Re: [Add] My principles for discovery

Martin Thomson <mt@lowentropy.net> Fri, 27 March 2020 00:45 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E089B3A0A47 for <add@ietfa.amsl.com>; Thu, 26 Mar 2020 17:45:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=XJguqIOa; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=yytzrLe4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZrzm5uP0f6F for <add@ietfa.amsl.com>; Thu, 26 Mar 2020 17:45:20 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02B473A0A46 for <add@ietf.org>; Thu, 26 Mar 2020 17:45:19 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 11F4D841; Thu, 26 Mar 2020 20:45:19 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute2.internal (MEProxy); Thu, 26 Mar 2020 20:45:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=zCxM+A4dzPLKQ6LqdZ0w+5kovpD0z5F MRyf1XJqA254=; b=XJguqIOasipEkzb8OgKxJ/gJBpCnCBIonOJCSICEBGxgXOP 23dLfU+L6lko3ks0GTXtD8tq82TxpXfTmaa7gmKU1fR6R4/cxXAyr0rK1xD388WI Vd8qxoIugGtykUR9fDWMe8EKI08RBVU/pJSQGgDruIyLjMNW6xBhDbr7aXFZ8BKQ JKqVMdUWxuLTASQG8uFAtJCl1ddnIH1ySnKLfL9QaMqn7+tH04f4P44IsjB743Rn RCbu6WUMsnJblQoIfnily97NSZBMTKkoJBMZTcoFG11OO8gtmRs86LsPiIZ94bOy uywLDFpph6bn+9EfblfQs+BL48Y/jY4lkVU7o9A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=zCxM+A 4dzPLKQ6LqdZ0w+5kovpD0z5FMRyf1XJqA254=; b=yytzrLe4RykTMXo5KA/KvV rDqp6AGqcHg0ZBSjtQlnOrkfas3T3hFd2wA3kBSJ+OvoVa1TWam7G3zLFhdlzhDX SpEz7MoYJCALjYFW3ViINHenW235yRPnpAAeH6Y31kKJH75t3DbepKbLjnvvwz83 yRt19XBfE234FHwGKM46vfROq+oMO+wPIXyBmvS5hp7y9q9qNoG6JUx7Vpaq3Ktz +TPlYWTWnTPh1vzs6FkEunW+OutHodQpzAqnp5YEi3D7+h7287LjHKyS+ZpZDl/8 xP1XyU4erxYGJjJuodMyVejyOqH3/mMWGrS4wf6IxDQS6n00iosptGIXXUNGTdVw ==
X-ME-Sender: <xms:nUx9XuRbtURaECHiE9mulz7Yi041sRgvql-XTfBrnbUeEL8rsLCgMQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudehjedguddvgecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfofgr rhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenuc ffohhmrghinhepvgigrghmphhlvgdrtghomhdpvgigrghmphhlvgdrnhgvthenucevlhhu shhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnh htrhhophihrdhnvght
X-ME-Proxy: <xmx:nkx9Xlnjn6VUHtHOGlHG4iNTTVt2ss05QCqDX5k7j5M-iPg_nRzsJA> <xmx:nkx9Xtnsxo3VYXNbv85EXbqZA_fSz6_HhvVjvE1K2QwKiy3Tc9uFeg> <xmx:nkx9XrOYq2TtWHMyej4MLMb0ublfkPihZe0fEPOq4k3pRkjND23jsA> <xmx:nkx9XtSptRVl1MWdJ2u_aPNMTvvir9QFdTo1aXHzwEvEUbPMRQafEg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id CF8B5E00BB; Thu, 26 Mar 2020 20:45:17 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.7-1021-g152deaf-fmstable-20200319v1
Mime-Version: 1.0
Message-Id: <08c407f3-e0bc-46c2-9864-c7d4c347811b@www.fastmail.com>
In-Reply-To: <93585501.473.1585121577118@appsuite-dev-gw1.open-xchange.com>
References: <aec5404a-99eb-4aa7-9020-1e7b4f51b5ca@www.fastmail.com> <93585501.473.1585121577118@appsuite-dev-gw1.open-xchange.com>
Date: Fri, 27 Mar 2020 11:44:58 +1100
From: "Martin Thomson" <mt@lowentropy.net>
To: "Vittorio Bertola" <vittorio.bertola@open-xchange.com>, add@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/hW0-Tmvx7aBfrX07gycI16RdBAw>
Subject: Re: [Add] My principles for discovery
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2020 00:45:22 -0000

Thanks for the question.  I agree that this is hard.

On Wed, Mar 25, 2020, at 18:32, Vittorio Bertola wrote:
> "Any entity you interact with" already has a way to tell you - even 
> force you - to use a name server they control to effect resolution of 
> their domain names. It's called "authoritative name server".

This is a good point.  I hesitated before adding this to the list, because I get your point.  What Tommy proposes does look quite a bit like having the client perform recursion itself with different spelling.

But I don't think that is precisely what is being proposed, nor does it have to be designed precisely that way.  For instance, it is conceivable that I might interact with example.com and have it say things about what resolver to use for example.net without following the delegation path (and the DNSSEC chain) from the root.  A client policy in which that is permissible isn't totally implausible.

I don't think that is exactly what Tommy presented and I'm not trying to speak for that group of authors.  I'm trying to be inclusive here and allow for their design and variations on the same.  Because these are entities that *might* have a stake in the success of the eventual interaction that DNS is facilitating.  That is all.

> I assume that this is also what you are envisaging, since the 
> alternative - every destination pointing the client to a resolver which 
> they don't control, but with which they have commercial or other 
> agreements - opens up the potential for much heavier security threat, 
> centralization and surveillance scenarios than it is ever possible 
> today, so I would expect it to be ruled out much like other 
> out-of-same-origin practices.

See, I think that this line of argumentation is firmly out of scope for this group.  I think that it is fine to express your opinions about what policies a client might consider as valid, and to factor those things you identify into how those opinions are formed, but this group is setup specifically not to contemplate that.  Finding ways to express how those opinions manifest within the scope of this group's charter is what we need to try to do.  Which is awkward, but thank you for doing that here:

> So - why do we need to develop all this complex machinery just to let 
> destinations indicate some kind of resolver that does the same thing 
> that their authoritative already does? What's the difference with just 
> implementing a full resolver in the client?

Yes, this is the right question to ask, and totally within scope.  I too am not entirely convinced in the value of the complexity trade-off in the specific case you cited, but I also don't know that I really understand how this works from a hollistic perspective either.  I find the idea that I might allow Google (for example) to point me at 8.8.8.8 for the purposes of name resolutions I make within the context of my interactions with Google of interest.

Of perhaps more interest, is extending that to third party resources that are involved in the same interaction as that might allow for better scoping of how information about my DNS interactions is distributed, to go back to the resolver selection motivation.  I think that it is also has some potential pitfalls in that setup, particularly as it pertains to the distribution of information about individuals and their interests.

But that does mean - at least for me - that there is a policy that leads to something like what Tommy proposes, which might in turn motivate this group to consider designing a mechanism.  And that policy is at least plausible.

That's the careful balance this group has: we can't talk about policies because we know we don't all agree.  But we really need to understand whether there is some motivation for doing the work that is at least plausible.

This is likely a question for chairs, but if we want to avoid the policy discussions, maybe they would prefer to say that as long as there is sufficient interest then work might proceed rather than trying to avoid objections.  Or at least avoiding objections on policy grounds, because there are objections that are in scope and derive from things outside of the contested policy questions.