Re: [Add] What to do in this potential working group
Rubens Kuhl <rubensk@nic.br> Thu, 22 August 2019 16:50 UTC
Return-Path: <rubensk@nic.br>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 565F5120A49 for <add@ietfa.amsl.com>; Thu, 22 Aug 2019 09:50:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.br
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y3KTvAeXEUkF for <add@ietfa.amsl.com>; Thu, 22 Aug 2019 09:50:43 -0700 (PDT)
Received: from mail.nic.br (mail.nic.br [200.160.4.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B40D012082E for <add@ietf.org>; Thu, 22 Aug 2019 09:50:42 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.nic.br (Postfix) with ESMTP id A4AA0192F79; Thu, 22 Aug 2019 13:50:38 -0300 (-03)
Authentication-Results: mail.nic.br (amavisd-new); dkim=pass (1024-bit key) header.d=nic.br
Received: from mail.nic.br ([127.0.0.1]) by localhost (mail.nic.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PqIHfBgg-ycQ; Thu, 22 Aug 2019 13:50:38 -0300 (-03)
Received: from rubens.in.registro.br (unknown [IPv6:2001:12ff:0:3a::195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: rubensk@nic.br) by mail.nic.br (Postfix) with ESMTPSA id 67BB7192F70; Thu, 22 Aug 2019 13:50:38 -0300 (-03)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nic.br; s=dkim; t=1566492638; bh=nshQtRwQAgGlTSpUSlIceCfy9pjQgPsZEVGcIMOhy9w=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=nZCOm5cJbYY7pNxGsr7b8ifpM5powdR/TzCd/kmTz8zPjCARbqjcyxeegbPu8YB2F tLsmQQt1Id66o+AMxsSLQzjlnpQXiuAP3fRDhvpbLC4/XK3E32oULyYJS6dKKtiFp5 QLktbiJzSOTT28ghpzm8OLAUAVpgN2Mr2HNAPOXc=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Rubens Kuhl <rubensk@nic.br>
In-Reply-To: <A1128702-1E19-4657-9740-E84AE09992F2@piuha.net>
Date: Thu, 22 Aug 2019 13:50:38 -0300
Cc: add@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <9C8A8C27-35F3-438E-9408-4DB7968230AE@nic.br>
References: <A1128702-1E19-4657-9740-E84AE09992F2@piuha.net>
To: Jari Arkko <jari.arkko@piuha.net>
X-Mailer: Apple Mail (2.3445.104.11)
DMARC-Filter: OpenDMARC Filter v1.3.1 mail.nic.br 67BB7192F70
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/slrgO-6Zo-uzdkmR3qn7GfbZxng>
Subject: Re: [Add] What to do in this potential working group
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2019 16:50:45 -0000
While IETF usually focus on technical documents for implementers and operators, I believe that in this space an end-user document might be in order. Some sort of "Pick your enemy" document, where users can be educated on the different threat actors: - Corporate network administrators - ISPs - Big web-scales - Governments - Rogue applications developers (malware etc.) - Non-rogue application developers (browser developers) Rubens > Em 20 de ago de 2019, à(s) 17:01:000, Jari Arkko <jari.arkko@piuha.net> escreveu: > > I’ve been on vacation and doing some other things for the last couple of weeks, and now I’ve been trying to read the mailing list discussions. Not easy! > > Let me try another angle into the discussion and see if it’s helpful. > > Much of the discussion has been about the conflicts between people’s different use cases or trustworthiness perceptions for different entities. “I trust industry X more than industry Y” or “I need to perform <thing> which conflicts what you’re trying to do prevent <another thing>”. And the various details of performing those <things>. > > There’s been not so much discussion about concrete things where IETF can help, or discussion about understanding and agreeing where our agreements and disagreements lie, or where the factual things end and opinions begin. > > So how about looking at this first by understanding what kinds of things we might actually agree on, and acknowledging what we disagree on? For instance, I think there are helpful small things that I don’t think are hugely controversial, better discovery mechanisms for instance. Similarly, I don’t think we will find an agreement whether one trusts an ISP more or less than a large Internet company (because it depends, duh). But we might find agreement on some more structural things, such as what factors have an effect, and what good solutions look like. For instance, while we might differ on what services we consider trustworthy, to me it seems obvious that creating a single entity that has access to all users’ DNS queries is potentially very dangerous architecture for the Internet. Too attractive target for governments to tap, for instance. > > We might also agree on principles, such as the ones about user configuration taking precedence over network configuration. > > We do disagree on how to handle filtering use cases, enterprise networks, how to deal with CDN localisation and other operational use cases. Some of these things people care deeply about. And we might disagree on what the advice is on split DNS. > > In any case, to start with the parts that we possibly do agree on, there is at least a beginning of a list of work items. For instance: > > * Improved mechanisms for discovery and selection of encrypted DNS transports > * Best operational practices for running an encrypted DNS transport service (possibly subdivided for the type of deployment, e.g., ISP or global service) > * Recommendation for precedence of configuration mechanisms > * Recommendation that having devices or apps “call home” for every user action to a centralised global service is bad practice and should be avoided > > Jari > > -- > Add mailing list > Add@ietf.org > https://www.ietf.org/mailman/listinfo/add
- [Add] What to do in this potential working group Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Orth
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Vyncke (evyncke)
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Tommy Jensen
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… David Conrad
- [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] data integrity and DNSSEC or DoH/DoT David Conrad
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] Unstated assumptions in What to do in t… John Levine
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Martin Thomson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Daniel Stenberg
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Martin J. Dürst
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Willem Toorop
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rubens Kuhl
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] What to do in this potential working gr… Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Andrew Campling
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett