Re: [Add] My principles for discovery

Ben Schwartz <bemasc@google.com> Wed, 25 March 2020 18:40 UTC

Return-Path: <bemasc@google.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 908AB3A09E1 for <add@ietfa.amsl.com>; Wed, 25 Mar 2020 11:40:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tdrtqrZSoOlt for <add@ietfa.amsl.com>; Wed, 25 Mar 2020 11:40:53 -0700 (PDT)
Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 708393A09CE for <add@ietf.org>; Wed, 25 Mar 2020 11:40:48 -0700 (PDT)
Received: by mail-wm1-x32a.google.com with SMTP id g62so4038021wme.1 for <add@ietf.org>; Wed, 25 Mar 2020 11:40:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8IUfyipmKgGTTla88RrR1k/r3yh/P87/YVwhEO5E9Xs=; b=OtrcHrJIi5e+NLryYYiPInEuKvimMRb5lNCey4u9tcUml7Al8HlxyljRnAxeI9q41W 1ymLJc2orwSES8lkWv1enK/xkH1xcBK1hps1gSE5LqjiSfkcNHEvVIBFtrj85bQq7l0Y dRfkcZPbvgXcnP0Ab48RESfPOtXlV5u17B37xj5bwVjLD15aKcdVXtJwMUyLxLTDgiJA 7A0IMbvgsh9VVIKskXXgSN5Cmo1WCaPON/A0afM7lOJxb7idW5pI4whmi7KJaXPg8CCe tZCzv7hoTrN1aCNCVsCmbZqxeq2faP6ceAP9fSs6EirNns3O8QwdblnsYeQMnOog4Y8P anWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8IUfyipmKgGTTla88RrR1k/r3yh/P87/YVwhEO5E9Xs=; b=PDhawyzXzdxJ4up9VXyMPJIVBTcT/5ygWb0RgXRODMCAVj2gFlRtsDxalip7ER0Q+K 9lSuVl4MOLVt8A2bH/T8gHlRs5yqgdR8kpCxClncEn87tzq2rM2c3uOjzEi2D+g50u6V HZ6tmLKM3cnTCjsLpqQND4vMAeND2ezG2bnwqUpblg8BB/Osi7G1mhg7VaLF0ALVrp1x FwpVE+FSp+grpeBW0mGPy5gYZWquVeAECxFMrhZrIRt2STo+nhXbAXY2UiXgneA4IGJA /MlMQVDEHEzqD2kzauSFPMeCS3IfxW4sKOhnhWocCxgs3Pv+G3hUfH9n0MzH660PTSnM qEFw==
X-Gm-Message-State: ANhLgQ1GRTgal/SiV6XcebNoZ+b32X4rUhM3yEtz/I1jMCq2BA8syxbL +Jv76wZGnC2LuaoGfvfjae6RdFp7ADjZP6p/vpuQZA==
X-Google-Smtp-Source: ADFU+vvUiS7G267KhqX+cR6JW5Drob9IVu1W9IWMSwcL0ZbuE1dISTsEIhi1XogmBd5tFMYhIOc5q/eoqAKPjAn7LjA=
X-Received: by 2002:a1c:197:: with SMTP id 145mr4664436wmb.42.1585161645541; Wed, 25 Mar 2020 11:40:45 -0700 (PDT)
MIME-Version: 1.0
References: <aec5404a-99eb-4aa7-9020-1e7b4f51b5ca@www.fastmail.com> <93585501.473.1585121577118@appsuite-dev-gw1.open-xchange.com>
In-Reply-To: <93585501.473.1585121577118@appsuite-dev-gw1.open-xchange.com>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 25 Mar 2020 14:40:33 -0400
Message-ID: <CAHbrMsDu=V4D3=nZSEeETZpsbF2yKWp=B8FahJNRjefn2jF-uA@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: Martin Thomson <mt@lowentropy.net>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="000000000000d461ec05a1b23465"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/azGVdCRkcorRzMVv6X81KBNA0BA>
Subject: Re: [Add] My principles for discovery
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2020 18:40:59 -0000

On Wed, Mar 25, 2020 at 3:33 AM Vittorio Bertola <vittorio.bertola=
40open-xchange.com@dmarc.ietf.org> wrote:

>
>
> > Il 25/03/2020 05:36 Martin Thomson <mt@lowentropy.net> ha scritto:
> >
> >
> > As I raised this in the meeting, I think that it's only fair that I
> include what I think the principles should be.
> >
> > In short, I believe that any entity that you interact with should be
> able to present their views on what resolver you should use.  Client policy
> will then dictate which - if any - of those is used.
>
> I don't necessarily disagree with the approach, but there is a question to
> which I need a very convincing answer first.
>
> "Any entity you interact with" already has a way to tell you - even force
> you - to use a name server they control to effect resolution of their
> domain names. It's called "authoritative name server".
>
> It seems to me that the model that especially draft-pauly is proposing -
> i.e. every destination pointing the client to a resolver that the
> destination controls - is functionally equivalent, in terms of who gets to
> see which information, to eliminating the concept of an external resolver
> and having the end-user device implement and run a full resolver on its own.
>
> This, as per Tommy's reply to the question I made at IETF 106, would
> increase privacy because the resolution process would not provide data to
> any other party than the "final destination", which would anyway get it
> when the following HTTPS connection happens. (The fact that the two sets of
> data are actually the same has been challenged yesterday in the Jabber
> chat, but that's another discussion.)
>
> I assume that this is also what you are envisaging, since the alternative
> - every destination pointing the client to a resolver which they don't
> control, but with which they have commercial or other agreements - opens up
> the potential for much heavier security threat, centralization and
> surveillance scenarios than it is ever possible today, so I would expect it
> to be ruled out much like other out-of-same-origin practices.
>

I don't think this is a meaningful distinction.  Authoritative nameserver
operations are commonly outsourced and heavily consolidated today, just as
web hosting is commonly outsourced to large CDNs.  There's certainly no
"out-of-same-origin" rule that prevents using a CDN!


> So - why do we need to develop all this complex machinery just to let
> destinations indicate some kind of resolver that does the same thing that
> their authoritative already does? What's the difference with just
> implementing a full resolver in the client?
>

I actually agree, at least in part: as our proposals develop, we should try
to harmonize them with the work to encrypt recursive->authoritative DNS
queries.  Perhaps we will be able to build encrypted stub, recursive, and
hybrid resolvers from a small set of shared components.


>
> --
>
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> vittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>