Re: [Add] [EXTERNAL] Re: Browser Administrative Authority
"Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com> Sat, 25 May 2019 15:10 UTC
Return-Path: <Glenn.Deen@nbcuni.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C711A1200B1 for <add@ietfa.amsl.com>; Sat, 25 May 2019 08:10:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4weoiGcpHyq for <add@ietfa.amsl.com>; Sat, 25 May 2019 08:10:25 -0700 (PDT)
Received: from mx0a-00176a04.pphosted.com (mx0b-00176a04.pphosted.com [67.231.157.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD6A01200A2 for <add@ietf.org>; Sat, 25 May 2019 08:10:25 -0700 (PDT)
Received: from pps.filterd (m0049465.ppops.net [127.0.0.1]) by mx0b-00176a04.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x4PF2sMs034337 for <add@ietf.org>; Sat, 25 May 2019 11:10:22 -0400
Received: from usushmgip002.mail.tfayd.com ([216.178.109.236]) by mx0b-00176a04.pphosted.com with ESMTP id 2sq0ydcfrb-1 (version=TLSv1.2 cipher=RC4-SHA bits=128 verify=NOT) for <add@ietf.org>; Sat, 25 May 2019 11:10:22 -0400
Received: from unknown (HELO potemwp00018.mail.tfayd.com) ([10.40.33.204]) by usushmgip002.mail.tfayd.com with ESMTP; 25 May 2019 08:10:21 -0700
Received: from potemwp00029.mail.tfayd.com (100.124.56.53) by potemwp00025.mail.tfayd.com (100.124.56.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Sat, 25 May 2019 09:10:19 -0600
Received: from potemwp00029.mail.tfayd.com ([100.124.56.53]) by potemwp00029.mail.tfayd.com ([100.124.56.53]) with mapi id 15.01.0669.032; Sat, 25 May 2019 09:10:19 -0600
From: "Deen, Glenn (NBCUniversal)" <Glenn.Deen@nbcuni.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: "add@ietf.org" <add@ietf.org>
Thread-Topic: [Add] [EXTERNAL] Re: Browser Administrative Authority
Thread-Index: AQHVEwfN3+iDxqeQt0KVxhcrUzj4lKZ78d8X
Date: Sat, 25 May 2019 15:10:19 +0000
Message-ID: <51A9951E-CC50-4D02-903B-5EFD1691ED32@nbcuni.com>
References: <182C9119-59F9-43FA-B116-4D45649B74B5@nbcuni.com> <94f33685-0356-67a2-0364-849079ba98ed@cs.tcd.ie> <101EC845-8AF9-42BD-8AE8-3D8912EA60F0@nbcuni.com>, <78b165af-f459-7d5d-151d-04af74394ecf@cs.tcd.ie>
In-Reply-To: <78b165af-f459-7d5d-151d-04af74394ecf@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-exclaimer-md-config: 47edc00f-f2d6-45ef-be83-8a353bd47e45
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-05-25_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905250106
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/m0ZpaK5rjGxq9N474mR5r4x7a7I>
Subject: Re: [Add] [EXTERNAL] Re: Browser Administrative Authority
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 May 2019 15:10:28 -0000
Howdy, inline.. > On May 25, 2019, at 7:40 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > Hiya, > > Coupla comments and a question at the end... > >> On 25/05/2019 15:08, Deen, Glenn (NBCUniversal) wrote: >> Hi Stephen, >> >>> On May 25, 2019, at 4:42 AM, Stephen Farrell >>> <stephen.farrell@cs.tcd.ie> wrote: >>> >>> Some) VPNs don't match that history. There are probably other >>> examples but those never caused such debate >> >> I think one important difference with VPNs is that the device admin >> likely chose to install them since many of them require admin >> authority to install.. > > Browser installs also do; or if shipped with the device then > the device vendor made that choice so I see zero difference > there. The difference is in the administrative level needed to make changes, and how that fits with the administrators and user’s expectations, as well as expectations of working with the understood administrative model of authority. > >> In most cases, the user or admin also had to >> choose to configure and turn them on. So it would be working within >> the classic administrative hierarchy. >> >> I suspect, that many would be very upset, If there was a situation >> where an application developer decided on their own to quietly >> install a user space VPN and then route all the app’s traffic through >> VPN endpoints also chosen by developer without first getting the >> users or administrators agreement and full awareness. >> >> Further, if the app and it’s VPN resulted in a variety of other >> things breaking that were important to the user, such as security and >> machine configuration, I suspect the application would soon be the >> subject of massive debate. >> >> Hence the debate this is causing. > > Gotta say I don't agree that the above's that valid. Minor > VPN products misbehave all the time in way worse ways and > don't cause this level of debate. I think we ought be clear > that the volume or traffic and number of users involved is > why we're getting