Re: [DNSOP] EDNS0 clientID is a wider-internet question

Ted Lemon <> Thu, 20 July 2017 17:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7F46E1270AC for <>; Thu, 20 Jul 2017 10:54:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NZUeaTKyB771 for <>; Thu, 20 Jul 2017 10:54:44 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8DF5E1252BA for <>; Thu, 20 Jul 2017 10:54:44 -0700 (PDT)
Received: by with SMTP id v190so17863346pgv.2 for <>; Thu, 20 Jul 2017 10:54:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=6IvA5exAcZ7aLHuQBc5UhTwSh7Y+SVq3DdRpwCXu2KE=; b=gRIw1L5M10U7npTlJbskRHh1OL7sv+Ca0zAbEhswdCnnkOsRfg8ObsREKqYNU3iGC1 svH3nln1xXMe5XeWYF8yqvLh5oB41skd0jsk30ANuwj0Jgl5cmp2M/nF5wiinfQNMsP9 cqWvUjoCyg6oaOfydRwkupXLvGr2wgTUsqWupZBcAZiRvDrWOChVjlqldVD0cRp5uM81 ZEG3UDHdvfm5pRMbDePJ2ewElzyb+zIxCTmp2rYIVE8rt0eJEZHN2nV+ZUh0n7zCZV+S sKAKbBmqi2/aJL7Bjql4/UmlXdLCy/cl4hQAqIAuws+f/5ita5ExxZOVWsVK2lO3SY1y at/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6IvA5exAcZ7aLHuQBc5UhTwSh7Y+SVq3DdRpwCXu2KE=; b=nzJFSBu42jnJRbv/nIuT6fF24YbzaaxeQHbT7GxdYUN6sDvZGBOfj0xMfYZ+QiVWk0 eqNYiAmyle/VLs5WHS2E7oBFMmGXePFJAF+0XbcsKFDpqcQ5AE1Hr46dYTKzaDIjzkKl tifw2GwKbTl7Uw6gs1X3y86Yx/nFnPmmXtMtJZDII6p0btmzo3ztffx9U9jky5nQPt+w m+oD0ppeRQvsePspHiXdKefHEWToFgBp9svd3VviaJDn65CzfCgt63d7d5/Ubw+iu19Y E9XvRK+Gzj6lnXOSfOYbmyK43h4uyVBTFjZ9eQ4fsM9MWtdZxHGa1alfgphv/Tw82DQ9 LVxg==
X-Gm-Message-State: AIVw111rluCXYOES2egnREedUMHM1x3KT7ZUP5t07Kb9myuj1Ofor0h/ +m2dq/+Cs6v+hlpqaR7QRRdnD7K6mcYz
X-Received: by with SMTP id g18mr5075019plj.210.1500573284101; Thu, 20 Jul 2017 10:54:44 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Thu, 20 Jul 2017 10:54:03 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Ted Lemon <>
Date: Thu, 20 Jul 2017 19:54:03 +0200
Message-ID: <>
To: George Michaelson <>
Cc: dnsop WG <>
Content-Type: multipart/alternative; boundary="94eb2c19f1428f31720554c37171"
Archived-At: <>
Subject: Re: [DNSOP] EDNS0 clientID is a wider-internet question
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Jul 2017 17:54:46 -0000

It would be nice if there were an RFC to point to that used a method that
didn't include PII.   For the use cases of which I am ware, there is no
need to identify individual devices: only policies.   What's lacking is a
way to do this in the home router, so the PII winds up getting exported to
the cloud not because that's necessary to accomplish the filtering but
because it's the only available place where the translation from
PII->policy can be done in practice.   Unfortunately, solving _that_
problem is definitely out of scope for DNSOP.

On Thu, Jul 20, 2017 at 7:00 PM, George Michaelson <> wrote:

> I probably will not carry the WG with me on this, but I find myself
> thinking the PII aspect of client-ID makes it a wider-internet
> question and we might have views as a WG, and promote questions as a
> WG, but I think the "final call" on this is something which needs more
> than WG approval.
> Its a big question. I'd actually welcome adoption on many levels, but
> that isn't to pre-empt that it goes to WGLC. I think we need to
> formalize the issues and take them out of the WG for review and
> discussion.
> documenting current practice is ok btw, but .. PII.
> -G
> _______________________________________________
> DNSOP mailing list