IETF Logo Mail Archive

Re: [Add] Proposed charter and BoF request for IETF 106

Rob Sayre <sayrer@gmail.com> Wed, 09 October 2019 15:04 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A2D912010E for <add@ietfa.amsl.com>; Wed, 9 Oct 2019 08:04:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gGN_EcgJTYaa for <add@ietfa.amsl.com>; Wed, 9 Oct 2019 08:04:13 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7B471200E7 for <add@ietf.org>; Wed, 9 Oct 2019 08:04:13 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id b136so5726479iof.3 for <add@ietf.org>; Wed, 09 Oct 2019 08:04:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aznqQ46HSyndoBHYrYQj050xsIb2YDDSehJh+OIgEyU=; b=DbidYQeVyzXYxvjrwiImM+9FLlTsUi/z3VdSmbPQP0I3On90k3xere8iUBYKPzhOFQ O2RdXgoAHh8S6FFUGH9FIMHm0n2N0ri6ThcvYdZB4EXINpRla3GLCKuSESYSk7l8ZLwK P+lwKWqRwtlZj+lU0oYREzVylZAuDlE32KhtnbbNXWyEjyR5TIbCYymMpyultZm2ZP7q YIKV1SOuAF3dk6IuTxFtM3Z6q6bmwCup/rUk1yGDiINfekU4wmhsr40Ak8O7UB2F7y/b RgJfDR8d9g90/imx89S9KLNEvTmt5BPzGXQt/+5SHd9wGMbSX5+xmR5C52geSV44v7q5 smBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aznqQ46HSyndoBHYrYQj050xsIb2YDDSehJh+OIgEyU=; b=UVyWh6r6vLCOnDWTX4omhOB+CUV3+TOvlEP3eYpLb8vqMWkXKuXkrVtoDcJMJsaLGV bV61KSa+m5p1b+FyVyF4MuML8fEsBT2eNc7WJ8WZYkaqujr6Z2QWXx77wc5K3MwRPA3y 0FKM9UAGqKsObjpVyBIKOmkUNjaBrijgNxmDuxW46/KTSL4vp3L6gZlGyoPWk+XgbPCc 7qAaQniUYyPHbIJR6rbGt8uDaUZgc6mWhK/EOotv1DIKnhRwwvHciTiSZI1XniZ1n6E3 4ZbFAbUmoCYiFXehHqE7Y+8NpYy9N5z8kXKwoxQErh9/oExVi1QAMGGv4M9+n2D7Mz/8 NYrQ==
X-Gm-Message-State: APjAAAW43OLQBKK8uITqDWbRfwy+oK6o2BmK0Wy8fwO/nfXGZT+gKBay n8l/GBVhUtFt9Pe6XJYD7vy8w3YPZ5MNFV/m1b8=
X-Google-Smtp-Source: APXvYqyoUaFyteyC3LJGyMLbn035H7VKDRcHuSZ4ut36qhwRp7D+2nhwnOkKltDQYYmnskEKRwVdx+72pblJOwjP0Pc=
X-Received: by 2002:a02:c646:: with SMTP id k6mr3573463jan.53.1570633452908; Wed, 09 Oct 2019 08:04:12 -0700 (PDT)
MIME-Version: 1.0
References: <CALaySJLxXVuHQNfTnaeKZ_R9xtBYWfbta+A1bWcE-ZQZwd3VZg@mail.gmail.com> <CAChr6Szdm=VEAMOLnuU26aZcs0ppXoenZVPtWY-b40zEtZ5YiA@mail.gmail.com> <CALaySJ+r0WAt+=33cV73q88KKc+gj3O6LtfcLxFOhDjcLP+U3A@mail.gmail.com> <CAChr6Sx2Yh7BecWw-Q=QrD1WchL0jTj7gzCnr-B-N=04WmV7RQ@mail.gmail.com> <C9D02221-0B92-4458-8A93-1DE880FDD638@hopcount.ca> <CAChr6SyhEQLvm8ddgb1HxfqD4Ru_gVajduVggVA=4O5U5ytRcA@mail.gmail.com> <0F11A08C-F93F-43F9-A3EF-3D1E378D4073@cooperw.in>
In-Reply-To: <0F11A08C-F93F-43F9-A3EF-3D1E378D4073@cooperw.in>
From: Rob Sayre <sayrer@gmail.com>
Date: Wed, 09 Oct 2019 22:03:58 +0700
Message-ID: <CAChr6SwOYfp5U+uBXCpxat_v=iJQHF_w2h16N5rVAfb8rNNnSA@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Cc: Joe Abley <jabley@hopcount.ca>, Barry Leiba <barryleiba@computer.org>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000008779905947b9984"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/xhmxhgraDTc9t_6xDEd1At4dWig>
Subject: Re: [Add] Proposed charter and BoF request for IETF 106
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2019 15:04:19 -0000

Hi Alissa,

Thank you for sharing that text. A light edit to your contribution might
say:

"Network operators have historically mis-used DNS for a variety of
purposes..."

