Re: [Add] [EXTERNAL] Re: New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt
Victor Kuarsingh <victor@jvknet.com> Thu, 18 March 2021 15:46 UTC
Return-Path: <victor@jvknet.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B5EC3A2E2C for <add@ietfa.amsl.com>; Thu, 18 Mar 2021 08:46:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jvknet-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M7iqixzbXSSI for <add@ietfa.amsl.com>; Thu, 18 Mar 2021 08:46:35 -0700 (PDT)
Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C9FD3A2E2A for <add@ietf.org>; Thu, 18 Mar 2021 08:46:35 -0700 (PDT)
Received: by mail-wm1-x336.google.com with SMTP id w203-20020a1c49d40000b029010c706d0642so7144851wma.0 for <add@ietf.org>; Thu, 18 Mar 2021 08:46:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jvknet-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Q+ETXkoabgT8UNJwlBWtzvpfBoxOSWQGx6t3z+lfw2c=; b=urHloP43kopMcIyAmDtqk/i8Lge1+lESThl9CeVYGr4ef5QMY3IFY2VaQ+uEXZeLGP pSkzkJH8Oefh/amyB5lK/Vt/IE6W0HjfKiZwu0YNHMkH5e+gMl2O5qfxuyGEnc6oFdXC nAOSdgMnXb1IOYxZn40lgZrYX5JE3qH7Zd/9yr/jJ+tbyCFgLdXvw6IBv+jEZ/qPbFKW F2ccc6RVX1VQ4hKOgSWSZVd9XeKJDWsa+l59E95R9W9URIhiCHnAcp9TMfbzkOkjPJDx 7zAiLPn8KkgB5miPhPKlV028i65pTgFixhoNrMARAOcj4DFG0GyeFXgfTT2T003R76hR BL4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Q+ETXkoabgT8UNJwlBWtzvpfBoxOSWQGx6t3z+lfw2c=; b=J1/V6KPNr8hyzxm25p985U8oyIRWFtGgW1TlHA9piPRBvYL2jCF0G2ijyOsWS47j28 ulVP1zizgGcv3MQHwZxsOqZpS+9qqGgtNVxr1iZ5xsdqge/arDpNrkAzoWeDZe9ZdmQw W+t2yG4D4SLDoULNTxIWJIfccc6YcSmBugBMzY2bMOSHCszX5ZErQAaQG9Mr8iwM+ztA ZnkFCDUvZ9IC5wQoKpKKj1AX6c/peRu+JmmPo7SHMDPZ109LModAD9wIPiJE2n626C+r 8qOcWikBUxjEIKaaM+BoBkw5OtnK/dM1ZLZoyBg3fsyQwnNke6xqLohMHHoZPDinAv9o avvA==
X-Gm-Message-State: AOAM532LJ+6aCV64qciHGaoqf9CZl4vtCzVaz4iu3p6zberL4qwFX25y EywVGpOu6lB/JkDjXHCgvmuEK7fRNbVg1nmh+k/SZg==
X-Google-Smtp-Source: ABdhPJzJlhZUuAV3vqsxAFTWFErpwK/9riDLV7TnP/O2NfkjhD5XGQzouXh9lT3+4WRTeSsC+FP8AX4uiFXcW0L7ask=
X-Received: by 2002:a7b:c357:: with SMTP id l23mr4251636wmj.152.1616082393195; Thu, 18 Mar 2021 08:46:33 -0700 (PDT)
MIME-Version: 1.0
References: <1c618bd9-e039-2dac-80f3-1f11b7b44bc4@cs.tcd.ie> <9486D9AE-047B-4046-AB8A-74E8AB0D83B5@nohats.ca> <20210315021312.ng5xgq23kkohvsgb@family.redbarn.org> <1191373191.33078.1615799543805@appsuite-gw1.open-xchange.com> <CAHbrMsDuks_CekecsONR2USBk+TCyDy3xzdndbak2p8gsJnReQ@mail.gmail.com> <CABcZeBM7qGgt7UfN-6mJa0NHizfGsEKgzaEmkLgYkY=C2gJHgQ@mail.gmail.com> <20210317025801.rx5lehqy53xwwdn5@family.redbarn.org> <337a90e4-3ef7-0532-8429-ad0b587c30ec@cs.tcd.ie> <20210317072156.gz3da4xxisqx7p7r@family.redbarn.org>
In-Reply-To: <20210317072156.gz3da4xxisqx7p7r@family.redbarn.org>
From: Victor Kuarsingh <victor@jvknet.com>
Date: Thu, 18 Mar 2021 11:46:22 -0400
Message-ID: <CAJc3aaNsoS1RoWRVQYmVsMTXf6SiJ667be_465pzsSZ=NuPrZw@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>, ADD Mailing list <add@ietf.org>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f979ef05bdd180a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/ph8sPM3gm51oHE3XDY_QobFBNmg>
Subject: Re: [Add] [EXTERNAL] Re: New Version Notification for draft-reddy-add-enterprise-split-dns-01.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2021 15:46:37 -0000
On Wed, Mar 17, 2021 at 3:22 AM Paul Vixie <paul@redbarn.org> wrote: > On Wed, Mar 17, 2021 at 03:27:29AM +0000, Stephen Farrell wrote: > > it sometimes is, but sometimes is not. consider for example a firewall, by > which a network administrator might qualify as an on-path interferer. that > certainly breaks some stuff, but it's not a form of non-interoperability -- > it's a form of policy. and if the firewall operator has obligations to the > server operators or to the end users which obligations do require that > policy, then i think their policies should not be trivially dismissed. > This is an important point that I think may be lost in some conversations. Many of the obligations are based on a number of potential factors including corporate policy, regulatory, service provider contractual / service terms and end user (e.g. parents) needs. In each of those cases, the point of policy control is with party that has the obligation or whom they have directly delegated the responsibility. Also, often times these obligations are based on where you are physically (which building/location,country, etc) and not based on what service you are trying to reach or use. Examples of obligations: (1) obligations on protecting privacy data under GDPR, (2) corporate policy limiting what a user can reach/do based on employment terms and conditions. > > DoH as an example deliberately and intentionally prohibits firewalls from > restricting or obstructing off-network RDNS. it says so on page 1 of the > RFC -- they don't try to hide it. those of us figuring out how to cope > with a world where firewalls are deliberately and intentionally prohibited > by IETF protocol standards action may ask for some new signaling to support > our (continuing) obligations. > > > (At the same time, I do not claim all interference by on-path actors > > is "bad" - there are some benefits to firewalls, even if those also > > often become brittle, e.g. due to out-dated configs.) > > thanks for this. to me the foundational principle is that networks have > "policy autonomy" and if operators screw things up, they have themselves > to blame and their employees, customers, or families can blame them also. > to be clear, this means there is no "but", no exception whereby well > meaning software suppliers or internet protocol designers can say "yes, > it's your network, but we can't allow you to set policy for it." > In line with this and my response higher up in the chain, enforcement of policy is important. The other point in her is the route to escalation and resolution. No matter what is built and/or created, there is a non-trivial amount of support required to resolve issues inherent in technology and deployments. Operators, enterprises are filled with support teams who respond to customer/user issues and are held accountable to resolve problems. Having needed tooling and a working support stratum is essential to delivering service to users. > however, i lost that argument, so now i'm just trying to limit the damage, > which is why i'm asking for a policy signal path whereby any device which > does not obey the local network's policy can be presumed hostile to that > policy -- ignorance won't be an excuse. i've already removed all mozilla > corporation software from my networks on the basis of their DoH theatrics, > but there will be others who don't believe that on my network, my rules > actually matter. > Seems reasonable in that is attempts to remove breakage while addressing the requirement stated (network/administrator policy). > > > > -- > Paul Vixie > regards, Victor K > > -- > Add mailing list > Add@ietf.org > https://www.ietf.org/mailman/listinfo/add >
- [Add] Fwd: New Version Notification for draft-red… tirumal reddy
- Re: [Add] Fwd: New Version Notification for draft… Ben Schwartz
- Re: [Add] Fwd: New Version Notification for draft… Paul Vixie
- Re: [Add] New Version Notification for draft-redd… Tommy Pauly
- Re: [Add] New Version Notification for draft-redd… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Tommy Jensen
- Re: [Add] New Version Notification for draft-redd… Tommy Pauly
- Re: [Add] [EXTERNAL] Re: New Version Notification… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: New Version Notification… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Wouters
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: New Version Notification… Ben Schwartz
- Re: [Add] [EXTERNAL] Re: New Version Notification… Andrew Campling
- Re: [Add] [EXTERNAL] Re: New Version Notification… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: New Version Notification… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: New Version Notification… Eliot Lear
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Victor Kuarsingh
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Vixie
- Re: [Add] New Version Notification for draft-redd… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… Bill Woodcock
- Re: [Add] [EXTERNAL] Re: New Version Notification… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: New Version Notification… Ben Schwartz
- Re: [Add] [EXTERNAL] Re: New Version Notification… Ben Schwartz
- Re: [Add] Fwd: New Version Notification for draft… tirumal reddy
- Re: [Add] New Version Notification for draft-redd… tirumal reddy
- Re: [Add] New Version Notification for draft-redd… Ben Schwartz
- Re: [Add] New Version Notification for draft-redd… Vittorio Bertola
- Re: [Add] New Version Notification for draft-redd… Ben Schwartz
- Re: [Add] [EXTERNAL] Re: New Version Notification… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXT] Re: New Version Notification for … Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: New Version Notification… Ben Schwartz
- Re: [Add] [EXTERNAL] Re: New Version Notification… Tommy Jensen
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Wouters
- Re: [Add] [EXTERNAL] Re: New Version Notification… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Wouters
- Re: [Add] New Version Notification for draft-redd… Paul Vixie
- Re: [Add] [EXTERNAL] Re: New Version Notification… tirumal reddy
- Re: [Add] [EXTERNAL] Re: New Version Notification… tirumal reddy
- Re: [Add] [EXTERNAL] Re: New Version Notification… Paul Wouters
- Re: [Add] New Version Notification for draft-redd… Andrew Campling
- Re: [Add] [EXTERNAL] Re: New Version Notification… tirumal reddy