[DNSOP] Re: [v6ops] Re: [EXTERNAL] New Version Notification for draft-jens-7050-secure-channel-00.txt

Tommy Jensen <Jensen.Thomas@microsoft.com> Wed, 26 June 2024 16:01 UTC

Return-Path: <Jensen.Thomas@microsoft.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B12AC14F61C; Wed, 26 Jun 2024 09:01:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.256
X-Spam-Level:
X-Spam-Status: No, score=-2.256 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aENnzwXcxLF2; Wed, 26 Jun 2024 09:01:05 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-dm3nam06on2126.outbound.protection.outlook.com [40.107.64.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF418C14F5E4; Wed, 26 Jun 2024 09:01:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AhAEKx+fH5j0fFbnk3mDWlCKVsF0mrfEmd4CwBUtpkYM+SjXQwFSCvh9aN2JoQmHzpfoAPJOJ15QYlhxs7hVZgSEaLI+/hmLvnHbXuhVIyDGOoD2CZd4fP517AIa5ERQOLORIILB9vgvpZx/HxpYgMq/ecsl+gSfOkEtp3w8twB564excZox/NSOCj9ZoXR/izG/ZdwOD6v6kf9hgxIxxlnugAMXbZ3cdv04N0dsqw3VNNC/2d6qrUDT/UpeBQEf5gJkhGt9//vYmbrOz00bf6l7gnAUyz0qMhG9stSta/qXRzD0CyCTxNkp8Tf1Tow5mOUg0/kLTMyb/0GijBO7Jw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EB5U+VKM5sKskJtfYU8mela5KcG/RHmUM6JVu4h02L8=; b=JUHV+/q7/d3cee3hvPW+ysQpdWfEHlDEKeGhB1IupygXE5lTxD5uOksehrokwj7GjrWMua6Z7VXoFUzT91JhKdr5oVk4K42iCshgPoHwzFYW6F3UgDe1lioTbn2AgkvgB9pCBy19ILq/QXwHFk5e6zleCws9vJda9+cpiUa/EuNF1/w0ch/xlaAcDdtmq1qGljgrWq8HcLAjQz7t5PItR9pZEzZY53RpM1eD7e3fvtayljVhjiCZqWFlggjbl+8lySprRYTvtXYTKQQAf+HQMGUVzMmxUegvlwSh/bOdrJeg3MkW1KZDkEPyfS5FG+x6AVdMJUT/IPpQ/0jJ8xLlUQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EB5U+VKM5sKskJtfYU8mela5KcG/RHmUM6JVu4h02L8=; b=OiRI4lbYFQjYhaJFKkV88EvBawlJMU7e0wUOwbNX7kVDaxLWAENp7d0/jPKfZ3Ou/J/4v2bGR5q5tKWcSEq7+iBdNB6I6pxPL8kpgunSeL1fwCwdusqLBimjvXgXlscpjZrq6UR9aiiKaltW9rNrdPJJOtTu6i9Wwqkjj5gHHok=
Received: from PH0PR00MB1352.namprd00.prod.outlook.com (2603:10b6:510:10f::10) by PH7PR00MB1838.namprd00.prod.outlook.com (2603:10b6:510:2f5::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.0; Wed, 26 Jun 2024 16:01:02 +0000
Received: from PH0PR00MB1352.namprd00.prod.outlook.com ([fe80::f673:ea5b:d56a:bec5]) by PH0PR00MB1352.namprd00.prod.outlook.com ([fe80::f673:ea5b:d56a:bec5%7]) with mapi id 15.20.7758.000; Wed, 26 Jun 2024 16:01:02 +0000
From: Tommy Jensen <Jensen.Thomas@microsoft.com>
To: Brian Candler <brian@nsrc.org>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [v6ops] Re: [EXTERNAL] New Version Notification for draft-jens-7050-secure-channel-00.txt
Thread-Index: AQHax4rooYVVma+c4E6VfxvBcAi4gbHZht6CgAAc6ICAAI5/TA==
Date: Wed, 26 Jun 2024 16:01:02 +0000
Message-ID: <PH0PR00MB13527A4B2814F8748808D3E3FAD62@PH0PR00MB1352.namprd00.prod.outlook.com>
References: <171938023258.233563.15620604196859383340@dt-datatracker-5864469bc9-n5hqk> <PH0PR00MB1350CE1FF1162D8C77FEE918FAD62@PH0PR00MB1350.namprd00.prod.outlook.com> <a2756f5f-52d8-4529-bb1a-166bc80f5b96@nsrc.org>
In-Reply-To: <a2756f5f-52d8-4529-bb1a-166bc80f5b96@nsrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-06-26T16:01:04.140Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR00MB1352:EE_|PH7PR00MB1838:EE_
x-ms-office365-filtering-correlation-id: 0baa26c2-7486-468a-3f31-08dc95f92d8f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230038|366014|376012|1800799022|38070700016;
