Re: [Add] What to do in this potential working group
Tommy Jensen <Jensen.Thomas@microsoft.com> Wed, 21 August 2019 13:41 UTC
Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79B07120963 for <add@ietfa.amsl.com>; Wed, 21 Aug 2019 06:41:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H1sz6U9G2Thy for <add@ietfa.amsl.com>; Wed, 21 Aug 2019 06:41:42 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-dm3nam06on071a.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe56::71a]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AEC912002F for <add@ietf.org>; Wed, 21 Aug 2019 06:41:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c16R3r1r/7G+1iQkLILZ8Im4x8KjengkM4P+Ka8LtYDTxzNEXU6uaSd9y0G9PnVmQ1l+0CgbZ+15KewJyTTTtP5fvilFrkOPtAM3kevJY10YhIf8v7ijHRaC7P52HukZkfkIcr5uA5iB1EGcyYyMk8YJ/pUdIoCqt3UROnzs8Znd/E+ZLKCEBPqqZ85PVtVoJ67FGkha86WyNj8TQ67WvQsoMbHssl6rNhUly2rqsrz81Xm3M5Mdi5lNBJScXNO+rkSOkAxMiEeNjcYbGU2AnSD5EGW5scFtT7NB9cupf1FgCq/InrkF3ROW+/DuS/GN4r0Hy7FM4ozK7Gc4CuP1aA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ptZe1KVLjX6e/kLnkyVKC/4/Bh3qbAsutAKiCdIQYWQ=; b=hu9CeTWGDAiMPkPnv3HSZ7I+fZxDjMl+Iv/5Hpolw1U7oxorYY8+U2h1kcBlcu/u05uqIoPDA15TD/pRhl43SlcgFC+qyPUvAKLBPGpeUmPSJ/SNxsZhkgeCB8StR7gdSKTEuGPORdoU8jrp3+N8mEWe/ErZTeABD4Fzqy1G6GyJWJ1j50M4PpUPPRfLCyWLUzOMnOdH1KHm5tDSimj1rpzTZHINxMklTZdvvHYz8Hdt5jKPCTQuZd99MfRUBlSJveE/em24SxY2JoiK/kDefnDLluHfY+gi+2sduI9tLWE9FXKhPsx1RHwAWlD2gcI5Iks7FTaWRGsQSoO5bSFfTA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ptZe1KVLjX6e/kLnkyVKC/4/Bh3qbAsutAKiCdIQYWQ=; b=JzikCQEY0WEE7pRXP+o0Nn6fGKegETORDf/zXFuVzmSyvQvgFUCGokjmMXj6JDDC6DND4y25risby206BjXQ4pJtZTOR28ipOa/J1C4TVP8dx5coYU5r1BPT4YyDitOkCCz/CxGgzicoJzNKsiV+3ndkRdKNmetKzdUkDbvkMoY=
Received: from CO2PR00MB0069.namprd00.prod.outlook.com (10.166.215.135) by CO2PR00MB0216.namprd00.prod.outlook.com (10.166.214.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2232.0; Wed, 21 Aug 2019 13:41:33 +0000
Received: from CO2PR00MB0069.namprd00.prod.outlook.com ([fe80::fde6:4e4f:4f2f:2cae]) by CO2PR00MB0069.namprd00.prod.outlook.com ([fe80::fde6:4e4f:4f2f:2cae%9]) with mapi id 15.20.2238.000; Wed, 21 Aug 2019 13:41:33 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, Jari Arkko <jari.arkko@piuha.net>
CC: ADD Mailing list <add@ietf.org>
Thread-Topic: [Add] What to do in this potential working group
Thread-Index: AQHVV5IgfN2/dHLA30mC7zQtvTMK5KcFRa+AgAAo9ICAAB6tgIAADsvX
Date: Wed, 21 Aug 2019 13:41:32 +0000
Message-ID: <CO2PR00MB0069BAEABBD9BD202B146461FAAA0@CO2PR00MB0069.namprd00.prod.outlook.com>
References: <A1128702-1E19-4657-9740-E84AE09992F2@piuha.net> <CABcZeBMfOTjq-8hDDoKMtJvfHUA5nC8o60zuk-2Xe-ZhfwriJQ@mail.gmail.com> <766112E1-F532-4C6B-8CA8-A096671E02EE@piuha.net>, <079D125A-B2F0-41B3-A6F6-CAAFA7F51E6D@cisco.com>
In-Reply-To: <079D125A-B2F0-41B3-A6F6-CAAFA7F51E6D@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Jensen.Thomas@microsoft.com;
x-originating-ip: [2601:600:a080:7f23:f82a:7616:fed5:c4c2]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3b65c407-d5bb-44f0-0a6b-08d7263d4794
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600158)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:CO2PR00MB0216;
x-ms-traffictypediagnostic: CO2PR00MB0216:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <CO2PR00MB0216FA4F782D1520B32AAF82FAAA0@CO2PR00MB0216.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0136C1DDA4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(346002)(136003)(396003)(39860400002)(376002)(366004)(189003)(199004)(7736002)(6506007)(229853002)(8676002)(66574012)(6116002)(478600001)(236005)(8936002)(6436002)(5660300002)(606006)(52536014)(71190400001)(8990500004)(81166006)(81156014)(966005)(14454004)(10090500001)(14444005)(256004)(2906002)(102836004)(7696005)(76116006)(11346002)(66946007)(6246003)(33656002)(66476007)(486006)(25786009)(476003)(99286004)(110136005)(53546011)(66446008)(64756008)(71200400001)(9686003)(53936002)(10290500003)(55016002)(22452003)(54896002)(46003)(74316002)(86362001)(76176011)(66556008)(4326008)(316002)(186003)(446003)(6306002); DIR:OUT; SFP:1102; SCL:1; SRVR:CO2PR00MB0216; H:CO2PR00MB0069.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: telfhPDehLMlNJCDbxZ3j6VkQbHjRDkOwP5qgAO2bpmIHO6SiGQGPyCnN8IjkZyQgUvVp7HLSitdVPrK7fxnRGa6te0NUl7fBKRL+b2HGprGon7wmpWaU6AXgpigO6eYxXcDIbFAdnZaP2HpjtB+8c4fOmPD5Z45hyuA0eC8KjbTABGSkgZGF93F5Lq6kw4p+9LrhoWEno03OL5k/KkboLObkkXY/ZzfPubaBCUNyB3UyxO8fKmqa5z01CICKuV9YE32n3H1vp89bmhoal8d8RjOZ/I017JEQqz3U4L8gwOZbZyT0MGEGnA1vMYiFdNtukEtPZ9BOT7CgPbiPpUUn8acVwnwjswTTOv8gi1AaLkeC3h9PDZpkoSI9BnMWSn6M07gk0WxQpCOsmUV0w2Yz8ThLEtay0moJG5zux6uYEY=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CO2PR00MB0069BAEABBD9BD202B146461FAAA0CO2PR00MB0069namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b65c407-d5bb-44f0-0a6b-08d7263d4794
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Aug 2019 13:41:32.8520 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: KHFd4oqOMfUvIIL6vTTiNMw/yUu745QxaVtPCsyDZj/v4d4IkN7Hf/bwpRtM98ifkUof4A/TJGAG9mzNpyYCtQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO2PR00MB0216
