Re: [Add] [EXTERNAL] Re: Foundational questions on draft-box-add-requirements
Tommy Jensen <Jensen.Thomas@microsoft.com> Tue, 08 September 2020 18:52 UTC
Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD69A3A0D63 for <add@ietfa.amsl.com>; Tue, 8 Sep 2020 11:52:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkoLVN-PumvY for <add@ietfa.amsl.com>; Tue, 8 Sep 2020 11:52:11 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640120.outbound.protection.outlook.com [40.107.64.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99C3E3A0D4F for <add@ietf.org>; Tue, 8 Sep 2020 11:52:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q2XocvFOIjmxUTrm9nrkXbcansDZLCYWGiVQTDI003fzN7Jp/H1lsgHAjy/BZlLkbGrX2ME6I4A/ntSl8m+MYfqIYfq85Yo10XkXXwBuicvLNTfmmdbEEZDr2Itxlk76gisFPx7+56C7W9n9QXEHWT8xXnAgqM6triZ0c/IQjfwwkXwp/WOXlAJ5ZyDRipNyW8nWjAZoh9CXrEOdkW940kr6P1U+oiH9uzdrlAY0XBBZDe5jGm7he8PIUpzKpFbZ4fcx3a0vT6ZyPLTcATe/FeAW35LVSqNLMgB7+0PHOu+tuyqiajggQQusQwXgmPO9c4Nk9idyewJ655cRDAElFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0j0sNRfLPDsBo44AvUPXpAX+PMk/B1/s5Z7WnP+XvR0=; b=U79yAmkbg0AzJZI92SHtu+GgXHyy8+ZI2z04hTOgEY3Q327VkBJmbK/nD/jOEgfqpdc4UXs25nzGdLq7AGH5ATk5XjlmN+A5bo2cXN6+oWdu5HF0fdvk0czN5UOw8AuYHUg3gWp4INZTwyFyt2MG1z35rARqV34dNLsH5WDry2KnQQlLTtb9B8KwHcTXFsw2sGFwZXEN4X18p/hiKgd4tqJ9Ip709QsWVjuHItNV7UPRTJ4fBWDvk36coWszoJkmnpvX60qFdSWjTEdSVWtpDXolS9b9qVJKDiLpNiJaleJwKORVBNbCAX4QroftfM7lRKlf7Ha6WvTojOLuIMqcAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0j0sNRfLPDsBo44AvUPXpAX+PMk/B1/s5Z7WnP+XvR0=; b=gLA7qWrM3LOG3KIrHZjCTOQzSviFlOLv+VTYryoEuR8toa+nCIMRl3VHMghaWsZEArUs8CXO+sOP4jKsg3e7O8TNg5QzC/KrXWJ7pmCmrsu4J/OUh0broTYS9xzy9mPw5SIZTM+LhskrdHNml83LOVS09pMhYzuG9xLz9BBnLN0=
Received: from (2603:10b6:610:6c::23) by CH2PR00MB0856.namprd00.prod.outlook.com (2603:10b6:610:ad::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3402.0; Tue, 8 Sep 2020 18:52:05 +0000
Received: from CH2PR00MB0778.namprd00.prod.outlook.com ([fe80::64ce:305d:c0f8:98c0]) by CH2PR00MB0778.namprd00.prod.outlook.com ([fe80::64ce:305d:c0f8:98c0%8]) with mapi id 15.20.3407.000; Tue, 8 Sep 2020 18:52:05 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: Eric Orth <ericorth=40google.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>
CC: Paul Hoffman <paul.hoffman@icann.org>, ADD Mailing list <add@ietf.org>
Thread-Topic: [EXTERNAL] Re: [Add] Foundational questions on draft-box-add-requirements
Thread-Index: AQHWhgSZh3OwWV7OokCqsIybKRnEnalfB9AAgAAA2oCAAAaZAIAAATMr
Date: Tue, 08 Sep 2020 18:52:05 +0000
Message-ID: <CH2PR00MB0778B29F0B4253F72DEC736DFA291@CH2PR00MB0778.namprd00.prod.outlook.com>
References: <DA10F3E4-7186-47E1-8B75-DCCAE107F880@icann.org> <CAMOjQcFd-yHDCB7K1ksCtUc1ufuk5M+05SHOL_Dr+s=A=Ka4+A@mail.gmail.com> <CABcZeBNFMxQ5AWV+FfAdmfnsJ1=fzx9BBtm6TVVw77MsoVKe3Q@mail.gmail.com>, <CAMOjQcFhcXxkqEWo-QMGnCx++6nfJoaTv2MK2p4njLgJMreQAA@mail.gmail.com>
In-Reply-To: <CAMOjQcFhcXxkqEWo-QMGnCx++6nfJoaTv2MK2p4njLgJMreQAA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-09-08T18:52:05.287Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.35.64.46]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 51c2c15c-16a9-481f-70dd-08d854284821
x-ms-traffictypediagnostic: CH2PR00MB0856:
x-microsoft-antispam-prvs: <CH2PR00MB085633934A71E01F91FE04FBFA291@CH2PR00MB0856.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lXH2bW/rnX9I8i6M+uj78i/TwcH+SdqGUUMQHwfYJpcJk0t9LYLSNjW3YqbXr3anAKggDkE9MmGv0Pw9wc9u0k3wyOXbB7ziBNa4ROWBJAqKIyhq1IdFBxs5yqCbjFuLp7GZ1W+Zbc5bqvxeY01QuLeD9maTYfgMJtgDq3/DlQZIfouXRWDt4lO4pZpD0k8K/M5xPvKoxx2x/emkDH+M0fk4sdJPf/u5fra1qTVMnduemqxPG9pdxmUtldB/xidqiyMlN39tDEd+Ra65U9Y6qfObvmVaGmBCyMszeTlTERQsI3rq55+Y1p4oVHv3MRzR/Vo6CUNisDu+jFjrrrwxzbNhXn7gWo06/akLko7zS6dvaEA7udwB8O8eKpbW8h8bblOg24KL7VdVZIfHOP3p3Braa+HwqIXJRJFaABUWRwqM6U5TXWBRREmIrF3l8aT8
