IETF Logo Mail Archive

Re: [Add] Updated charter proposal for ADD

Neil Cook <neil.cook@open-xchange.com> Wed, 15 January 2020 11:13 UTC

Return-Path: <neil.cook@open-xchange.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB5931200B6 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 03:13:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XebaBIo5vj2L for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 03:12:57 -0800 (PST)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E75C1200B8 for <add@ietf.org>; Wed, 15 Jan 2020 03:12:57 -0800 (PST)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id 5B1DA6A26A for <add@ietf.org>; Wed, 15 Jan 2020 12:12:55 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1579086775; bh=9e+dbHFhoGiVkJPthli/eJHf5wxXsdldVQiM51Hd8p8=; h=From:Subject:Date:References:To:In-Reply-To:From; b=H6OwN/U1iaQUj7ZWrdM3kwGffHeag9k3md1LfQYXfDPdlFZosG/9icfn7/Hodn/7B Hx3WtISr2V0ZDfICoaSj1zdVctUVFEjfvWJksmoVEPSqzpWZuVBxzKnXpkD4/Uw5Wr +i6xEhXih4ylIsEmt9wi0AD/pcmdO41iDY1SoJ5tkU8olkTgNox4n4Q/t9vlXgh3lF NklJm8SnMHyclc+/Lk1Hx2JCTTLsZL+TrNjoCG5XbKNw9B2jHj2b/9w5yk6ZFIk4gV oFKnC//dR3NnDXGN6mjeZBiVFKRdsdXLiegGXMf+m5p5wPNNfo6qOBX4YpYRuCmuH7 iJaLlKBZ2ax+g==
Received: from [192.168.1.170] (host109-158-192-48.range109-158.btcentralplus.com [109.158.192.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 28EC53C01A3 for <add@ietf.org>; Wed, 15 Jan 2020 12:12:55 +0100 (CET)
From: Neil Cook <neil.cook@open-xchange.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CF6B61BD-5081-4E1D-8127-BF370951CF42"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Date: Wed, 15 Jan 2020 11:12:53 +0000
References: <236B0A34-8C7F-49D2-8075-5AF5AC35BDFB@apple.com>
To: ADD Mailing list <add@ietf.org>
In-Reply-To: <236B0A34-8C7F-49D2-8075-5AF5AC35BDFB@apple.com>
Message-Id: <C236A69B-772D-41F1-B1BD-A718D5221CD3@open-xchange.com>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/vUsbZaowuHGlvDedvzOwiR787K4>
Subject: Re: [Add] Updated charter proposal for ADD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 11:13:02 -0000

I support this proposed charter with the exception of the following language:

> Any mechanisms that specify interactions between clients and
> servers must provide the security properties expected of IETF
> protocols, e.g., confidentiality protection, integrity protection,
> and authentication with strong work factor.

I agree with Stephen Farrell's comments on the other thread on this topic, namely:

> On 14 Jan 2020, at 23:23, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

> I do think there's value in opportunistic approaches so
> long as there's some kind of credible longer term story
> as to how we get to better than opportunistic. I read
> your charter text as strongly discouraging that.
Neil

> On 14 Jan 2020, at 22:38, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote:
> 
> Hi all,
> 
> I wanted to share an updated proposal for an ADD charter, based on the feedback and discussion on the list in the past several weeks.
> 
> This is based on the original proposal that was sent in December, taking into account various comments and suggestions. Glenn Deen, Andrew Campling, and I worked on this revision together and came to consensus on its contents.
> 
> Thoughts and comments are welcome as always!
> 
> (Note that the proposed name of the group was not changed, and is entirely open to bikeshedding. Naming is hard!)
> 
> Best,
> Tommy
> 
> 
> 
> Adaptive DNS Discovery (ADD)
> ====================================
> Proposed Working Group Charter
> 
> Sending DNS messages over encrypted transports, as defined in DNS over
> TLS (DoT) [RFC 7858] and DNS over HTTPS (DoH) [RFC 8484], provides
> benefits to the security and privacy of DNS data. Clients, such as
> applications and host operating systems, have started adopting these
> protocols to provide these user benefits.
> 
> This working group will focus on discovery and selection of DNS resolvers
> by DNS clients in a variety of networking environments, including public
> networks, private networks, and VPNs; supporting both encrypted and
> unencrypted resolvers.
> 
> Clients adopting encrypted DNS protocols need to determine which DNS
> servers support encrypted transports, and which server to use for specific
> queries if multiple servers are available. These decisions can vary based
> on the network environment, and also based on the content and purpose of
> the client queries.
> 
> Network operators that start offering DNS encryption on their servers also
> need a way to indicate this support to clients. Communicating information
> about resolver configuration and behavior allows clients to make more
> informed decisions about which DNS servers to use. For example, a resolver
> may be able to resolve private or local names as a split DNS server.
> 
> The Adaptive DNS Discovery (ADD) working group will work on the following
> deliverables:
> 
> - define a mechanism that allows clients to discover DNS resolvers,
> including encrypted DNS servers, that are available to the client
> either on the public Internet or on private or local networks;
> 
> - define a mechanism that allows communication of DNS resolver
> information to clients for use in selection decisions;
> 
> - develop an informational document that describes how client
> applications and systems can manage selection of DNS resolvers
> in various network environments and use cases.
> 
> Any mechanisms that specify interactions between clients and
> servers must provide the security properties expected of IETF
> protocols, e.g., confidentiality protection, integrity protection,
> and authentication with strong work factor.
> 
> This working group will coordinate with dnsop, doh, and dprive for any
> changes required in DNS protocols. It will also work with capport to
> ensure that solutions are applicable to captive networks.
> 
> -- 
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add


Neil Cook
neil.cook@open-xchange.com

-------------------------------------------------------------------------------------
Open-Xchange AG, Rollnerstr. 14, 90408 Nuremberg, District Court Nuremberg HRB 24738
Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin 
Chairman of the Board: Richard Seibt

European Office: 
Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718 
Managing Director: Frank Hoberg

US Office: 
Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA 
-------------------------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email