x-microsoft-antispam-message-info: ZVPFGOXlVlltfZahDhq1tzr3ZX3AosROBMCf6mCRB8qff8GSeWDsD+4xhYaB8vsFNWIJKLlBZ5kNnFiN489zEwpstzQ0+k9GhI266f796fuBbpk+mpT+M3w/4x1IFwgU5fhjEKax7NjO67dWKjduGBt0fkTK56eWHccN84771mvOWdmcRvwMSdMNufCJHVcx1rCj0OIomp9KYQ0ME94Tw9VM/V1C3OWThMd7A+KjIr2Y8H6ZKlIOl+v/lT70GODqr96x9iru2xj3vMeL+WQz6iHYjl6mhqrgRSMcYGnIWv0pru0yUcZoFlEg6h7cx8qyOX1AlcHPJP/NXby8SzalU9L7ljloYOO4rvWYUAmXRGnA9Q4wR5Eu3UV6F0cRKhH2urX5s1UF8sPgda09+YdHjFGyJjun5bGJdBXptBn1H2fGBRa4WeJ4xojp0VdtfwKZwsUyWi0lm0q9Sj8wIW5FTC7MjrZ+YDuC11abaaDwimIHCUQwVdL8StYCaARc8u+6Eg82o6i+2GsgRCbutWGJCS0upIJhgcALoDT2+/PfEcEgitHuwOpeqSjoAzSdsWxTDpE2zz7Z9m7jMXNkQJJAsxhnggEuggtKwE7faJwNURZmsg2uvEruxO7o1Mz3HDg7K4WK9nVf8OFq2zH4qXTQhdwj9x1wAUuI0EborgVeK8sp41mvQJZwpGRzRzmeDGD9Jh/heLlaG5jwYU9POHL76S2aHnhAUKn4yK6xGVsMZN6oUzg2IBbk8uTlaj0HZo9BiJi2PmiO2/p7kkvHMuyXHFV3FWjgtmYn8Z7tMlzSIld8IN6uE3saxfZFVkavkzgHj35+DPdNT+w3CZ13vlmsk0hB1A+YC0c+QdBHzWkp/eMF7da1R3LBWGs6Zvn+nRxOuz/usOBosQRTYD7Qz8VgX+/uKg9vvT/O+gEhoFCvf+6kCp9xx5MHWm1YB4IKzzWd1WISKJIQ5OZn4DhLTNOqVEoXtxXuUXMUEEevODqvif9NPkBrizTtrKDX4Itx2Y7Ch4hU5wvKmxRDzujmi4sr3fTQiuz4Vz1Bl3QGANeftwcLpWDNHDXX0N9D6G3S4tMUNcsJq6RDm4HAlgFCfKeZTP4bbxA8GP1NtsFt/uQ7AWA+9wG/v9BNh3X4yhI87Dhs+6F3VcxqboJhC772SwILuV70FoZ4eZ8aWxuP/u9c8uFXIX+EmuHWOXGsYd4Ffyv2/mWmOu/exDsRu32KQ1dwcm857NvACH9xf9Mfasdc/7DBwfxzupUXCHAy1UTvx7OX9zYvEiZDGZ0I2sBbpUPL+4BGLhda2IdghBx0glTY7QLLrs6vf9LsteG9BZZG+8/A9uR509etkV+4HHSgZtOipWVkcmab4+nGOMHhvVVlBHmPj1my+jxhhRlobbFCDqsFNWQFnIsrS3t99pMlcevSWA==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR00MB1352.namprd00.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230038)(366014)(376012)(1800799022)(38070700016);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4zQO1TAtIm1ELEohzenzZAAmgR1KR3hpCncOdlNavRFdyPCdkN2E3PPxvaDzCJfbrFPf2STuMK/PQh/hnVgtpnUysh+S58EOUurwb9fUeth3E5TKK4uQCElwVtO5aFlpxFIHT7eOhg+s9y+Hf+nsck6+E784D8y/BrIQ8nhV/aQNsy5vIluZ056JzwD7TjFoQJHkQZ5YvVPDXcuB+Q8+HzaqoRVZMYiM3FFaRaECmbfMV5na3U+xxwnVIoS6pvxW/+OGbmfuZApzy6qGIHBA7UCF/XAKAbVrfu/VIvda0zyNbFyV8UVp+cILbySpNmmMM8Hoqi0/A+rOECNxa5fw9+vjFFrgx+dzByriqyZgoPcDqkpEvhbsRbSDISo+AJK7kIYWgY2zotKrsRxdNGmib0mgUjWGyL5zL9LxlAa8CV/AuP9i/TOiuLfRw3YB7mUZekJVMzrq1N/T1prWpUemnE7fIGV11moZNklDJerYTGT+Ei5eUfxVUrpin9BM3RAt+LaaN+JNIjVCuKLBgbh0FjGj7XWNiDe2WdAyFXh8hE+xuhMHarB6x1Y6n50FmHQw9is9nd2UwRFVtwI+03naVxMCcyVpXFI4EevxTZK8D8LKHNSYPTzKwKbtQK0I1foK3ZNRaH4nHvU5kAztXAzMfDJBoJWIkvsOhTNW2hVxnFuScOWUlRqAzkLHm+xLK4GNsAgil2SyVBMd4+ZRQ51GDxMfKqeN/WZdvrLudbP+7tCnn/S5fCyHdKGUqYuO4E9XLMdrgv7Ndz5oV1jU0er5+L5XNJuTMV5+PVYwdq9EorK+ovyr5vz6YkSeW3v/gIOvQRfU572vF3IghXXLTQB9gCR1JDoB51PzX2JkqGYuI5taU00mjXY4PNtfaCI6UkKf0y9jwNPyeM1Ul6zvS5MVyDbA+DG8z48qG1qzQ5uhwlLJFmtSJ0AjJtM/NxB5d4d/2+cAfQYpoeCtegYs/4g1ehhr4NVEpH73fi4WQL6ZERZB8Y7APeqhD/5mN5zaTb/S5tKfK2NkvTpniUjs7pZ0sAfcevbpkuhueY0PXg8ONA/5+FXu1I1wKzP77n5WdLA9KBAYUrJdgVJquJq6Tcetu2MK1ROvipZvd555Zm/eTF8I8buunafOjJoz4kCpIdwIn5c8JAJakzmBwK4rWeIAGmYxRDxcm533BQQl7Fc5uRdhn/hbAhJG6B4qPa7ez6dgAGce4WUqwSvDxMLj4224OTUU8y3Vx6TcIQU4LzFSCI83ALA35lM4Fo48Cp11LQrZuMqOW8EDHxQE+/69sa2oJYawZu0W4NsH/y/cBBnKada7S5szWh/qK6FPU+kQyqMSkytKFw4/AAmTDxW7OYHKhp7FeaaX2YS4oK2hIfFFcG+SneXDVd5jw65p2kzLDlCBIjdmqYn5o1PMvMLRCzL9SUFFm1zZmsWxQYY++LMGHXM4KAf/EeaUR54dCL6YfvPKtOhN54/lYdFOR+I/u/o3AboHszhA0+L7P7p25h8RJ2nCLja+h3XXDu42iwb4E/wJ9scEMxeNjgYWI0cNcpPT8GKpXoDmOSMPNyo/urkLNdw841l+vAne5osWw0258ih/i/Xp003V7KTbOGG3ryJgwnL3QFq3vTIk9lm6gPiytu9SFDnAYbYIujbtJIU89qdX
Content-Type: multipart/alternative; boundary="_000_PH0PR00MB13527A4B2814F8748808D3E3FAD62PH0PR00MB1352namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR00MB1352.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0baa26c2-7486-468a-3f31-08dc95f92d8f
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jun 2024 16:01:02.3338 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TYtp6eWT6dkGYhFflo2ltrdz8kBzJRQGvVEaskFha97EwQygLF7Nkul0MR6njEWoByTMAOsa8TgBoZo8kp6qyw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR00MB1838
Message-ID-Hash: N5JEKILZH66QVJ2AXV7HERWBZC23R6WL
X-Message-ID-Hash: N5JEKILZH66QVJ2AXV7HERWBZC23R6WL
X-MailFrom: Jensen.Thomas@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: V6 Ops List <v6ops@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [v6ops] Re: [EXTERNAL] New Version Notification for draft-jens-7050-secure-channel-00.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/qcW5HAjSjdgevcg7VC8d0IOUKYk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

