IETF Logo Mail Archive

[Add] Food for thought?

Mohit Sethi M <mohit.m.sethi@ericsson.com> Tue, 21 January 2020 13:09 UTC

Return-Path: <mohit.m.sethi@ericsson.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44F121200F8 for <add@ietfa.amsl.com>; Tue, 21 Jan 2020 05:09:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jO1QyDiiaOVf for <add@ietfa.amsl.com>; Tue, 21 Jan 2020 05:09:44 -0800 (PST)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2057.outbound.protection.outlook.com [40.107.22.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E15AD1200F7 for <add@ietf.org>; Tue, 21 Jan 2020 05:09:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dCS0823GHKX8M2iZ7QdhSqvY//qC4wYr+f6C2zfcadC5xvh2WsE787rFtiujo2iSRfYj8uFWrzct7YP9vOJhXyXIE2+YrVMFa9uUmQVEqr0Ojk4UaeSjY5M8mDQM6Mxh+st10UWxt/jn9RKwMtaF55A5pWqiiT8DOFl3enE8EZa7EUsfGajClHlo8GXbzlwnS/u8WpTniYGZOSinPNbq3LsrV+sENUjU8hGsqzCMZGP+XqYI/oqqldas4FMhuRToOmpkKYT4fFrc32i4FzqH6lak00DzskBEEvYKNzRislZVk6Ym8UZ7JWhV/d4G0RlhzPMTbks96fye+jedkZIF7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1dbovBfP5uYYJYwYFUI0Sn6uCLoxer8EsZZVgscupDo=; b=iUsI9c+VWaBtR+5pwCXr7bAX/lfb2kcIf2CylqNPZBmuUwop9119ahOulVQ7jhqnGJ65QS2Rxqa5BN2gQ8gUzSjuAJ58pYdLDZJw/ErhocwaXzZtGLInku97sOBAyklTAjoRzwBVwQrbl2TrUg4UsitxedIfD0eBPUIyoJ61n7z93IR+742DVHjZ1mocbp76jqG868DmfD6W3VxVYqC0IpMmm0SwlAYiNyWvk2Wg9Ed9Xt7TpxsBxaMo+3vVXiGbg+g1YB6+P3Y5rTToVpGUOzQqAAjtYNw6coUR1XdouYRTuJEZptpkM9c023KSBZu4OqFc25HrRrULQQd6RG0WWQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1dbovBfP5uYYJYwYFUI0Sn6uCLoxer8EsZZVgscupDo=; b=Dx1KRrAA3wc0PTUE9gyHFU5iLVqxJCnhWCLp1JJaiQAZSwu//zI3dFGg/wyurur2yzudHgEtQljMKHj+hO1xQGqyfDxgE7KKXirhGe5aKjUXq2jByac5xpNvViAXMO08EuztFA8b1YHWANOj7ITO98uesd/SOJKOcYOrlaH2Bxg=
Received: from DB6PR0701MB2904.eurprd07.prod.outlook.com (10.168.84.145) by DB6PR0701MB2982.eurprd07.prod.outlook.com (10.168.84.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.15; Tue, 21 Jan 2020 13:09:41 +0000
Received: from DB6PR0701MB2904.eurprd07.prod.outlook.com ([fe80::69fa:e9b6:4a20:3ede]) by DB6PR0701MB2904.eurprd07.prod.outlook.com ([fe80::69fa:e9b6:4a20:3ede%8]) with mapi id 15.20.2665.015; Tue, 21 Jan 2020 13:09:41 +0000
From: Mohit Sethi M <mohit.m.sethi@ericsson.com>
To: "add@ietf.org" <add@ietf.org>
Thread-Topic: Food for thought?
Thread-Index: AQHV0FwKeynJ3E29vUysvwsKOw+95Q==
Date: Tue, 21 Jan 2020 13:09:41 +0000
Message-ID: <9c261636-a030-6116-098d-ac89b1227bad@ericsson.com>
References: <CAChr6SwZMid9ruggYAu5bqBEcujhczp34mJ=TZPAjSXw50ZBKQ@mail.gmail.com> <C70ECC76-7431-4FC2-B555-0E1D8D82B449@nbcuni.com> <CAChr6SwYtJh84CLE9n+fuqjdFAaSzNP=aFKqa70KY=Mx+F76MQ@mail.gmail.com> <CWXP265MB0566FDF1030771C6916BE37AC2360@CWXP265MB0566.GBRP265.PROD.OUTLOOK.COM> <F82221F8-35B8-497F-8AA9-F2405000650F@fugue.com> <CAOdDvNqyJhu_q8ALpBeg=zcjyUpHW=fpTxSsoCV0_c=oiXg=pA@mail.gmail.com> <7B424818-0F38-44E7-8EDE-165E96A6221A@icann.org> <CAChr6SyUKmvAQ8niPYjQmL4EREY7c6dqqsjp-M2bt4a_i-L40A@mail.gmail.com>
In-Reply-To: <CAChr6SyUKmvAQ8niPYjQmL4EREY7c6dqqsjp-M2bt4a_i-L40A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=mohit.m.sethi@ericsson.com;
x-originating-ip: [2001:14bb:140:3307:cc1e:8406:7a73:dca9]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a5d3b1ae-4293-4636-8fa5-08d79e732d82
x-ms-traffictypediagnostic: DB6PR0701MB2982:
x-microsoft-antispam-prvs: <DB6PR0701MB2982F5B29BA9D4F67CFDD660D00D0@DB6PR0701MB2982.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0289B6431E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(136003)(396003)(376002)(346002)(39860400002)(189003)(199004)(53546011)(6506007)(71200400001)(86362001)(186003)(3480700007)(2906002)(31696002)(6486002)(64756008)(76116006)(66556008)(316002)(66476007)(66946007)(7116003)(66446008)(2616005)(81166006)(8936002)(36756003)(8676002)(81156014)(966005)(6512007)(31686004)(5660300002)(478600001)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0701MB2982; H:DB6PR0701MB2904.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gUjt23wlVmgHCMtUi72hAD2/03vjsPR0tYgfY07GbHMeg/3DHiyTYO8u5eQ2qt2gqNZs+f5pDiEupp0umqLadf1qldDTLXAnxX3d8tAYvX/CvrytbBw3pzNIPa/wca7Ml6XPNd8PRRN5JUX6IVCzow5puk0Vm5qjn4GxvsYlwYQU/7t85TUdAphT43TOFTCjI7kci+h9EWArx7UhUIjGlBgTn7N6CjvmOstlx6vkaIvYRStxpNJ7mFFIRyUG+NPW+FB4FQVU7jSCZ3hFhjKzaDM6B7ijyjAG4Ahuhek8kbc66VTRWenyG/hQL8axTT8X3mHirdFBXUZFs6P4gw7eytePd1pFKPec/+t5q57m8/cEQHBJdR/+rkLOFOBW3se7dMCLVuoBPsMENjaUnCTe+Uagtpf7W+ORlglHLxb+JHM3tXrGRprudkNQlt0cSuqSUFAQlugFIkuTxjIqzuf39jFvJyVj0yaD0pA+SLeE4TtY1NeBvrA0bPU/0Zv/7MWsijrGyXVlPiZaSE/t0HqYog==
x-ms-exchange-antispam-messagedata: ZZSLj+WLx9+YGRqvgf2zr+wCWb9qK6GMxBYBPhQz5G34Gz/TLmD5CUVNx9HrRSPv4iXWg6aQwodByFlA7q+Yfa5wnONLweZKsApIkOoz0aAhYz3iwrfcioDvIr3hY2xI+sN+dQXsifvqc61hzIDKbOQ1EN7Z+WeZ9APn6UF0gKiFiQ81qF0WJYfN3ymHXXNOgKdCHsqRNoIoYl+PTC7TJQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_9c261636a0306116098dac89b1227badericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a5d3b1ae-4293-4636-8fa5-08d79e732d82
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Jan 2020 13:09:41.7273 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nOO2+8xNZZP3H6/IOWNaNg5JpK///zGLd6rjpK+4r07lOO1nGG2JkWdU2FbjpZwSJAPIqoUnmtOa2NW2Q1rdA1dc0hHppNMtOssCyyPl1BA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0701MB2982
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/uyQaG11dFgFLDdbfNj7sUPHmkFE>
Subject: [Add] Food for thought?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 13:09:50 -0000

