[Add] Charter proposal for ADD

[Tommy Pauly <tpauly@apple.com>]

Hi ADD,

As our discussion on the proposed charter has quieted down, I wanted to send a brief update and summary.

The main point of discussion was the paragraph on security requirements that began "Any mechanisms that...". As many people stated on the previous thread, the necessity for security considerations and security area review in work produced by an IETF working group is already well-established, so this text is not needed specifically in this charter. There were some proposals to tweak the language, but on the whole, it seems that we can live without that paragraph.

Jari also had a good suggestion to include a sentence about the impact of resolver selection (on reachability and privacy, etc). After looking at adding that text, I am concerned that adding it to the charter gets into too many details that really belong in the WG documents, particularly around how to assess the "privacy" implications of choosing one resolver over another. The charter does indicate that these mechanisms are being used to "provide benefits to the security and privacy of DNS data", and it does cover reachability with the example of "a resolver may be able to resolve private or local names...". As such, I'd prefer to not add any new sentence for now (and Jari indicated he could live with the text as is!).

I've included the updated proposal, which matches the previous proposal and removes the text on security requirements. Based on the previous thread, this should represent the consensus of the list.

Barry, can you help get this started in the process of chartering?

Best,
Tommy



Adaptive DNS Discovery (ADD)
====================================
Proposed Working Group Charter

Sending DNS messages over encrypted transports, as defined in DNS over
TLS (DoT) [RFC 7858] and DNS over HTTPS (DoH) [RFC 8484], provides
benefits to the security and privacy of DNS data. Clients, such as
applications and host operating systems, have started adopting these
protocols to provide these user benefits.

This working group will focus on discovery and selection of DNS resolvers
by DNS clients in a variety of networking environments, including public
networks, private networks, and VPNs; supporting both encrypted and
unencrypted resolvers.

Clients adopting encrypted DNS protocols need to determine which DNS
servers support encrypted transports, and which server to use for specific
queries if multiple servers are available. These decisions can vary based
on the network environment, and also based on the content and purpose of
the client queries.

Network operators that start offering DNS encryption on their servers also
need a way to indicate this support to clients. Communicating information
about resolver configuration and behavior allows clients to make more
informed decisions about which DNS servers to use. For example, a resolver
may be able to resolve private or local names as a split DNS server.

The Adaptive DNS Discovery (ADD) working group will work on the following
deliverables:

- define a mechanism that allows clients to discover DNS resolvers,
including encrypted DNS servers, that are available to the client
either on the public Internet or on private or local networks;

- define a mechanism that allows communication of DNS resolver
information to clients for use in selection decisions;

- develop an informational document that describes how client
applications and systems can manage selection of DNS resolvers
in various network environments and use cases.

This working group will coordinate with dnsop, doh, and dprive for any
changes required in DNS protocols. It will also work with capport to
ensure that solutions are applicable to captive networks.