The "mis-" prefix was obviously added by me. But should the IETF take those
use cases seriously? I think all the shady traffic is on the "dark web"
now, anyway.

thanks,
Rob



On Wed, Oct 9, 2019 at 9:52 PM Alissa Cooper <alissa@cooperw.in> wrote:

> Hi Rob,
>
> When the IESG was discussing this, I wrote up the text below. The
> structure and some of the text made it into the version Barry shared.
>
> —
>
> Application Behavior Considering DNS (ABCD)
>
> DNS over TLS (DoT) [RFC 7858], DNS over DTLS [RFC8094], and DNS over HTTPS
> (DoH) [RFC 8484] provide confidentiality and tamper-resistance to thwart
> on-path attacks against DNS queries flowing between clients and recursive
> resolvers. Along with the deployment of these new transports, various
> application providers have been exploring having the application configure
> its own DNS services rather than using DNS services configured by the
> network operator. (The working group considers a network operator to
> include Internet service providers, enterprises, and any businesses that
> provide network access.) Together, these developments may represent a set
> of shifts depending on how the new protocols are deployed: from cleartext
> to encrypted transports, from use of unique port numbers for DNS resolution
> to ports that support significant other traffic (e.g., HTTPS), and from
> network operator control of DNS configuration to control by clients,
> third-party resolvers, or others.
>
> This potential set of shifts raises many questions given the long history
> and current status of DNS operational practices. Network operators have
> historically used DNS services for a variety of purposes beyond simple
> query resolution: to mitigate network and security threats, to enforce
> enterprise policy, to provide parental controls and other filters, and to
> comply with relevant laws and regulations, among others. To the extent that
> the presence of encrypted DNS transports or changes in DNS configuration
> control or both create barriers to achieving the objectives that underlie
> these practices, this working group is the venue within the IETF to work on
> engineering and operational solutions.
>
> This working group is focused on specifying protocols, guidance, and best
> practices to support the smooth operation of encrypted DNS transports
> across diverse networks with potentially diverse and changing arrangements
> concerning where the control of DNS service configuration is located.
> Specific initial areas of focus include but are not limited to:
>
> - Resolver discovery and selection
> - Expression of resolver policy
> - Support for split-horizon DNS environments
> - Mechanisms to facilitate testing of new configurations
>
> This working group will coordinate with the DNSOP (OPS Area) and DPRIVE
> (INT Area) working groups, and all last-call announcements (including
> Working Group Last Calls issued by the chairs) will be copied to all three
> working groups to ensure thorough and careful review.  The working group
> will also coordinate with the Security Area, and will be assigned a
> security advisor.
>
> —
>
> Best,
> Alissa
>
>
> On Oct 9, 2019, at 3:51 PM, Rob Sayre <sayrer@gmail.com> wrote:
>
>
>
> On Wed, Oct 9, 2019 at 8:48 PM Joe Abley <jabley@hopcount.ca> wrote:
>
>> Hi Rob,
>>
>> On 9 Oct 2019, at 09:40, Rob Sayre <sayrer@gmail.com> wrote:
>>
>> >> So if it helps, consider "the IESG" as the charter proposal writers
>> >> and "5 or 6 ADs" as the BoF proponents.
>> >
>> > It does not help. Could those "5 or 6 ADs" put their names on the
>> proposal?
>>
>> Can you explain why this is important?
>>
>> I don't mean to imply it's not; I'm just trying to understand your
>> question.
>>
>
> You ask a totally fair question.
>
> I think the charter is misguided and wrote that "a proposal that no one
> will put their name on doesn’t even deserve an argument."
>
> So, I just asked (again) whether someone would put their name on it.
>
> thanks,
> Rob
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>
>
>

v2.23.0 | Report a Bug | By Email