Hi all,

I took time to study some of the email discussion (albeit not all). I made sure to carefully read the proposed charter text written by Tommy: https://mailarchive.ietf.org/arch/msg/add/yFOsdTOf6VfNzsHPUbuFfQ5URzw.

As security folks, many of us inadvertently solve our problems by making them someone else's. A very naive example of this would be that we solved the key exchange problem of symmetric keys by making it a key distribution problem with public-key cryptography. I know that we shouldn't really discuss solutions when formulating the charter. However, I suggest that we use this opportunity to discuss the starting assumptions for a client to securely discover DNS resolvers.

Some of the proposed solutions that I looked at rely on an another trusted server in the network to provide information about DNS resolvers. And how do I discover that trusted server?, well of-course, mDNS. I would like us to solve real problems and not make cyclical dependencies (knowing that solving real problems is hard and time-consuming). I would also like to understand what type of networks are in scope? Assuming a trusted server in the local network to inform me about candidate DNS resolvers is certainly not likely in many/most home networks?

--Mohit

On 1/18/20 4:20 AM, Rob Sayre wrote:
On Fri, Jan 17, 2020 at 7:28 AM Paul Hoffman <paul.hoffman@icann.org<mailto:paul.hoffman@icann.org>> wrote:

This proposal rules out any solution that does not mandate the client (such as an operating system) having an up-to-date set of cryptographic trust anchors (such as the web PKI or other crypto initialization by vendors). It would hobble discovery in many of the common cases that have been discussed, such as my laptop in my home using my ISP's resolver. If that type of hobbling is what this group wants, go for it...

What is the improvement such a group would miss out on?

thanks,
Rob

v2.23.0 | Report a Bug | By Email