them.
  3.  Hostile networks – you may not have any choice in network and must use this is you want any Internet access at all.  However, not only do you not trust them, you know they are actively acting in ways you do not want.

Another slice around threat levels would be: Green, Yellow, Red networks


Certainly in terms of policy and security concerns one size does not fit all 3.  The question is can we fashion a discovery means that works in all 3, but perhaps mitigates the policy and security concerns in each?

DHCP may be a perfectly fine choice in a green network, but in a yellow network there is a need for validation and assurance of the choice, while in a red network – can you trust anything at all, even things you explicitly specified such as IP address of resolvers without some additional validation ?

-glenn

On 6/30/20, 3:07 PM, "Add on behalf of Eric Rescorla" <add-bounces@ietf.org<mailto:add-bounces@ietf.org> on behalf of ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:



On Tue, Jun 30, 2020 at 2:24 PM Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org<mailto:40open-xchange.com@dmarc.ietf.org>> wrote:

Il 30/06/2020 14:58 Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> ha scritto:

On Tue, Jun 30, 2020 at 2:19 AM Paul Vixie <paul@redbarn.org<mailto:paul@redbarn.org>> wrote:
i have badly misunderstood.

the way i know that the ip address provided by the isp was delivered securely
today is because off-net DHCP forgery is hard,

Let's start here:
I agree that off-net DHCP forgery is hard. However, once you assume that you are off-path, then Do53 interception is *also* hard. So for this to be useful you need an environment in which the attacker is able to attack Do53 but *not* to attack DHCP. What I'm asking for is for someone to define that threat model precisely so that we can design protocols that match it.
I have written and deleted two or three longer replies to this, so I will just quote what Daniel Migault wrote a few messages ago: "The threat model seems for Comcast and the end user having the traffic redirected to Cloudflare instead of the local resolver." But of course the basic issue is that we seem to disagree on what a threat is.

No, I don't in fact that's the issue at all. To recap, this is a solution for a very specific problem. I'm not suggesting that it's a generic solution.

However, there have been a number of proposals for nominally generic solutions none of which seem to come with a fully defined threat model. I'm trying to get to what that model is. Specifically, I agree that it would be a useful to allow endpoint devices to securely learn the identity of the Do[HT] server associated with their local network [0]. This would then allow you to get private resolution even if there were attackers on the network (as in classical Ethernet or unencrypted WiFi). However, even with that objective, we still need to define a realistic set of attacker capabilities and then a design which is secure given those capabilities. That is what I am asking for.

-Ekr

[0] Under the assumption that you are connecting to the right network, of course, which is sometimes a very thin assumption.

--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com<mailto:vittorio.bertola@open-xchange.com>
Office @ Via Treviso 12, 10144 Torino, Italy
--
Add mailing list
Add@ietf.org<mailto:Add@ietf.org>
https://www.ietf.org/mailman/listinfo/add<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/add__;!!PIZeeW5wscynRQ!8RdwGngL7jdPag-AlvdKIHmRc3kH6T_Me_y-tASbVGqPg257EP7hd7EOzV0mITDr$>

v2.23.0 | Report a Bug | By Email