IETF Logo Mail Archive

Re: [DNSOP] [homenet] Fwd: WGLC on "redact" and "homenet-dot"

"John Levine" <johnl@taugh.com> Thu, 15 December 2016 02:18 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C927129EF2 for <dnsop@ietfa.amsl.com>; Wed, 14 Dec 2016 18:18:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OFuBzpa2adpX for <dnsop@ietfa.amsl.com>; Wed, 14 Dec 2016 18:18:55 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC92C12984A for <dnsop@ietf.org>; Wed, 14 Dec 2016 18:18:54 -0800 (PST)
Received: (qmail 98088 invoked from network); 15 Dec 2016 02:18:59 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 15 Dec 2016 02:18:59 -0000
Date: Thu, 15 Dec 2016 02:18:31 -0000
Message-ID: <20161215021831.2296.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <87poku6jrv.wl-jch@irif.fr>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/092oFgVHWHPPHys883ulRLYXnz0>
Cc: homenet@ietf.org, jch@irif.fr
Subject: Re: [DNSOP] [homenet] Fwd: WGLC on "redact" and "homenet-dot"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 02:18:56 -0000

>Now, granted, .local and .homenet require special casing in shared parts
>of the protocol stack (.local in the stub resolver, .homenet in the
>Homenet router's resolver), but this needs to be done just once in the
>protocol stack, not in every single application.  Completely unlike .onion.

I think you're making unwarranted assumptions about software design
here.  On the computers I know, the stub resolver is in one shared
library and the SOCKS proxy is in another.  What's the difference?

I agree that ToR users typically use specially configured browsers
to minimize side channel leakage, but that's unrelated to the way
the the sockets work.  You can run POP3 over ToR if you want to.

The somewhat relevance to the topic at hand is that we seem to have
different mental models of the way the clients work.  If we expect the
client libraries to know that .homenet is special, it doesn't matter
what's in the root.  If we expect they don't, and all the magic is in
the router, I still don't see any solutions that aren't really ugly.
If we do the unsigned delegation that Mark wants, the validating client
can tell that the .homenet answers it's getting aren't necessarily
bogus, but it can't tell that they're authentic either.

R's,
John

v2.23.0 | Report a Bug | By Email