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/suV-kby3gabMGVtcnsHN8l7eOjE>
Subject: Re: [Add] What to do in this potential working group
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2019 13:41:46 -0000
I’d like to point out one other point in the context of centralized data being a drawback: data breaches. Every company is susceptible to them, and centralized data requires fewer breaches to occur in a given time window to gain access to the entire data set. This, unlike the data mining potential, doesn’t require nefarious intent by the data holder. Thanks, Tommy ________________________________ From: Add <add-bounces@ietf.org> on behalf of Eric Vyncke (evyncke) <evyncke@cisco.com> Sent: Wednesday, August 21, 2019 5:44 AM To: Jari Arkko <jari.arkko@piuha.net> Cc: ADD Mailing list <add@ietf.org> Subject: Re: [Add] What to do in this potential working group Let me chime for once in this heated discussion as an individual Internet user: Jari, you are 100% right (except perhaps the order of your list, I would have put the critical part on the top as companies can go bankrupt) -éric On 21/08/2019, 12:55, "Add on behalf of Jari Arkko" <add-bounces@ietf.org on behalf of jari.arkko@piuha.net> wrote: Ekr, I fully realise that there will be differences of viewpoints when it comes to the trustworthiness of individual DNS service providers. But I was trying to make a different point. While we may disagree which provider I’d like to use for the DNS service, I think it would be quite reasonable for us to agree that if all of us put our all our queries in one place (whatever that is) that this causes severe problems: - That place becomes immensely valuable from a commercial data mining perspective. There’s a risk that it will at least at some point be used for data mining, despite whatever the intentions of the people who set this system up now is. - That place becomes immensely interesting to for governments to tap. There’s a risk that this tapping is either already happening or will be happening going forward, despite best intentions of the people who set it up or who manage it. - That places becomes critical infrastructure and a weak point that we do not need in the Internet. As a result, I would like to suggest that the IETF actually concludes the above and recommends against this practice. For whatever it is worth, I can understand some motivations for doing something like this e.g. in browsers. Some good reasons and potentially also some not so good reasons. But even with that background, it is difficult for me to imagine a worse act for the Internet than making browsers call home for every action of the user. The privacy impacts for the users are unimaginably bad. A few years ago we realised that surveillance organisations were looking at people's traffic, and we managed to change the Internet to protect this traffic with cryptographic means. I think it is to think about the next step, and ensure that we don’t create an Internet architecture that puts everyone’s data at central location. Obviously, encrypted DNS is still hugely important, as are global DNS services. However, the deployment model of using one (or a small number of) providers is just wrong. That would be fixable. Jari -- Add mailing list Add@ietf.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fadd&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C247f87f759f74ee1a6f708d726356c91%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637019883216567214&sdata=chzaUKs41KYywrMc5A352%2ByvtNWAspAKy3tkVz5iT%2Bw%3D&reserved=0 -- Add mailing list Add@ietf.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fadd&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C247f87f759f74ee1a6f708d726356c91%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637019883216567214&sdata=chzaUKs41KYywrMc5A352%2ByvtNWAspAKy3tkVz5iT%2Bw%3D&reserved=0
- [Add] What to do in this potential working group Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Orth
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Vyncke (evyncke)
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Tommy Jensen
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… David Conrad
- [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] data integrity and DNSSEC or DoH/DoT David Conrad
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] Unstated assumptions in What to do in t… John Levine
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Martin Thomson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Daniel Stenberg
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Martin J. Dürst
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Willem Toorop
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rubens Kuhl
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] What to do in this potential working gr… Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Andrew Campling
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett