Re: [Add] Proposed charter and BoF request for IETF 106

[Eric Rescorla <ekr@rtfm.com>]

On Wed, Oct 9, 2019 at 11:46 AM Richard Barnes <rlb@ipv.sx> wrote:

>
>
> On Wed, Oct 9, 2019 at 2:32 PM Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>>
>> On Wed, Oct 9, 2019 at 11:04 AM tirumal reddy <kondtir@gmail.com> wrote:
>>
>>> On Wed, 9 Oct 2019 at 18:15, Paul Wouters <paul@nohats.ca> wrote:
>>>
>>>> On Wed, 9 Oct 2019, Eric Rescorla wrote:
>>>>
>>>> > You're misunderstanding me. I'm not saying that we should not enable
>>>> network operators to shift to encrypted transport.
>>>> > As I said in the section of my message that you cut, I'm more than
>>>> happy to have the IETF standardize a mechanism for
>>>> > the network to tell endpoints that it supports encrypted transport.
>>>> I'm merely observing that this does not address the
>>>> > issue that Mozilla is trying to address with our DoH/TRR deployment.
>>>>
>>>> And it seems doing this at the DHCP / Captive Portal level is enough. I
>>>> don't see the need for a WG to be spun up for this.
>>>>
>>>
>>> DHCP is not a secure way to discover the local DoT/DoH server.
>>>
>>
>> It would probably useful to start by defining what "secure" means in this
>> context. For instance, I am in an airport and I see the name of the WiFi AP
>> printed on the wall an join a network with that SSID. How would you define
>> securely learning the DoH server?
>>
>
> I would probably be happy with the property that some random other host on
> the LAN couldn't feed you bad information.
>

Yeah, I'm not actually sure how to do that without making some assumptions
about the LAN structure and (in the case of wireless, what kind of crypto
was in place).


> Not that this has much to do with DoH.  The impact of rogue DHCP servers
> is just as catastrophic for Do53.
>

Well, perhaps less, because the Do53 security properties are already so
terrible :)

-Ekr