Re: [Add] [Ext] Updated charter proposal for ADD
Paul Hoffman <paul.hoffman@icann.org> Wed, 15 January 2020 17:28 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28774120885 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 09:28:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZWdVrdNGsFPV for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 09:28:47 -0800 (PST)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4893A1208AA for <add@ietf.org>; Wed, 15 Jan 2020 09:28:47 -0800 (PST)
Received: from PFE112-CA-1.pexch112.icann.org (out.west.pexch112.icann.org [64.78.40.7]) by ppa4.dc.icann.org (8.16.0.27/8.16.0.27) with ESMTPS id 00FHSh3H009433 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 15 Jan 2020 17:28:44 GMT
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 15 Jan 2020 09:28:40 -0800
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1497.000; Wed, 15 Jan 2020 09:28:40 -0800
From: Paul Hoffman <paul.hoffman@icann.org>
To: Ted Lemon <mellon@fugue.com>
CC: ADD Mailing list <add@ietf.org>
Thread-Topic: [Add] [Ext] Updated charter proposal for ADD
Thread-Index: AQHVy7sS3dTn6q33TECqcNmmmuiki6fsbWiAgAAIXACAAAtVgA==
Date: Wed, 15 Jan 2020 17:28:39 +0000
Message-ID: <6129ADF8-E55A-41CF-A193-0070636B223D@icann.org>
References: <236B0A34-8C7F-49D2-8075-5AF5AC35BDFB@apple.com> <AD6E599F-96E8-44FC-8A05-8BFD2F659129@icann.org> <66C24EE6-5C7B-4788-AE26-06B900915010@fugue.com> <A78BD5D2-A95E-43BA-A70E-46040C691AC0@icann.org> <85F15EAE-6933-451D-A04F-3DE2907603FB@fugue.com>
In-Reply-To: <85F15EAE-6933-451D-A04F-3DE2907603FB@fugue.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_F9E3B914-4912-4A40-A265-3874A4C29F0E"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2020-01-15_02:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/poWu9j7tllrWJoiR3tjl6bRIhyM>
Subject: Re: [Add] [Ext] Updated charter proposal for ADD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 17:28:52 -0000
> On Jan 15, 2020, at 8:48 AM, Ted Lemon <mellon@fugue.com> wrote: > > On Jan 15, 2020, at 11:18 AM, Paul Hoffman <paul.hoffman@icann.org> wrote: >> The first sentence is well-intentioned but does not usually lead to useful text in documents. The second sentence assumes that there are methods that can be cryptographically validated: as I said above, I do not believe they exist. > > Of course such mechanisms exist. The problem is that they can’t happen without some explicit trust establishment mechanism, which necessarily requires manual intervention. Fair point. They exist but they cannot be used in the Internet as we know it. That's why I believe they are not worth mentioning in the WG charter. > What I want to capture is that any mechanism that the ADD WG comes up with that doesn’t have a trust establishment mechanism doesn’t override a mechanism where trust has been established explicitly unless there’s some specific reason why that’s the right thing to do. E.g., Tommy I think mentioned, and this is a use case I deal with regularly as well, that you might be connected to a network that uses a split-dns configuration where if you query a public resolver, you just won’t get an answer for some domain. I think that there is a pretty strong motivation from some of the participants to support a use case for CDNs; figuring out how to do this seems like it would be very much worthwhile, even if such a mechanism doesn’t come with an explicit trust relationship. > > I would expect that a trust establishment mechanism based on the ANIMA on-boarding process (IETF) or the Thread commissioning process (Thread Group) would also be cryptographically verifiable, since devices commissioned using either mechanism can in fact cryptographically validate that they are connected to a particular network; it’s not a big step past that to validating the resolver. In both those models, I believe, an individual specifies a source of trust and a public key for that source of trust. From that point forward, the source of trust can announce anything it wants; all that remains to define is an announcement format and expected communications paths. That seems fine. > If course, for a device that doesn’t have any such configuration established, a simple DHCP mechanism or RA mechanism for getting opportunistic security is still very much worth doing. Fully agree. > That said, I think it is in scope for the WG to talk about configuration mechanism that require manual intervention and do establish cryptographically verifiable trust. Do you disagree with that? To me this seems like an important part of the problem space. I strongly disagree with the second part of the first sentence "and do establish cryptographically verifiable trust", which is why I disagree with the inclusion of text in the charter that hints that this WG has any part in the setup of trust. In my view (which at least some others seem to share), either you have cryptographic trust to a source already set up (ANIMA, old skool secure DHCP, Some Vendor Says So, ...), or you have none and whatever you hear on the network can only be trusted by leap of faith. All proposals between those have historically led to ratholes, and thus I would like to leave them out of the charter. --Paul Hoffman
- [Add] Updated charter proposal for ADD Tommy Pauly
- Re: [Add] Updated charter proposal for ADD Neil Cook
- Re: [Add] Updated charter proposal for ADD Paul Adair
- Re: [Add] Updated charter proposal for ADD Diego R. Lopez
- Re: [Add] [Ext] Updated charter proposal for ADD Paul Hoffman
- Re: [Add] Updated charter proposal for ADD Livingood, Jason
- Re: [Add] [Ext] Updated charter proposal for ADD Robert Mortimer
- Re: [Add] Updated charter proposal for ADD Andrew Campling
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Dave Lawrence
- Re: [Add] Updated charter proposal for ADD Jari Arkko
- Re: [Add] [Ext] Updated charter proposal for ADD Paul Hoffman
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Alissa Cooper
- Re: [Add] [Ext] Updated charter proposal for ADD Paul Hoffman
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] [Ext] Updated charter proposal for ADD Andrew Campling
- Re: [Add] [Ext] Updated charter proposal for ADD Barry Leiba
- Re: [Add] Updated charter proposal for ADD chris.box
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] [Ext] Updated charter proposal for ADD Brian Dickson
- Re: [Add] [Ext] Updated charter proposal for ADD STARK, BARBARA H
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Brian Dickson
- Re: [Add] [Ext] Updated charter proposal for ADD Stephen Farrell
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Deen, Glenn (NBCUniversal)
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] [Ext] Updated charter proposal for ADD Martin Thomson
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Brian Dickson
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- Re: [Add] Updated charter proposal for ADD nigel.tedeschi
- Re: [Add] Updated charter proposal for ADD Smith, Kevin, Vodafone Group
- Re: [Add] [Ext] Updated charter proposal for ADD Andrew Campling
- Re: [Add] [Ext] Updated charter proposal for ADD Ted Lemon
- Re: [Add] Updated charter proposal for ADD Vittorio Bertola
- Re: [Add] [Ext] Updated charter proposal for ADD Patrick McManus
- Re: [Add] [Ext] Updated charter proposal for ADD Paul Hoffman
- Re: [Add] [Ext] Updated charter proposal for ADD Patrick McManus
- Re: [Add] [Ext] Updated charter proposal for ADD Brian Dickson
- Re: [Add] [Ext] Updated charter proposal for ADD Rob Sayre
- [Add] Food for thought? Mohit Sethi M
- Re: [Add] Food for thought? Mohit Sethi M
- Re: [Add] Food for thought? Ted Lemon
- Re: [Add] Food for thought? tirumal reddy
- Re: [Add] Food for thought? Ted Lemon