this level of debate, not architectural > (im)purity. Certainly, the scale of users affected here is raising the level of attention and impact. Some minor VPN not working isn’t really going to affect many users or cause much disruption. But at scale it makes a lot of users unhappy, and can also cost organizations a lot of money due to support calls and problems. > >> To be clear, my analysis was not in any way expressing a concern for >> the DoH protocol. It was to highlight that the proposed application >> level changes were violating a well established security and device >> management architecture and with that choice comes unintended side >> effects. > > Sure. > >> >> We have examples of such conscious choices to bypass established >> hierarchies in other contexts - If a network protocol did something >> similar, we’d call it a layer violation. Programmers have >> encapsulation violation. >> >> With each choice to violate architectural hierarchies, > > Using terms like "violate" is likely to irritate those in > favour of applications making these choices, just like > network operators get irritated when folks describe the > network as being hostile. Neither term is wrong but it's > not particularly useful for us to irritate one another > either;-) Sorry, my use of the word “violate” was chosen because it’s the term of art for when protocol layers and data encapsulation in objects is bypassed or not observed. It was not in anyway meant to irritate. > >> there is often >> a driving motivation to get something done; For those of us who have >> crossed the line and done such things, the lesson of needing to >> properly and fully deal with unintended side effects is something I >> for one have come to learn and respect. >> >> I am also worried about the notion that we need just push it through, > > Push what through? DoH is done as an RFC. What other "it" do think > is needed? (That might result from this debate.) I was responding to your original notes assertions that I read to be about not getting stuck in a perpetual debate in search of perfection. (Because the ietf never does that!) My understanding was that this list was being used to additionally discuss and explore the impacts and consequences of proposed DoH architectural deployment choices. So what I was saying is that I hope the community of internet and web architects and those who build the applications and systems take the time to get the proposed deployments right because the scale of the impact of the choice of deployment approach is very very large here and it will amplify any unintended side effects. -Glenn
- Re: [Add] Browser Administrative Authority Tom Ritter
- [Add] Browser Administrative Authority Deen, Glenn (NBCUniversal)
- Re: [Add] Browser Administrative Authority Adam Roach
- Re: [Add] Browser Administrative Authority Cook, Neil
- Re: [Add] Browser Administrative Authority Tommy Jensen
- Re: [Add] Browser Administrative Authority Tom Ritter
- Re: [Add] Browser Administrative Authority Tommy Jensen
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] Browser Administrative Authority Melinda Shore
- Re: [Add] Browser Administrative Authority Cook, Neil
- Re: [Add] Browser Administrative Authority Stephen Farrell
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Melinda Shore
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Ebersman
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Erik Kline
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Christian Huitema
- Re: [Add] Browser Administrative Authority Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… tirumal reddy
- [Add] publication of DoH Resolver policies Jim Reid
- Re: [Add] publication of DoH Resolver policies tirumal reddy
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Neil Cook
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… tirumal reddy
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] publication of DoH Resolver policies Livingood, Jason
- Re: [Add] publication of DoH Resolver policies Winfield, Alister
- Re: [Add] publication of DoH Resolver policies Petr Špaček
- Re: [Add] publication of DoH Resolver policies tirumal reddy
- Re: [Add] publication of DoH Resolver policies tirumal reddy
- Re: [Add] [EXTERNAL] Re: publication of DoH Resol… Winfield, Alister
- Re: [Add] [EXTERNAL] Re: publication of DoH Resol… tirumal reddy
- Re: [Add] Browser Administrative Authority Livingood, Jason
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Livingood, Jason
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Livingood, Jason
- Re: [Add] [EXTERNAL] Re: publication of DoH Resol… tirumal reddy