Re: [Add] [EXTERNAL] My single use case
Tommy Jensen <Jensen.Thomas@microsoft.com> Thu, 10 September 2020 15:27 UTC
Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 453B83A0AE1 for <add@ietfa.amsl.com>; Thu, 10 Sep 2020 08:27:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QEJDsV3FT0Jt for <add@ietfa.amsl.com>; Thu, 10 Sep 2020 08:27:21 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640108.outbound.protection.outlook.com [40.107.64.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11C903A0B78 for <add@ietf.org>; Thu, 10 Sep 2020 08:27:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Say9X4T/FtO45WgpTxws0GRXU4RlHTaokUB738mGMDOWQ80W+rUBG3v52kFVh89G/U2sShgTIc5niFkVLA/yOMtx1IZEXBfsUOF+eQT5jLUH284RIELsMtK2M3Uc5EXdwavIQtcEvcfpY8oB//PB+uD6elONmrL5OAt/FKWdTgmwrJnAOZz5hN7WP64M2a0S527dZk+FPentgHtKlC6J+O4r+grf+6yEx+E232ziQs3PH9TxemZKVYokpmwHnGOwEkz/P4Haq6rDNs5zGc7ZsC89THylHBll8A4NhvoFJ5Z30TIYN2HISH/PdSPGkuL0RJWiEZ0x0lxzocilgYsu7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a/8yAs2Zgl2xm2Zzk6FyRN/aR9t7rrQiWipd41Y1DJk=; b=m03LLIB+KUEUuuXU+kdAOQOwywhjOIfxA/4S5IiD98rUCgoxaX/0cIXzZC7CFUTNubhuCxCEDW54i8cIV4LZEcarRI4mIwUUJP8dz/zkm0RJJdjw+peWaz+3Gldw4iVHzm9v69MPBm3Zz5mTEtYC0GioLpW6lRn70t+AXTfiHolkffpC5EAI1I54sftfkMXlEaHtoMyP2ywpfmKVg4GwwNjcJIuY3VjXCezcq3VMMHf/l8+A5fPSp32affAnXvM24tdr8e9ARdRsh4Hr2o6KmoJCpHWQH8nAB4Udm5YoDRm7RHhDNzez35UN6gzCcslG0MKCWUUvMzSJYxvUX1t7aA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a/8yAs2Zgl2xm2Zzk6FyRN/aR9t7rrQiWipd41Y1DJk=; b=VnkhWl6qwL4aLXtq/Ce0TO5OcQwfcd+Hs+t1UB2ShoNgYUFrW3xtFdNkvwdY7GIXzvIDS0DZRZp+SUfd+sLSJsSE3ZGzLpFC6GJu7xfJOI2028A3xb4vH4QCkQddHZQrYEWUmDapNPv7WGrGCCQxv4an5Y/tYF7g3F/ZqWJgb74=
Received: from (2603:10b6:5:1b5::20) by DM6PR00MB0569.namprd00.prod.outlook.com (2603:10b6:5:16c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3409.0; Thu, 10 Sep 2020 15:27:19 +0000
Received: from DM6PR00MB0781.namprd00.prod.outlook.com ([fe80::90cb:ff2b:9362:fb22]) by DM6PR00MB0781.namprd00.prod.outlook.com ([fe80::90cb:ff2b:9362:fb22%9]) with mapi id 15.20.3410.000; Thu, 10 Sep 2020 15:27:19 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: Martin Thomson <mt@lowentropy.net>, "add@ietf.org" <add@ietf.org>
Thread-Topic: [EXTERNAL] [Add] My single use case
Thread-Index: AQHWh4Qxrp4x8+bIDkaWPrv+5QBA76lh+4sV
Date: Thu, 10 Sep 2020 15:27:19 +0000
Message-ID: <DM6PR00MB07815F5B6F43F63DB23485A7FA271@DM6PR00MB0781.namprd00.prod.outlook.com>
References: <d4bd287a-d2ce-40cd-b635-4f74efbc77f6@www.fastmail.com>
In-Reply-To: <d4bd287a-d2ce-40cd-b635-4f74efbc77f6@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-09-10T15:27:18.883Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: lowentropy.net; dkim=none (message not signed) header.d=none;lowentropy.net; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.35.64.46]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: a1ac4fbc-aac5-4504-5757-08d8559e0199
x-ms-traffictypediagnostic: DM6PR00MB0569:
