IETF Logo Mail Archive

Re: [arch-d] IAB statement on "Avoiding Unintended Harm to Internet Infrastructure"

"Brian Trammell (IETF)" <ietf@trammell.ch> Mon, 18 November 2019 05:58 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: architecture-discuss@ietfa.amsl.com
Delivered-To: architecture-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5658A12088C for <architecture-discuss@ietfa.amsl.com>; Sun, 17 Nov 2019 21:58:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nwC4q1CeCQdY for <architecture-discuss@ietfa.amsl.com>; Sun, 17 Nov 2019 21:58:08 -0800 (PST)
Received: from smtp-sh2.infomaniak.ch (smtp-sh2.infomaniak.ch [128.65.195.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9377F12086C for <architecture-discuss@ietf.org>; Sun, 17 Nov 2019 21:58:08 -0800 (PST)
Received: from smtp-3-0000.mail.infomaniak.ch (smtp-3-0000.mail.infomaniak.ch [10.4.36.107]) by smtp-sh2.infomaniak.ch (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id xAI5vne0094561 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 18 Nov 2019 06:57:49 +0100
Received: from [IPv6:2001:67c:370:128:bc5e:e297:d32d:b91c] (unknown [IPV6:2001:67c:370:128:bc5e:e297:d32d:b91c]) by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 9A5AB100F703B; Mon, 18 Nov 2019 06:57:44 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: "Brian Trammell (IETF)" <ietf@trammell.ch>
In-Reply-To: <6.2.5.6.2.20191117022756.07532f60@elandnews.com>
Date: Mon, 18 Nov 2019 13:57:43 +0800
Cc: Andrew Campling <andrew.campling@419.consulting>, architecture-discuss@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B52E3EE5-AFA4-4669-8838-0D84654F4E03@trammell.ch>
References: <LO2P265MB0573C0D8F8D9D7ECF4E472AFC2760@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM> <6.2.5.6.2.20191117022756.07532f60@elandnews.com>
To: S Moonesamy <sm+ietf@elandsys.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8
X-Antivirus-Code: 0x100000
Archived-At: <https://mailarchive.ietf.org/arch/msg/architecture-discuss/PKNSubKIMB21VhJJ3ZusWd1jbZY>
Subject: Re: [arch-d] IAB statement on "Avoiding Unintended Harm to Internet Infrastructure"
X-BeenThere: architecture-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: open discussion forum for long/wide-range architectural issues <architecture-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/architecture-discuss/>
List-Post: <mailto:architecture-discuss@ietf.org>
List-Help: <mailto:architecture-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/architecture-discuss>, <mailto:architecture-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 05:58:11 -0000

> On 17 Nov 2019, at 18:48, S Moonesamy <sm+ietf@elandsys.com> wrote:
> 
> Hello,
> At 10:53 PM 12-11-2019, Andrew Campling wrote:
>> In the DNS section, it is disheartening to read the IAB stating that "[a DNS resolver] returning the wrong (or no) address breaks the trust that users have in this infrastructure", after having spent months on the ADD list and elsewhere to explain that there are indeed lots of use cases in which users expect, or even actively request, that their resolver applies filters to the responses. In some cases it is actually the opposite - if I acquire a DNS-based service to prevent any accidental connection to malware-infected websites and then I get malware, that's when I lose trust in my DNS resolver; same for parental controls.
> 
> The position, in the past, was that it was important to preserve the chain of trust instead of allowing someone along the path to change the information published in DNS.  There are use cases where the changes are done for valid reasons, e.g. the user does not wish to download malware.  What are the unintended consequences of supporting such cases?

The unintended consequences don't come from "supporting the use case" per se, they come from the technical details of the approach used to do so. For example:

For your malware example, "change DNS records by intercepting queries between the client and the recursive resolver and inject NXDOMAIN for malware domains" is one way to implement such a thing. The unintended consequences of this are "you can't deploy DNSSEC", "anyone on the same path can do the same interception, maybe even to add malware", and so on.

Another way to support the same use case would be to add endpoint defenses to the browser for web-based malware: in this case the browser checks URLs against a blocklist. The tradeoff here is that you need to touch every browser, and a possible unintended consequence here is that the infrastructure to distribute the blocklists is a potential further centralization of the architecture.

Cheers,

Brian


> Regards,
> S, Moonesamy
> 
> 
> _______________________________________________
> Architecture-discuss mailing list
> Architecture-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/architecture-discuss

v2.23.0 | Report a Bug | By Email