Re: [DNSOP] Draft for dynamic discovery of secure resolvers

Paul Ebersman <> Tue, 21 August 2018 02:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 246E1130E8C for <>; Mon, 20 Aug 2018 19:26:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qs1M3XVkoWjM for <>; Mon, 20 Aug 2018 19:26:27 -0700 (PDT)
Received: from ( [IPv6:2001:4f8:3:36::235]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AFECE130E72 for <>; Mon, 20 Aug 2018 19:26:27 -0700 (PDT)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 797DD37401C3; Mon, 20 Aug 2018 19:26:27 -0700 (PDT)
Received: by (Postfix, from userid 501) id 50A64AD6A31; Mon, 20 Aug 2018 20:26:27 -0600 (MDT)
Received: from fafnir.local (localhost []) by (Postfix) with ESMTP id 4FF5DAD6A30; Mon, 20 Aug 2018 20:26:27 -0600 (MDT)
From: Paul Ebersman <>
To: Tom Pusateri <>
cc: dnsop <>
In-reply-to: <>
References: <> <> <> <> <> <> <>
Comments: In-reply-to Tom Pusateri <> message dated "Mon, 20 Aug 2018 22:13:41 -0400."
X-Mailer: MH-E 7.4.2; nmh 1.7.1; XEmacs 21.4 (patch 22)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <55365.1534818387.1@fafnir.local>
Date: Mon, 20 Aug 2018 20:26:27 -0600
Message-Id: <>
Archived-At: <>
Subject: Re: [DNSOP] Draft for dynamic discovery of secure resolvers
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 Aug 2018 02:26:43 -0000

ebersman> That may be the consensus at the IETF but it's not even close
ebersman> the consensus with ISPs, nor large enterprise. That seems to
ebersman> cover most of the eyeball/consumer... DHCP is still how much
ebersman> of the world gets connected and that hasn't changed in decades.

pusateri> You're misquoting me and arguing against a point I didn't
pusateri> make. There was no one saying we don't need DHCP. There was a
pusateri> general agreement that DHCP should not be extended.

pusateri> The DHC working group never completed the work for DHCP
pusateri> authentication. It's not trustworthy enough in its current
pusateri> form to add more things to it.

And I'd argue that this is also an IETF opinion, not the majority of the
internet. There's a reason it's still the most widespread configuration
management for devices. "Not trustworthy enough to extend" is a fine
academic opinion but doesn't hold water in the marketplace.

DHCP is no worse currently than TOFU. We trust that the OFFER packet
will be from the DHCP server we're supposed to use. Trust On First
Use. Not great but it works more than not. At least that's the argument
I kept hearing for TOFU. We actually have operational experience of
decades for DHCP and this isn't a wide spread enough problem to kill any
innovation forever because it's not perfect.

If we want the world to use what the IETF develops, we have to be able
to balance theoretical risk vs sane and widespread deployment.

If not, someone will just wind up shoving this into yet another DHCP
vendor option and every vendor will be different. That will be even less