x-microsoft-antispam-prvs: <DM6PR00MB0569562E08A8544F7B60D484FA271@DM6PR00MB0569.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AIoZkcL2zH6JY6NIzDPqdwoMBHlHGoTFFtEm1l0758+R5LKGehXNIcY/IfAQAjV1CPzc954WnKqKf++8I9JLVD+9Xe5uLqK19MR+j9vNgt6zsnnDzbRDXgORhAqmAmuT/PLC3Um1FL2O3xBBbrNijK4XEABZZfodZGOIE09UOn7yBQMOGLiOH2IqogtMCza2oo1r7RdWCuL0qWjGpTivZ5yOANdxXz/y42sQmnqdQFa/BBD6cL6gG6shDA3KgRnvGZjeqatf3EzATuFJ48C4JF35PKgHObKkYnOUv2wXzCJvY55DgZQ7jVyJPkeVtECyIOIfZhbPTCdrOkdje/suCiszu8qEGu1tKPLN8EmG4ynJwb88RvyRPyzPCnA/Mez9RDnrgFKqXW9UAoQ/egDTe19bb1pQngG+rz9IklFDDWIKbDCpxmpLRgrDoPpXqccI6PJNUwkiB7XnrVxsvk45lQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR00MB0781.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(39860400002)(366004)(376002)(136003)(82960400001)(7696005)(82950400001)(19627405001)(64756008)(76116006)(66574015)(66446008)(66476007)(2906002)(91956017)(52536014)(66946007)(5660300002)(83380400001)(66556008)(966005)(478600001)(166002)(186003)(10290500003)(26005)(9686003)(8990500004)(6506007)(8936002)(110136005)(53546011)(8676002)(55016002)(316002)(86362001)(71200400001)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 6s/Y0Go1eU2Sw0BqhbiDXQ0ebUgoJ7nHLxAimW0P3+iOodSR825StMcIMrk9XU9ZhE0o65lOgGNQ5ZbwBwDZktrKw/nAUXluDmAnd4EeD5tgNkl3N1cej1IQVfjVv+jscaiKjgK+DWfzgmeKYFugKVyFEyg0YFigF37zUR/V8VQujX/34MLgMwEab+UhqTa4QJ6A0sEwXYcwtYFj/JtfDO9fL7+0owrtaSgzTl5Qf9sE9huZQeQA5KjHIwD/++lfPJlOIuORtRZ7QeymdFhzFr1nXLJ7N/5FfPwaAujc+OzobM7N9KXAApd0HwhmcBYF//5M+kyGSFPrIYbvteUe2asNvcGkVOMfmgsVHkHmYbxdFYRzZBWjd7J/7+GBfceWj98RHSzYwfvSMWKmH4sAoeekGzZI4wmDd5C9tk73SWZOTpQO8dlK/TK2Wgy3x3ZunkB/oo3PaEVXRH7JnatsgIqpekZJ23Ycf8PeWwmbi4QOS0PzKjvxD9BKhECYbOQxTwHnUm+Cp05/uFTIMrqZBds1ogT7AgWwv9Ewy+NOGtPIXefk8eEjlfGEbsgBar7PA3JGShZ9kOZS7NCyQiL6AAID9xXRaI9RoyILluz/7xCgavyug+1sn6HP+YtmSOi5eu8RHd4wweNgkEWezyLqTw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB07815F5B6F43F63DB23485A7FA271DM6PR00MB0781namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR00MB0781.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a1ac4fbc-aac5-4504-5757-08d8559e0199
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Sep 2020 15:27:19.2696 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ATRBdw7QwBG3r3TM7LMITsq4rkjt4kXRsyMBpm8i0TRbc84gjO4eqtozlawClZ+nEy0QOsyCMIvK0teb/F6ItA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0569
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/G78uVLDee7GkpwFfxdLnDZoQaiQ>
Subject: Re: [Add] [EXTERNAL] My single use case
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 15:27:34 -0000
> Specifically, I want to NOT learn about whether the resolver does [...] +1, I couldn't agree more. One exception would be zone ownership for me as I don't consider that a policy, but I agree that's a scenario separate from the one you are describing and should be kept separate. > As a new device or application, when I join a network that I have no prior relationship with or configuration for, I want to discover the DoT or DoH resolver that corresponds to the Do53 resolver offered by that network My issue with this scenario is I see "discover a DoT/DoH" server differently from "discover a DoT/DoH server that corresponds to the Do53 resolver". The former doesn't require authentication to meet security parity with Do53 server use today. The latter is a novel concept I would prefer to be authenticated. This means for existing TLS infra would only be possible for publicly routable IP addresses, a subset of the network-offered servers out there. Is the difference important to you? Would you be fine with the network offering the DoT/DoH server in the first place? If not, I just want to better understand why not. Thanks, Tommy ================================================ The latest in Windows Internet Protocols: Native gRPC support: https://aka.ms/grpcblogpost DNS over