Re: [Add] My principles for discovery

Michael Richardson <> Thu, 26 March 2020 20:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 912DD3A0DED for <>; Thu, 26 Mar 2020 13:45:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XvHN5_u73Gro for <>; Thu, 26 Mar 2020 13:45:31 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 53CFB3A0E7C for <>; Thu, 26 Mar 2020 13:45:31 -0700 (PDT)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id F112438981; Thu, 26 Mar 2020 16:44:04 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by (Postfix) with ESMTP id 3C118D03; Thu, 26 Mar 2020 16:45:30 -0400 (EDT)
From: Michael Richardson <>
To: "Martin Thomson" <>,
In-Reply-To: <>
References: <>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 25.1.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Thu, 26 Mar 2020 16:45:30 -0400
Message-ID: <13333.1585255530@localhost>
Archived-At: <>
Subject: Re: [Add] My principles for discovery
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 26 Mar 2020 20:45:40 -0000

Martin Thomson <> wrote:
    > As I raised this in the meeting, I think that it's only fair that I
    > include what I think the principles should be.

Thank you.

    > In short, I believe that any entity that you interact with should be
    > able to present their views on what resolver you should use.  Client
    > policy will then dictate which - if any - of those is used.
    > Authentication of the source of these opinions is likely a necessary
    > input for the client policy decision.

I find this a surprising suggestion.
Will I get different answers if I ask different entities the same question?
This seems to fall into MIF space, and I don't think that you mean to go there.

    > It is discussing client policy that has caused us to get into
    > unproductive discussions.  To be clear, I regard the question of
    > whether it is users or the software they choose to run that make policy
    > decisions to be firmly part of this discussion.  We might variously
    > lament the ability of software to properly reflect the wishes of users,
    > but this is not the place to debate that.


    > That doesn't mean that you should expect the person serving you
    > sausages at a local deli to offer an opinion on what resolver you
    > should use.  But we should look to provide ways in which entities that

Let me expand upon your scenario.

is it: "if you want mustard, you must ask at the counter"
or:    "if you ask at the counter, I'll give you (free) internet"

    > * The operating system configuration.
    > * Various "owners" or stakeholders for the endpoint, such as an employer or a government (this might not extend all the way to full control of the device MDM-style, but it might still be relevant to the client policy).
    > * Application configuration.

    > I don't personally see a lot of value in having entities other than
    > those from the first set of three stand on soapboxes to broadcast their
    > opinions about resolver choice, but there is nothing fundamentally
    > wrong with having other sources of opinions.  So while the IETF could
    > provide more protocols, it's not a good use of our time and resources
    > unless we expect that the information would be acceptable to genuine
    > client policies.


    > When it comes to setting policy, authentication is important.  When
    > making a decision about whether to use a particular resolver, depending
    > on the policy you have, it might be important that you know whose
    > opinion is guiding the decision.  If you want a server that doesn't
    > store logs of queries for longer than a certain time, then I'm not
    > aware of a technical mechanism for verifying that claim.

So, to be clear, there is running code for verifying the claim, and a
successful business transaction to do this.
RATS will give us open-standard was to execute the entire stack, but it can
be done in proprietary verticals today with third party auditors.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]        |   ruby on rails    [

Michael Richardson <>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-