IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00

Tommy Jensen <Jensen.Thomas@microsoft.com> Tue, 16 July 2019 16:30 UTC

Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BF041208B6 for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 09:30:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6T07hbLzmVTl for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 09:30:04 -0700 (PDT)
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (mail-bn3nam04on0708.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe4e::708]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94A6A1208F9 for <add@ietf.org>; Tue, 16 Jul 2019 09:29:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KEazhYEs48OH+sWYrrrHI+gWnk+fpRq4nHYb+9XO5NjFXfA0jWLQssoE5RiKIFYUq16ZL4KkZTwhLZmt4spNOafgGadtU13NBJWt3UiNj4Jat28ClmCAee0swq5U0uLaXhfucnO2rFfT/ROE5l9wvSOx85t5hT7LjIeCTUXhnkymlmH7lCWGgW4uKsWdHx/yQDQAJZp5Zjz0mRbZpQZtr7lX7gQgNyE1kVFtydYN0asnUOHj1Flq1r584h9qx9I1KNOjngU299j77r2EgwBdxAoi2hvG2yvauBZVnc44QEtcurZ0SFN8J3uK7B78LPBuZ3k/pxxxCY2e1pD/YjN5og==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rz6/dlg8M2miv/SBINacZe7qTOS5WfSp1gSmddmbTtw=; b=Fy+uZ+RTr6dCUph8g/hSzfeQfdS1I03ascA3CfK0rlfH9ga4zMPodrgryCsQJ6PkYGPIqRM3u/ZgUEwIi/PdhDRdEmxadeELshFBEjgmKda0rfZZgTODqZ0VoYQuoHX2gaN4k1pdfZi+rCL8HMSgkVevCbFCrb8rUrwUBpE/qAyzzC2/VdrgeQlE4/UKGh4ehq3KjFzl3ndXMg3IQ99bLld7L27OWzDsxL5Jj4N9uRGVG6Ib1tp38Q9G9GuguJrKaaKo1Rh6eoUS0EWc/w8DozRetOOwbnMEnATIKUR0xeLGCHM3meX/P2GWceiTTKHkPYVbb8R6XH6X/06LjX6h6g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=microsoft.com;dmarc=pass action=none header.from=microsoft.com;dkim=pass header.d=microsoft.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rz6/dlg8M2miv/SBINacZe7qTOS5WfSp1gSmddmbTtw=; b=dWO0SXdQ7HQmulO9/Y5oFyrKh4Pdcm49KpmPld12NQGgD1oaH58Hj7XmDLwkdUijhzUKfhAvqX8vUFrJl6Gu5ulUjIxz8wmatSb3q3F6N5+UUD7aRhNUymmCa7B54+dt7qEvi+oNs5Pjq/W3uYc+JV2pAsCFhhDNKMNcnwVJu3A=
Received: from BN8PR21MB1202.namprd21.prod.outlook.com (20.179.73.142) by BN8PR21MB1251.namprd21.prod.outlook.com (20.179.74.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.0; Tue, 16 Jul 2019 16:29:56 +0000
Received: from BN8PR21MB1202.namprd21.prod.outlook.com ([fe80::695f:2ff8:262a:7ff8]) by BN8PR21MB1202.namprd21.prod.outlook.com ([fe80::695f:2ff8:262a:7ff8%5]) with mapi id 15.20.2115.002; Tue, 16 Jul 2019 16:29:56 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: Rob Sayre <sayrer@gmail.com>, Eric Rescorla <ekr@rtfm.com>
CC: "add@ietf.org" <add@ietf.org>, "Dixon, Hugh" <Hugh.Dixon@sky.uk>, Alec Muffett <alec.muffett@gmail.com>
Thread-Topic: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00
Thread-Index: AQHVO+HgDyrUoGuKfEi56qAYaR1dx6bNXTUAgAAD94CAAAkDAIAABJkJ
Date: Tue, 16 Jul 2019 16:29:56 +0000
Message-ID: <BN8PR21MB120290722B8E3A7DE85443A1FACE0@BN8PR21MB1202.namprd21.prod.outlook.com>
References: <CAChr6SwEUz9MrdRA0bnv9f-oNi0oUHkfRKjd9-o6jwhuckLXdw@mail.gmail.com> <CAFWeb9LNdT=EYVKTsYDxcBCQKoQFNShKotYtWujt4U9GA-V1mg@mail.gmail.com> <CAFWeb9+eWKSKY9O2JLn9-0+Zq7hrD48F-y+Y4T-iRaaF0vtdOA@mail.gmail.com> <A45F4F74-D6C1-435A-A52F-C2DEA82E2999@sky.uk> <CAFWeb9JVBj+Yehup5q4v9X-7XDY+02frd-04AQGL2HoSLON2qA@mail.gmail.com> <CABcZeBMY9q9vKGse1svzbvXF_dSHA+9q06j4ugDVCZP9VT1koQ@mail.gmail.com> <CAChr6Sz5Rfz=UxOYuPguSvVK2HCX2ZoA1-FytW7+EOUxN8y46Q@mail.gmail.com> <CABcZeBNB7ASu2U3ZMBZ+OOxEhbSnhDXwFN3Lsex1uzVSDv3R=Q@mail.gmail.com>, <CAChr6SwEwRRX7BA6ZCeBuC93hFxbfi3d7G_3G3VA7Lm09yuneg@mail.gmail.com>
In-Reply-To: <CAChr6SwEwRRX7BA6ZCeBuC93hFxbfi3d7G_3G3VA7Lm09yuneg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Jensen.Thomas@microsoft.com;
x-originating-ip: [2001:4898:80e8:2:c164:a69d:7cf6:4496]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9b8f7a54-547a-444c-70a3-08d70a0ad6f6
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BN8PR21MB1251;
x-ms-traffictypediagnostic: BN8PR21MB1251:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BN8PR21MB12514740876EB8012379221CFACE0@BN8PR21MB1251.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0100732B76
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(346002)(136003)(376002)(39860400002)(366004)(189003)(199004)(110136005)(606006)(91956017)(53936002)(8990500004)(54906003)(25786009)(10290500003)(2906002)(66556008)(476003)(64756008)(4326008)(66446008)(66476007)(486006)(76116006)(66946007)(68736007)(966005)(478600001)(19627405001)(5660300002)(6246003)(52536014)(10090500001)(6306002)(71200400001)(14454004)(22452003)(316002)(71190400001)(86362001)(46003)(105004)(6506007)(7736002)(53546011)(33656002)(102836004)(99286004)(6436002)(14444005)(186003)(76176011)(6116002)(8936002)(8676002)(256004)(446003)(236005)(81166006)(81156014)(11346002)(9686003)(229853002)(54896002)(74316002)(55016002)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:BN8PR21MB1251; H:BN8PR21MB1202.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: EKreR8iCDCw5uww7mzo40ElOSqtUFez9In5M1Z7hScIFldx7Rdqv7iQ7c+pZlI1JNk2W7+Ik95MDhKZqpzhy/H30wZnsYeINdBUcLFq5CXFqQ1pJ7gko34G7WZvm2j/ia2xceiPcxYsxMChWVOjG1ogsX7RyAOy0mqsrBtW3yEUWnzz9Q3tHM8IDPvxL3db0s4iVQebNWAqfAvMdYNzOJdCRtkETqtNISqycNsfuLvKQad/1T1tTbzEJT1Jf+sjOdFvmKDh4e0r6pHO5/gqOv03dcjZ3UNrzUUZwvgO+tH3hcmWfqW8tJ+cJNB3mZvZWmFrAG/OH1++S+amaIbUletX/SnEmmt0AD7LSyOBxSv1iCIxrs2JZfwJQuypWnCQldUmTQcUlK+v9oyswl0mzKqd/F4ATfNE01Uhbhcg47KE=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN8PR21MB120290722B8E3A7DE85443A1FACE0BN8PR21MB1202namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9b8f7a54-547a-444c-70a3-08d70a0ad6f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2019 16:29:56.6181 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tojens@microsoft.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR21MB1251
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/QqMbsdOICd9Wd3rOGKuupURduvs>
Subject: Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 16:30:07 -0000

