IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 13 March 2021 01:08 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AFAC3A0EF2 for <add@ietfa.amsl.com>; Fri, 12 Mar 2021 17:08:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jZbHYXxtFkhg for <add@ietfa.amsl.com>; Fri, 12 Mar 2021 17:08:05 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10E203A0EF3 for <add@ietf.org>; Fri, 12 Mar 2021 17:08:04 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 3A719BE2F; Sat, 13 Mar 2021 01:08:02 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MpS9NGHc9j-d; Sat, 13 Mar 2021 01:07:54 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E3E4EBE24; Sat, 13 Mar 2021 01:07:53 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1615597674; bh=14Hhn9xItWXq7dhHYDlZPhE44d9i+HRrhCMXW8pxSKU=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=lJ8WmKRzdFrOcqz/0t6DTNE64YPYeZ0iqaaJQ+vKrgtxViawKDPkYoOFFcnAvjW8P V5kDgTWjz6StwsPkMHJTnZVC3VVNJ03CR15D7DVSR+rzAr5rBueCIlTbBxLMnTNaGj kGC6W5giuUEO4WsXtyxq0zhM1EsUjCn093AoyVpI=
To: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>, "paul@redbarn.org" <paul@redbarn.org>, "tpauly=40apple.com@dmarc.ietf.org" <tpauly=40apple.com@dmarc.ietf.org>
Cc: "bemasc=40google.com@dmarc.ietf.org" <bemasc=40google.com@dmarc.ietf.org>, "add@ietf.org" <add@ietf.org>, "kondtir@gmail.com" <kondtir@gmail.com>
References: <161544385340.18570.13061001177806683345@ietfa.amsl.com> <CAFpG3geAq9oTEJp+uFQ_vHdATgT9Faza-tJURciO=RheLgLDug@mail.gmail.com> <CAHbrMsCK5BUNzF+8nd722R-BR612mM+3oA6x9RzoT_osHWWRzg@mail.gmail.com> <BFF52DBA-5A64-46E5-B51A-9012EF9E09BD@apple.com> <20210312191835.rhsyikec46uzmnk4@family.redbarn.org> <BL0PR00MB03083936E223A4A5A025784DFA6F9@BL0PR00MB0308.namprd00.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <1c618bd9-e039-2dac-80f3-1f11b7b44bc4@cs.tcd.ie>
Date: Sat, 13 Mar 2021 01:07:52 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <BL0PR00MB03083936E223A4A5A025784DFA6F9@BL0PR00MB0308.namprd00.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="TQWOaDUdMiDSbGXFtrSOB0dHC3iTnT8aW"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/iAIwbYDEXuIjV_O0DVV-84Yi51I>
Subject: Re: [Add] [EXTERNAL] Re: New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Mar 2021 01:08:07 -0000

Hiya,

On 12/03/2021 21:24, Tommy Jensen wrote:
> Summary, my personal dead horse: if we do want networks to be able to
> communicate policy to a client in a way that can be differentiated
> from an attacker, it should be more general than DNS and it should be
> not in ADD.
FWIW, I think the above is correct. That said, we have some
serious obstacles in the way of figuring out how to do that.
For example, I don't think we even know the potential set of
possible policies for when there's a "smart speaker" and a
house-guest involved, never mind how to possibly represent,
secure and process those in some electronic format.

There is also a danger that we encode our last decade's idea
of policy into a protocol in such a way that we make it hard
to move beyond that in the next decade. That doesn't mean we
ought ignore 2010-style policies but I think it does imply a
lot of care ought be taken before we follow the "obvious"
route for expressing those "obvious" policies.

So, I'd also argue for extreme minimalism in ADD on the
dual basis that we really don't yet know what's right for
the near future while at the same time we can be pretty
confident that the set of policies that were used in the
recent past and that are still validly used likely isn't
quite the right guide.

Cheers,
S.

v2.23.0 | Report a Bug | By Email