Re: [DNSOP] Draft for dynamic discovery of secure resolvers

Paul Vixie <paul@redbarn.org> Tue, 21 August 2018 02:51 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EC62130E04 for <dnsop@ietfa.amsl.com>; Mon, 20 Aug 2018 19:51:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7D3Q3W8gJ0Su for <dnsop@ietfa.amsl.com>; Mon, 20 Aug 2018 19:51:41 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E879130DF6 for <dnsop@ietf.org>; Mon, 20 Aug 2018 19:51:41 -0700 (PDT)
Received: from [IPv6:2001:559:8000:c9:9061:ce0d:93bf:336d] (unknown [IPv6:2001:559:8000:c9:9061:ce0d:93bf:336d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 35ED4892C6; Tue, 21 Aug 2018 02:51:41 +0000 (UTC)
Message-ID: <5B7B7E3B.3060006@redbarn.org>
Date: Mon, 20 Aug 2018 19:51:39 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.25 (Windows/20180328)
MIME-Version: 1.0
To: =?windows-1252?Q?Marek_Vavru=9Aa?= <mvavrusa=40cloudflare.com@dmarc.ietf.org>
CC: Ted Lemon <mellon@fugue.com>, Paul Ebersman <list-dnsop@dragon.net>, Tom Pusateri <pusateri@bangj.com>, dnsop <dnsop@ietf.org>
References: <CAC=TB13mUH2SDxFb4c3rOz0-Z6PE_r9i84_xK=dmLxiVr45+tA@mail.gmail.com> <alpine.DEB.2.20.1808201720060.3596@grey.csi.cam.ac.uk> <23C2BA0B-B4A7-49F2-9FFD-90B90E2928B5@bangj.com> <56B7EA81-A840-4320-BDD0-781E9D999904@vpnc.org> <B5CCB149-BEE2-46D4-BF3C-C32D5BCA3EA3@bangj.com> <20180821014030.C2678AD6354@fafnir.remote.dragon.net> <922DCF48-BA8A-42B8-99BA-2B367D981568@bangj.com> <20180821022627.50A64AD6A31@fafnir.remote.dragon.net> <CAPt1N1np9KdMmqE09AhsvH-macAer2dMxsUUpF4AYVSeB0g-oA@mail.gmail.com> <CAC=TB11NMbSbKfw0hMLrW6vywmYDp_T5mYgUFUBc7n7o+axAQw@mail.gmail.com>
In-Reply-To: <CAC=TB11NMbSbKfw0hMLrW6vywmYDp_T5mYgUFUBc7n7o+axAQw@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2ZaYXdfPbkFxKMqzEZCeCVO26zA>
Subject: Re: [DNSOP] Draft for dynamic discovery of secure resolvers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 02:51:43 -0000


Marek Vavruša wrote:
> ...
>
> I'm still not sure that IETF should define the provider of trust, as
> the trust is relative. But you're right Ted, it should definitely be
> at written down andformalized if we want to move forward.
>
> I have to compose my thoughts on this first. I'll try next weekend if I get
> some of that bravery or willpower back.

if you write down trust assumptions you'll be enumerating disjoint sets 
of same as actually practiced by different users and different operators 
whose reasons should be treated as valid rather than challenged.

mine is, i monitor and control the network path between my dhcp client 
and my dhcp server very much more carefully than i can monitor and 
control the network path to RDNS servers. therefore i am comfortable 
having the former introduce me to the latter. other perspectives differ.

-- 
P Vixie