IETF Logo Mail Archive

Re: [Add] [Ext] Updated charter proposal for ADD

Patrick McManus <mcmanus@ducksong.com> Fri, 17 January 2020 17:22 UTC

Return-Path: <mcmanus@ducksong.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98389120089 for <add@ietfa.amsl.com>; Fri, 17 Jan 2020 09:22:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ducksong.com header.b=Fr4pTBkC; dkim=pass (2048-bit key) header.d=outbound.mailhop.org header.b=d9xYxHpg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zmvgXYCx2HlF for <add@ietfa.amsl.com>; Fri, 17 Jan 2020 09:22:39 -0800 (PST)
Received: from outbound1b.ore.mailhop.org (outbound1b.ore.mailhop.org [54.200.247.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4710012007A for <add@ietf.org>; Fri, 17 Jan 2020 09:22:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1579281759; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=JVFNTK444a0fPD5MZm7tr7Nk9jWnaAIV/VU4be0CR0aFIAXAFSMfyDEcxweyRj89ABUcxuoO8Oj2y x5ydZCGLhVk1wIiJw1/F/ZxOd+qT6Rj1CLQSJ4uNcjGoEgbSA6DDQrDh8AyxkEl+EpqWqLXH44Ksec E3lUQdG6pWIZtOB4grZJB1eOPMjBBx0FehDCMXd4nSlIh1HmR0FrIYLq5vY44ojqE1S2eR5qQY2yC9 brRKLzbL4LuhoYqetDXBeZSzVw27HZq61do7ve5QWXAoGPL+XdynIx3wacYS0G8TbBTTnak5i5mC6C ayk3mBSYwtrWadafcVTOX6bpaYTWhSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:dkim-signature:dkim-signature:from; bh=4Szo4stmxoNUp29LboTMrq7AqQXwevaTunnwfUiJAHU=; b=U08AnKl0A9xKdAPeDRI51ywBaL0Hy4/8p+A/LyAYGXPHLlvh2r5a8YpR9UJykpIlMO5lGbbPrvdr5 IZJTSmNKFoD2y6CFb1hb8H1vcNaMTDsUbNnk4EKzaKTPL7zsJcPaAgFojvuCmsHIn5IPF992xb4jiv 2ZlxlBKC1/mnTn8K2a/zJSjtiN+4Tt8LWGSzxnQruPyurkZ8oux+by4vTSSEaoS4Uj3sbH+WHuRrWs cwuMQytH0bSXXmcZb1oaGitYtkWTDnw77kCBPiKZCV2MS5WreufVDme7MaREZ6onhazK2isd658O2X w5CbnVSU5/OSW3eePhIkhDdIUH0PoOQ==
ARC-Authentication-Results: i=1; outbound3.ore.mailhop.org; spf=pass smtp.mailfrom=ducksong.com smtp.remote-ip=209.85.167.172; dmarc=none header.from=ducksong.com; arc=none header.oldest-pass=0;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ducksong.com; s=duo-1537391512170-ea99bbb3; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=4Szo4stmxoNUp29LboTMrq7AqQXwevaTunnwfUiJAHU=; b=Fr4pTBkCD6dByBv069r9pFntsG+UFEyXWWGviLfkJm+uN7SgRU+fWBhfvO9grxQr/2w4j10l1rr94 0H3d3CZfXIXoFtCL5F4SnKt618fYbcQiTPxaYDRnb/Eq8r5m/zYK1bwhgbhYdGhGPJ3VkBsV2TMI5r Pm6kdYDaSx9Ztns4=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=4Szo4stmxoNUp29LboTMrq7AqQXwevaTunnwfUiJAHU=; b=d9xYxHpgK1233vfHYyEFqKiUvwnpejtVfxLf01NVj4BTV3T0GAGXSgM6p1dLc9bpCZqhl2oAOnhAT VakORhR68EHyE3g/jPTBvDgWyozFzxk+eijGl1JqeSQsR06mG1TV98ujvYVUru5u9ZlevltmL6eYM0 ciNOZaOjL+/cVP6grssdf7k7kbdNgWmuPynXoao4WFAqZD3aZPz7XVi8fd11dG60aQP/JKxJhYmEZy AlAQSIbHFts7QGIodiW1bqjxyVAVaImOLdUv1NIUbfdbuCpUCcAh6cIErajr7E+LcDW2/Cw0p3T7xo HTdpKMYqSRFnd/aCpdyyABB6Td06zIw==
X-MHO-RoutePath: bWNtYW51cw==
X-MHO-User: f4d9d989-394d-11ea-b80d-052b4a66b6b2
X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information
X-Originating-IP: 209.85.167.172
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from mail-oi1-f172.google.com (unknown [209.85.167.172]) by outbound3.ore.mailhop.org (Halon) with ESMTPSA id f4d9d989-394d-11ea-b80d-052b4a66b6b2; Fri, 17 Jan 2020 17:22:38 +0000 (UTC)
Received: by mail-oi1-f172.google.com with SMTP id d62so22799683oia.11 for <add@ietf.org>; Fri, 17 Jan 2020 09:22:37 -0800 (PST)
X-Gm-Message-State: APjAAAXAzoi0GWs13Xdn9KlDV0y3/pnDVIVsrTqLAxf5Y0kpMYOfes7N uCJAgh5VRFgxICt9cW7KnRBiJdXHO5ToJF/rkCY=
X-Google-Smtp-Source: APXvYqyN1M3KEU6c/2H0ZQ0Xej1X67M3qD042n4oY3a3NMok4M3Q/nq5pEyEpY3LKg9tsHnQdvcItKEivS8UEY1gcE0=
X-Received: by 2002:a05:6808:6d6:: with SMTP id m22mr4037855oih.138.1579281756961; Fri, 17 Jan 2020 09:22:36 -0800 (PST)
MIME-Version: 1.0
References: <CAChr6SwZMid9ruggYAu5bqBEcujhczp34mJ=TZPAjSXw50ZBKQ@mail.gmail.com> <C70ECC76-7431-4FC2-B555-0E1D8D82B449@nbcuni.com> <CAChr6SwYtJh84CLE9n+fuqjdFAaSzNP=aFKqa70KY=Mx+F76MQ@mail.gmail.com> <CWXP265MB0566FDF1030771C6916BE37AC2360@CWXP265MB0566.GBRP265.PROD.OUTLOOK.COM> <F82221F8-35B8-497F-8AA9-F2405000650F@fugue.com> <CAOdDvNqyJhu_q8ALpBeg=zcjyUpHW=fpTxSsoCV0_c=oiXg=pA@mail.gmail.com> <7B424818-0F38-44E7-8EDE-165E96A6221A@icann.org>
In-Reply-To: <7B424818-0F38-44E7-8EDE-165E96A6221A@icann.org>
From: Patrick McManus <mcmanus@ducksong.com>
Date: Fri, 17 Jan 2020 12:22:25 -0500
X-Gmail-Original-Message-ID: <CAOdDvNoh0DRzNr-XC9MxQZLyTEbADLyeGL_7tASwbOV9zD__9w@mail.gmail.com>
Message-ID: <CAOdDvNoh0DRzNr-XC9MxQZLyTEbADLyeGL_7tASwbOV9zD__9w@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001fc223059c5930e8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/lLX5W9JeQ_gOfWmH6wpfblcCi2c>
Subject: Re: [Add] [Ext] Updated charter proposal for ADD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jan 2020 17:22:44 -0000

On Fri, Jan 17, 2020 at 10:28 AM Paul Hoffman <paul.hoffman@icann.org>
wrote:

> On Jan 17, 2020, at 7:16 AM, Patrick McManus <mcmanus@ducksong.com> wrote:
>
> This proposal rules out any solution that does not mandate the client
> (such as an operating system) having an up-to-date set of cryptographic
> trust anchors (such as the web PKI or other crypto initialization by
> vendors).


I would expect the operating system vendor to manage its trust anchors.
Using a device that is so out of date that it can't do that isn't giving
you any security - so the lack of DoH is hardly its biggest problem. But it
would be a giant problem if we built a system that undermined the
authenticated properties of DoH for the common case in order to
accommodate that.

v2.23.0 | Report a Bug | By Email