IETF Logo Mail Archive

Re: [Add] draft-arkko-abcd-distributed-resolver-selection

Rob Sayre <sayrer@gmail.com> Sat, 21 March 2020 03:11 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AA3F3A10EE for <add@ietfa.amsl.com>; Fri, 20 Mar 2020 20:11:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0yVGH6K1TCU for <add@ietfa.amsl.com>; Fri, 20 Mar 2020 20:11:54 -0700 (PDT)
Received: from mail-il1-x132.google.com (mail-il1-x132.google.com [IPv6:2607:f8b0:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F7223A10ED for <add@ietf.org>; Fri, 20 Mar 2020 20:11:53 -0700 (PDT)
Received: by mail-il1-x132.google.com with SMTP id m9so7783848ilq.12 for <add@ietf.org>; Fri, 20 Mar 2020 20:11:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=I17rAO58gDkIZZk9fH1LEELlSnELT+xQdMiLPODFKmA=; b=bqI23mFVzlWtomjfpf0P2l+tJTGcvd8ucZyxd1R88g9VzTYlR7dWo+6V9u07H+aq+m huDUF9hIH5XRFDwvPJNvc21FSKGMoIXwWDwoVyl/yUcqSQlA6tPFRvYiv5GH+3HeRmhy veNQLlZpBfGovYkcb1aYnsrIr58Cy6EldlMkFgR53QBUegli5yzjmivpEkilwlIGof4B ibHNETgbHJZg0gOqf4229kXR5/HVJk0vkODQiKqeKdtZb9/2y5aPD4dWAvWHqdR6aQhi oOPqaEICIM0Nn4vqUKvkszx9T/seIfLyBvCCyMXGaBu1FK1wDxzSbbAUb3KyWGc0DIjz D3Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=I17rAO58gDkIZZk9fH1LEELlSnELT+xQdMiLPODFKmA=; b=Cefv/HDGyJ4UtslHDEMEmyRBvJbmtgzpzt4qNn3G6tMnxQl8i2dmjwKbyA3/dt0vLu FHhukAQ43ohMGvz/6MgZaIG0yD0m/k90M6xY6fcepMvoc8YmZJZeQZfqcE2gm/D+8JeL KndZyfP0l1SrOaoirmnARBUh9urq8mJat/Ka3JUp9t+QK16+nhDhzutBBhOwD2XRtzHA m1HuR/aY2YqQ1Ulq76dxdu07S2EJwVf0sP1cCGuiAQ9DccqgbApirF0mHBUD2i1MpTQr qNAGrayU34u46atVzNlShFq/3ZsQTPCBeNQk/PpYPj3HyU7hnbWlio7yQMd8zJfFfJtV q+9Q==
X-Gm-Message-State: ANhLgQ1YiMIxauG8z/RYvx112CdvIy2EArN//bCc2qtzJOB5gOEse4xg Cxedy6EPeQf19ss2QB1L4R5SdtcjG8FIVXtj9ZLvQxuU
X-Google-Smtp-Source: ADFU+vvUrxqwmAFpAJ4w72KxrnzC8H9m+FVLH/ntPvJElm15bLLz8Nf+V1QFERyg72u5Al3Te5sbB+/hoiUBXl4KTK8=
X-Received: by 2002:a92:9fd0:: with SMTP id z77mr11730712ilk.257.1584760313087; Fri, 20 Mar 2020 20:11:53 -0700 (PDT)
MIME-Version: 1.0
References: <CA+9kkMDvX7e0WkRMmJtf33GwMQQ1rAGny87UwneA6znCom_85Q@mail.gmail.com> <CACJ6M17rjhta9rqFHAJ_JaugRiCR7xvAChww0uO912-NayQwEQ@mail.gmail.com>
In-Reply-To: <CACJ6M17rjhta9rqFHAJ_JaugRiCR7xvAChww0uO912-NayQwEQ@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Fri, 20 Mar 2020 20:11:40 -0700
Message-ID: <CAChr6Swviqc2=B5ppmoo6Hcu7_XNi93s4Qw+OzFFMh58MMECnQ@mail.gmail.com>
To: "Chris Box (BT)" <chris.box.ietf@gmail.com>
Cc: Ted Hardie <ted.ietf@gmail.com>, ADD Mailing list <add@ietf.org>, Jari Arkko <jari.arkko@piuha.net>, Martin Thomson <mt@lowentropy.net>
Content-Type: multipart/alternative; boundary="000000000000840b3805a154c3e6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/j_j0kYArR5af4oYKi4_tk_ni1Yk>
Subject: Re: [Add] draft-arkko-abcd-distributed-resolver-selection
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Mar 2020 03:11:56 -0000

On Fri, Mar 20, 2020 at 11:23 AM Chris Box (BT) <chris.box.ietf@gmail.com>
wrote:

>
> Of course A can individually separate clients 1, 3 and 5, because even
> though they share an IP address, they've all set up separate TLS sessions.
>

Is this detailed enough? I'm not sure what you mean by "client", since each
client could be one computer with multiple resolvers. For example, Firefox
could be pointed at Cloudflare, while the system uses whatever DHCP says.
That is certainly what my MacBook does.

More subtly, the second diagram avoids all sorts of security problems along
the path to the resolvers. A very common one is compromised home routers.

thanks,
Rob

v2.23.0 | Report a Bug | By Email