I agree that some companies sell these products, but it doesn't seem like they would work very well.
Based on what data? From the non-technical customer perspective, it might actually be easier than learning each platform's chosen security/family friendly software. We shouldn't so easily dismiss an existing use case.

Thanks,
Tommy
________________________________
From: Add <add-bounces@ietf.org> on behalf of Rob Sayre <sayrer@gmail.com>
Sent: Tuesday, July 16, 2019 9:10 AM
To: Eric Rescorla <ekr@rtfm.com>
Cc: add@ietf.org <add@ietf.org>; Dixon, Hugh <Hugh.Dixon@sky.uk>; Alec Muffett <alec.muffett@gmail.com>
Subject: Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00

On Tue, Jul 16, 2019 at 8:38 AM Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:

They are often done, but not always. For instance:
https://www.xfinity.com/support/articles/set-up-parental-controls-with-comcast-networking<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.xfinity.com%2Fsupport%2Farticles%2Fset-up-parental-controls-with-comcast-networking&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C82eff32a2ec24e15046608d70a0828a4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636988902477013835&sdata=t4CPtIpSAeuzAT0xElNYTqm4u5mKOLMLY5fuYoptmc4%3D&reserved=0>
https://www.quad9.net/faq/#How_does_Quad9_protect_me_from_malicious_domains<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.quad9.net%2Ffaq%2F%23How_does_Quad9_protect_me_from_malicious_domains&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C82eff32a2ec24e15046608d70a0828a4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636988902477013835&sdata=Rq%2F5NNW1fFT3OkvOhD4Ahu0qFt4yQQMCsoxALefxMGY%3D&reserved=0>

I agree that some companies sell these products, but it doesn't seem like they would work very well.

In any case, BCP 188 covers the issue we're describing quite well.

"The same techniques to achieve [Pervasive Monitoring] can be used regardless of motivation.  Thus, we cannot defend against the most nefarious actors while allowing monitoring by other actors no matter how benevolent some might consider them to be, since the actions required of the attacker are indistinguishable from other attacks."

Pervasive Monitoring Is an Attack
https://tools.ietf.org/html/rfc7258<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc7258&data=02%7C01%7CJensen.Thomas%40microsoft.com%7C82eff32a2ec24e15046608d70a0828a4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636988902477013835&sdata=LLFHK5Wu0NrZEuJFaAcJvJ47lT4sUalpu%2Fe4GiUXjlQ%3D&reserved=0>

thanks,
Rob

v2.23.0 | Report a Bug | By Email