HTTPS: https://aka.ms/dohblogpost ________________________________ From: Add <add-bounces@ietf.org> on behalf of Martin Thomson <mt@lowentropy.net> Sent: Thursday, September 10, 2020 8:07 AM To: add@ietf.org <add@ietf.org> Subject: [EXTERNAL] [Add] My single use case My preference is to tackle just this: As a new device or application, when I join a network that I have no prior relationship with or configuration for, I want to discover the DoT or DoH resolver that corresponds to the Do53 resolver offered by that network. This might need the full matrix of DoT/DoH, v4/v6, with/without a forwarder, but this is fundamentally just a single use case. Specifically, I want to NOT learn about whether the resolver does qname minimization or DoT to the authoritative or whether it does the eDNS client subnet or different policies with respect to what is answered or anything else that might make a decision to use this alternative complicated. Existing methods don't provide this information. I don't want a protocol that does anything fancy because that makes the decision complex. -- Add mailing list Add@ietf.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fadd&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C616232632199478ff0f408d8559b51e6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637353472875254723&sdata=uBbsI9uMM7zz8N0XScTyltYtrljaz2i1rUmMaxNbdnU%3D&reserved=0
- [Add] My single use case Martin Thomson
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen
- Re: [Add] My single use case Chris Box (BT)
- Re: [Add] [EXTERNAL] My single use case Jim Reid
- Re: [Add] [EXTERNAL] My single use case Robert Mortimer
- [Add] Zone ownership in DNS server discovery Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Ben Schwartz
- Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
- Re: [Add] Zone ownership in DNS server discovery Tommy Jensen
- Re: [Add] Zone ownership in DNS server discovery Vinny Parla (vparla)
- Re: [Add] [EXTERNAL] My single use case Martin Thomson
- Re: [Add] My single use case Martin Thomson
- Re: [Add] My single use case tirumal reddy
- Re: [Add] Zone ownership in DNS server discovery tirumal reddy
- Re: [Add] Zone ownership in DNS server discovery Vittorio Bertola
- Re: [Add] Zone ownership in DNS server discovery Joe Abley
- Re: [Add] My single use case Eric Rescorla
- Re: [Add] My single use case tirumal reddy
- Re: [Add] My single use case Eric Rescorla
- Re: [Add] [Ext] My single use case Paul Hoffman
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [Ext] My single use case Eric Rescorla
- Re: [Add] [EXTERNAL] Re: [Ext] My single use case Geist, Dan (CCI-Atlanta)
- Re: [Add] [EXTERNAL] Re: Zone ownership in DNS se… Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen
- Re: [Add] [EXTERNAL] My single use case Martin Thomson
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [EXTERNAL] My single use case tirumal reddy
- Re: [Add] [Ext] My single use case Eric Rescorla
- Re: [Add] [EXTERNAL] My single use case Daniel Migault
- Re: [Add] My single use case Daniel Migault
- Re: [Add] [EXTERNAL] My single use case Vittorio Bertola
- Re: [Add] [EXTERNAL] My single use case Andrew Campling
- Re: [Add] My single use case Steffen Nurpmeso
- Re: [Add] [EXTERNAL] My single use case Daniel Migault
- Re: [Add] [Ext] My single use case tirumal reddy
- Re: [Add] [EXTERNAL] My single use case Tommy Jensen