Re: [Add] [Ext] Updated charter proposal for ADD
Ted Lemon <mellon@fugue.com> Wed, 15 January 2020 16:48 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65693120881 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 08:48:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kxiCLqAfmop7 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 08:48:10 -0800 (PST)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA21112009E for <add@ietf.org>; Wed, 15 Jan 2020 08:48:09 -0800 (PST)
Received: by mail-qk1-x72e.google.com with SMTP id z76so16268271qka.2 for <add@ietf.org>; Wed, 15 Jan 2020 08:48:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=zP+Qrhq63llY4gi44Lxhx8ixxQq0zIGwJfDxsp+UXYc=; b=gNMSzABI7FYa/Ib4fFSVX98wYisW+G9PetAbBWwr2SiVsp+uYa8QDSq1Flya6tbLKw Yklz6x8D1jeWHYwBWxmDUtu3BMzcGOlSQUIQEauVFPnqRlU0Leqw/NTdClTJHo1OgbD4 amfGyVTTx1PXKZMP3SaWOSzHKRA/IK+ro2Ikhib2neO3PR8watSdM27Rx0UgNF8a5T5b D1a+afqzPKsaH2kQsBtjhvA2rEuXTIMAp/e6PMdOjyoNO3Cgs8biPbqV+sKWkMu7RvoP lCiUDr5vWe09HD4fgDNmM7p4ZoOuptv0wtNuLQr19QotCj1raK6Dx6yftcz6ZwVKOcNI CWXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=zP+Qrhq63llY4gi44Lxhx8ixxQq0zIGwJfDxsp+UXYc=; b=kcjy8UgJkN3g09tRC1prPSHJEmHM4NhwFxZRnDbqdaprnmdzqnNcZEYCASyAEfGKXV OO9YDwMVtJ/ZfeDqnglP/FzKcQar0+yzdQao+6/v0mZ3oyXv6LbjyvjTBaPORn7L+mvB qC4okGOUvQ8OTpLzD+jAufe4TlnbZTJlpOUxbffpi6wD4FG9KjX0KyOCe5ptYEcWIAzo 6D9xpuaFP63T+sc/NPsqYdH1svz5Tarc9+dFtNr3Ealmz1+GG6pHREOvu4T0HAtG3oyW AayHkMWs2s1aARLbPbv3tb6B6sJdr52u6OdVpnMKlu6IxhtJ650INWTpcvGMqX9WDEKA x1HA==
X-Gm-Message-State: APjAAAUJmnIt/Skv3UP7x8GnSYNyTYv/rl6GowhCHqI+X6vZff6hoCHv /X7wxKLYsPrG9GyTlXVa2ITS9Q==
X-Google-Smtp-Source: APXvYqx4UDbOESMtA0gs3ek0J2sSj6aWf/KMSU+dw7bf+QhYNNYW0qvAVEU1R2WWSurBHPXOvJ5Hjg==
X-Received: by 2002:ae9:e40d:: with SMTP id q13mr28863387qkc.2.1579106888855; Wed, 15 Jan 2020 08:48:08 -0800 (PST)
Received: from ?IPv6:2601:18b:300:36ee:e407:5057:2d90:873e? ([2601:18b:300:36ee:e407:5057:2d90:873e]) by smtp.gmail.com with ESMTPSA id t38sm9850357qta.78.2020.01.15.08.48.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Jan 2020 08:48:08 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <85F15EAE-6933-451D-A04F-3DE2907603FB@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A2A1ACBB-2C65-4019-B410-95A48471E125"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.4\))
Date: Wed, 15 Jan 2020 11:48:06 -0500
In-Reply-To: <A78BD5D2-A95E-43BA-A70E-46040C691AC0@icann.org>
Cc: ADD Mailing list <add@ietf.org>
To: Paul Hoffman <paul.hoffman@icann.org>
References: <236B0A34-8C7F-49D2-8075-5AF5AC35BDFB@apple.com> <AD6E599F-96E8-44FC-8A05-8BFD2F659129@icann.org> <66C24EE6-5C7B-4788-AE26-06B900915010@fugue.com> <A78BD5D2-A95E-43BA-A70E-46040C691AC0@icann.org>
X-Mailer: Apple Mail (2.3608.80.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/hXPbbdzcKM6wr4Uprve7AvbZNfs>
Subject: Re: [Add] [Ext] Updated charter proposal for ADD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 16:48:15 -0000
On Jan 15, 2020, at 11:18 AM, Paul Hoffman <paul.hoffman@icann.org> wrote: > The first sentence is well-intentioned but does not usually lead to useful text in documents. The second sentence assumes that there are methods that can be cryptographically validated: as I said above, I do not believe they exist. Of course such mechanisms exist. The problem is that they can’t happen without some explicit trust establishment mechanism, which necessarily requires manual intervention. What I want to capture is that any mechanism that the ADD WG comes up with that doesn’t have a trust establishment mechanism doesn’t override a mechanism where trust has been established explicitly unless there’s some specific reason why that’s the right thing to do. E.g., Tommy I think mentioned, and this is a use case I deal with regularly as well, that you might be connected to a network that uses a split-dns configuration where if you query a public resolver, you just won’t get an answer for some domain. I think that there is a pretty strong motivation from some of the participants to support a use case for CDNs; figuring out how to do this seems like it would be very much worthwhile, even if such a mechanism doesn’t come with an explicit trust relationship. I would expect that a trust establishment mechanism based on the ANIMA on-boarding process (IETF) or the Thread commissioning process (Thread Group) would also be cryptographically verifiable, since devices commissioned using either mechanism can in fact cryptographically validate that they are connected to a particular network; it’s not a big step past that to validating the resolver. If course, for a device that doesn’t have any such configuration established, a simple DHCP mechanism or RA mechanism for getting opportunistic security is still very much worth doing. That said, I think it is in scope for the WG to talk about configuration mechanism that require manual intervention and do establish cryptographically verifiable trust. Do you disagree with that? To me this seems like an important part of the problem space.
- [Add] Updated charter proposal for ADD Tommy Pauly
- Re: [Add] Updated charter proposal for ADD Neil Cook
- Re: [Add] Updated charter proposal for ADD Paul Adair
- Re: [Add] Updated charter proposal for ADD Diego R. Lopez
- Re: [Add] [Ext] Updated charter proposal for ADD Paul Hoffman
- Re: [Add] Updated charter proposal for ADD Livingood, Jason
- Re: [Add] [Ext] Updated charter proposal for ADD Robert Mortimer
- Re: [Add] Updated charter proposal for ADD Andrew Campling
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Dave Lawrence
- Re: [Add] Updated charter proposal for ADD Jari Arkko
- Re: [Add] [Ext] Updated charter proposal for ADD Paul Hoffman
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Alissa Cooper
- Re: [Add] [Ext] Updated charter proposal for ADD Paul Hoffman
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] [Ext] Updated charter proposal for ADD Andrew Campling
- Re: [Add] [Ext] Updated charter proposal for ADD Barry Leiba
- Re: [Add] Updated charter proposal for ADD chris.box
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] [Ext] Updated charter proposal for ADD Brian Dickson
- Re: [Add] [Ext] Updated charter proposal for ADD STARK, BARBARA H
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Brian Dickson
- Re: [Add] [Ext] Updated charter proposal for ADD Stephen Farrell
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Deen, Glenn (NBCUniversal)
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] [Ext] Updated charter proposal for ADD Martin Thomson
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Brian Dickson
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] Updated charter proposal for ADD nigel.tedeschi
- Re: [Add] Updated charter proposal for ADD Smith, Kevin, Vodafone Group
- Re: [Add] [Ext] Updated charter proposal for ADD Andrew Campling
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] Updated charter proposal for ADD Vittorio Bertola
- Re: [Add] [Ext] Updated charter proposal for ADD Patrick McManus
- Re: [Add] [Ext] Updated charter proposal for ADD Paul Hoffman
- Re: [Add] [Ext] Updated charter proposal for ADD Patrick McManus
- Re: [Add] [Ext] Updated charter proposal for ADD Brian Dickson
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- [Add] Food for thought? Mohit Sethi M
- Re: [Add] Food for thought? Mohit Sethi M
- Re: [Add] Food for thought? Ted Lemon
- Re: [Add] Food for thought? tirumal reddy
- Re: [Add] Food for thought? Ted Lemon