IETF Logo Mail Archive

Re: [Add] Browser Administrative Authority

Vittorio Bertola <vittorio.bertola@open-xchange.com> Mon, 27 May 2019 09:25 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8354212011B for <add@ietfa.amsl.com>; Mon, 27 May 2019 02:25:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jQAeNUKfJ9hm for <add@ietfa.amsl.com>; Mon, 27 May 2019 02:25:08 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 295841200FA for <add@ietf.org>; Mon, 27 May 2019 02:25:07 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id 5C44E6A28B; Mon, 27 May 2019 11:25:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1558949104; bh=QO7Le7oPSTFoYH/jAeUYLobnecNhqjQ/zo8miFNSaV8=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From; b=HDu9PIcj9A/LborSDxoD1WZuqUK8xKxoXNEPVBokgBvcXB6qBwcUaR0ep6X/aXa+K fb1+9rbgJcNO5zsyHxQ+p+t5+kSYTN4rvo231VEaZ3dYNERQwHlQ7KeNtV/+/d4wbL H8IFwW218cFJLAdAFKAZOEsLmcyUxdHVpza41MRPq+ufBwUM1bItyxtCHathqXg6Sh 8ImA2CGJ1BtaiT7VZrNgri63lviRG4pFK4lWEHgHm1bUAjwri8g8PuMeqW/XJkkJ+b d7QIIbqpvZ5PFrlO4kN6nKbMuwRgK841WjSeGAR8cByJM51/omMn1tsewiXvYL0oU5 z1SA5JlYnc1iw==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 4E9273C05BB; Mon, 27 May 2019 11:25:04 +0200 (CEST)
Date: Mon, 27 May 2019 11:25:04 +0200
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
Reply-To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Tom Ritter <tom@ritter.vg>
Cc: "add@ietf.org" <add@ietf.org>
Message-ID: <1087980125.22084.1558949104261@appsuite-gw1.open-xchange.com>
In-Reply-To: <CA+cU71mw77uS-BROWrFsGg9OSPEfAVk71UnzgL_5wWdM_znHnw@mail.gmail.com>
References: <182C9119-59F9-43FA-B116-4D45649B74B5@nbcuni.com> <07A89E54-2DFC-4B5A-9784-610BBE7D2BB2@nostrum.com> <125917581.1152.1558717017241@appsuite-gw4.open-xchange.com> <MN2PR21MB1213868D0BC3575C2589B670FA020@MN2PR21MB1213.namprd21.prod.outlook.com> <CA+cU71mw77uS-BROWrFsGg9OSPEfAVk71UnzgL_5wWdM_znHnw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.2-Rev4
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/gHsh_uHFKKmxoDb2BYM8SAZOE6M>
Subject: Re: [Add] Browser Administrative Authority
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2019 09:25:11 -0000

> Il 24 maggio 2019 21:23 Tom Ritter <tom@ritter.vg> ha scritto:
> 
> The network should be considered hostile until configured otherwise
> because... the network usually is hostile. Or at least it's untrusted.
> Every cellular connection; every coffee shop, every store's free wifi,
> every friend's network you connect to, every AirBnB wireless, every
> hotel... Percentage-wise, the number of untrusted networks the average
> user connects to dwarfs the number of trusted networks (even if the
> percentage of time spent on untrusted networks is dwarfed by the
> percentage spent on trusted networks.)

There definitely is a security/privacy issue for people and devices that roam a lot and it's fine to address it, but IMHO this is the view you get from a specific viewpoint and does not represent the full picture or even the best part of it. There are tons of people/devices that do not move and only use the Internet from a single trusted network, usually a home/corporate one, and rely on it for security. As a subset of this, there also is an increasing number of cases in which the user controls the network much more than the device: think of all the IoT stuff that you buy and deploy at home, but which is really a black box to you - unless you can use your local network administrator power to exert at least some control on their traffic.

Perhaps this should lead to different control hierarchies and policies for roaming devices (e.g. mobile phones) than those for the rest of the world. More generally, this is what makes the ADD issues hard: different use cases have conflicting requirements. Perhaps, part of the work could be documenting the appropriate control hierarchies in different situations, as Glenn did, and then see if there are ways to reconcile the conflicts - and I suspect these are going to be by policy and user interaction, rather than by technical instruments.

Ciao,
-- 
 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy

v2.23.0 | Report a Bug | By Email