Re: [DNSOP] EDNS0 clientID is a wider-internet question

Barry Raveendran Greene <bgreene@senki.org> Wed, 26 July 2017 01:00 UTC

Return-Path: <bgreene@senki.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D6EC132189 for <dnsop@ietfa.amsl.com>; Tue, 25 Jul 2017 18:00:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.7
X-Spam-Level:
X-Spam-Status: No, score=-4.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWMYapzaGdUy for <dnsop@ietfa.amsl.com>; Tue, 25 Jul 2017 18:00:15 -0700 (PDT)
Received: from smtp93.iad3a.emailsrvr.com (smtp93.iad3a.emailsrvr.com [173.203.187.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4F5A13200C for <dnsop@ietf.org>; Tue, 25 Jul 2017 18:00:15 -0700 (PDT)
Received: from smtp28.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp28.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 1D139535A for <dnsop@ietf.org>; Tue, 25 Jul 2017 21:00:12 -0400 (EDT)
X-Auth-ID: bgreene@senki.org
Received: by smtp28.relay.iad3a.emailsrvr.com (Authenticated sender: bgreene-AT-senki.org) with ESMTPSA id 333DC53E8 for <dnsop@ietf.org>; Tue, 25 Jul 2017 21:00:10 -0400 (EDT)
X-Sender-Id: bgreene@senki.org
Received: from [172.20.10.2] ([UNAVAILABLE]. [114.124.142.240]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:465 (trex/5.7.12); Tue, 25 Jul 2017 21:00:12 -0400
From: Barry Raveendran Greene <bgreene@senki.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_DB783421-FF8F-4E9D-9976-DB9234960201"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Wed, 26 Jul 2017 08:00:07 +0700
References: <CAKr6gn1mZ7VTfM_wtpFX-G95wg-bWRA_YciZScFvr-YX8eYdWg@mail.gmail.com> <CAPt1N1nutxneiZg1JR90O5vRXVs+0WHvRtHpwCRyn4bXpf6g4A@mail.gmail.com> <CAL9jLaZrsiGZUPJzT1bZG-K2mTt3wP=x05-_Qp=rRh8uaBjS4g@mail.gmail.com> <5D73941C-B108-4A14-AEE5-7A28BCA94373@nohats.ca> <8d27cf2a-a883-7186-11bb-eeacd0bce68c@eff.org> <5976FC55.10301@redbarn.org> <alpine.LRH.2.21.1707250412390.19091@bofh.nohats.ca> <59779B68.2000906@redbarn.org> <20170725204158.isyxgyb7l5d5degr@mycre.ws>
To: dnsop WG <dnsop@ietf.org>
In-Reply-To: <20170725204158.isyxgyb7l5d5degr@mycre.ws>
Message-Id: <4924243E-7771-4C1A-ACD0-1EB40452E635@senki.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/JbGZb58ysc-8V8bQdIKWHvQjVUI>
Subject: Re: [DNSOP] EDNS0 clientID is a wider-internet question
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2017 01:00:17 -0000

The irony to the privacy and client-id discussion is that we have another “DNS Privacy” WG which gives me wonderful ID from the crypto termination on the resolver.

The reality with client ID is just like RPZ adoption. Operators need flexibility to face reality. If the DNSOP’s choice is to not face reality, so be it. The code will still get deployed. Operators will still drive adoption.

The choice is to have client ID and RPZ in the working group process.