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR00MB0778.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(366004)(346002)(39860400002)(376002)(136003)(54906003)(55016002)(66574015)(966005)(110136005)(53546011)(6506007)(52536014)(83380400001)(4326008)(2906002)(166002)(71200400001)(19627405001)(82960400001)(82950400001)(8676002)(316002)(8990500004)(9686003)(10290500003)(186003)(8936002)(64756008)(66476007)(76116006)(26005)(33656002)(66556008)(66946007)(7696005)(86362001)(5660300002)(66446008)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: X+TEdstC/B3CVFhYIng9UAojf+W9kIyLkaoqkca/t6phyEITRe3iu/qneDeEduATH8nK5oNhZupL7AcT5ru/k8r75WuSWyeFVy3hK8GMrSq0i3QC9VQyTQ8lY/8yd3yGS/PBGNziyWAmjhe4rm4erTOECHaVMGRw6WfF1KhGlSVYKp3G4musfMA706qnE58pV3LuoptpNR2ykNHr/tJmvCGoYucZNM/fQjTBwjMBMNMgAiSvwO1xFKszZQ/z4nYdgWrKhfjd1tTu7wEOqIG8NqcOM6ghTDOMnrrNEkTU5X4V21nTI7SOFRZt+vsOoKxUvpALmH2mcYkU5dtg4Yz4ImdlgYo3P05klzRzrt2t41/MC6TfAAqyUFmdG8sjlD11IqiJDn7oyf6GreWzYD7wVoWdcXe9Vy5/ll1DTeS9h3j4cwE5bGKlxJZbwfRSG3KA10GUQ7h7Rao9/RuR8d87gfShNgN2klgqdtxfHnMhuBCRZxummmftuzzgEOr8ovH8gs9QlIA77rldjDSEq8YMtQBR5JQQZiOnqY6gH2coGi+1hy3MK5yu4/LZblEBBJ8qhZf2jfL9QEeErsNhnr13au9znXiXyjX6tzlQoOWlrXUPRGfevC/O0EeWFZqprfZOWwww4Kl8jrb2aQVmiL9UYQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CH2PR00MB0778B29F0B4253F72DEC736DFA291CH2PR00MB0778namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR00MB0778.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 51c2c15c-16a9-481f-70dd-08d854284821
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2020 18:52:05.7694 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: l0g6WhwzT/+bxcNHXuQngMwazmb4x827jEOxHlnj7R96hinmCVkCgpobNdKUBBB5+TkZ8/NOlr3iem9Iuk0vrA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR00MB0856
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/b6bSOHmCL6MnPP2JwaI0YfidVVw>
Subject: Re: [Add] [EXTERNAL] Re: Foundational questions on draft-box-add-requirements
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 18:52:15 -0000
> With a mechanism such as the one that MSFT (and I believe Chrome) uses, I would automatically be upgraded to Do[HT] regardless of the configuration of my local network Correct for Windows as well. Network recommended servers are and have always been a default recommendation overridden by user/admin provided configuration. So circling back to the original question Paul posed: if a user/admin told me through any UX (UI, script, policy, default to network recommendation, etc.) to use Server A, then Server A recommends Server B, I want to ensure Server B is owned by the same entity as Server A or hard fail. However, I do think a network has the right to recommend a third-party server if it so chooses (because it's a recommendation and not a network required DNS server; that's a separate problem). A network could offer a local, classic DNS server as well as a public DoH server over DHCP or RA. I won't care as a client that they aren't related. I would however care if the local server tried to recommend the DoH server and ownership couldn't be proved. One day, if we have authenticated network recommendations, this difference will become important. Thanks, Tommy ================================================ The latest in Windows Internet Protocols: Native gRPC support: https://aka.ms/grpcblogpost DNS over HTTPS: https://aka.ms/dohblogpost ________________________________ From: Add <add-bounces@ietf.org> on behalf of Eric Orth <ericorth=40google.com@dmarc.ietf.org> Sent: Tuesday, September 8, 2020 11:27 AM To: Eric Rescorla <ekr@rtfm.com> Cc: Paul Hoffman <paul.hoffman@icann.org>; ADD Mailing list <add@ietf.org> Subject: [EXTERNAL] Re: [Add] Foundational questions on draft-box-add-requirements On Tue, Sep 8, 2020 at 2:04 PM Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote: On Tue, Sep 8, 2020 at 11:00 AM Eric Orth <ericorth=40google.com@dmarc.ietf.org<mailto:40google.com@dmarc.ietf.org>> wrote: On Tue, Sep 8, 2020 at 1:22 PM Paul Hoffman <paul.hoffman@icann.org<mailto:paul.hoffman@icann.org>> wrote: 2) Why must the associated resolver be operated by the same entity? If an ISP offers only unencrypted resolvers, but is happy to point its customers to resolvers operated by someone else (such as a public resolver) for when they want encryption, why should this document prohibit that? I think many clients are mostly interested in a "same-provider" upgrade, but I think you make a good point that maybe the draft shouldn't be mandating anything around that. It's encroaching into policy. Maybe we just need a flag to specify whether or not a listed resolver is run by the same entity and let clients make decisions about it. Would that be useful without a mechanism to enforce truthfulness of the flag? Maybe fine since you're already placing plenty of trust in the initial resolver. I would say technically you're placing trust in the mechanism that told you about that resolver. Consider the case where I have configured my resolver (via resolv.conf or whatever) to be 1.1.1.1. With a mechanism such as the one that MSFT (and I believe Chrome) uses, I would automatically be upgraded to Do[HT] regardless of the configuration of my local network. Correct for Chrome. If 1.1.1.1 is configured, DoH will be attempted to https://chrome.cloudflare-dns.com/dns-query<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchrome.cloudflare-dns.com%2Fdns-query&data=02%7C01%7CJensen.Thomas%40microsoft.com%7Cfa434cbf869f42a1276008d85424d78e%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637351864928466841&sdata=ixOkMpXtV%2FcDt%2FxtvHrngww2OHPI6RtN5l%2BrnCH1134%3D&reserved=0>. However, if I were to ask the resolver who operated it over Do53 that would require me to trust the local network, no? Maybe you could ask the target DoH server if it has the same operator as the original Do53 address. Has the advantage that the DoH server is at least an authenticated connection. But that's not giving much protection if you didn't have a mechanism to prevent a network attacker from just sending you to an attacker-controlled DoH server to start with.
- [Add] Foundational questions on draft-box-add-req… Paul Hoffman
- Re: [Add] Foundational questions on draft-box-add… Eric Orth
- Re: [Add] Foundational questions on draft-box-add… Eric Rescorla
- Re: [Add] Foundational questions on draft-box-add… Eric Orth
- Re: [Add] [EXTERNAL] Re: Foundational questions o… Tommy Jensen
- Re: [Add] [Ext] [EXTERNAL] Re: Foundational quest… Paul Hoffman
- Re: [Add] [Ext] [EXTERNAL] Re: Foundational quest… Eric Rescorla
- Re: [Add] [Ext] [EXTERNAL] Re: Foundational quest… Jim Reid
- Re: [Add] Foundational questions on draft-box-add… Michael Richardson
- Re: [Add] [Ext] [EXTERNAL] Re: Foundational quest… Paul Hoffman
- Re: [Add] [Ext] Foundational questions on draft-b… Paul Hoffman
- Re: [Add] [Ext] [EXTERNAL] Re: Foundational quest… Jim Reid
- Re: [Add] [Ext] Foundational questions on draft-b… Michael Richardson
- Re: [Add] [Ext] [EXTERNAL] Re: Foundational quest… Tommy Jensen