That's a fun question. I took this approach based on my operating assumption that 7050 is still useful to some folks (noting 7050 is also still in the CLAT recommendations draft Jen and I are writing). I wouldn't be opposed to writing a deprecation instead if consensus indicates 7050 is no longer needed.

One use case could be 8781 is harder for apps above the networking stack to read, which applies to NAT64+DNS64 in the absence of 464XLAT and apps that are IPv6 aware trying to reach IPv4 only destinations. I might be tossing a match into fuel here, but to answer your question, I think we need to first answer "what is our recommended story for IPv6-aware apps communicating with IPv4-only peers when the OS gives it no IPv4 address or CLAT?"

There may be other use cases for 7050 that 8781 can't meet, but I'll let others speak up if they want for those. I certainly have a PREFerence for 8781.

Thanks,
Tommy
________________________________
From: Brian Candler <brian@nsrc.org>
Sent: Wednesday, June 26, 2024 12:21 AM
To: Tommy Jensen <Jensen.Thomas@microsoft.com>; dnsop@ietf.org <dnsop@ietf.org>
Cc: V6 Ops List <v6ops@ietf.org>
Subject: Re: [v6ops] Re: [EXTERNAL] New Version Notification for draft-jens-7050-secure-channel-00.txt

On 26/06/2024 06:50, Tommy Jensen wrote:
> I am seeking feedback on whether updating 7050 is the correct
> approach, and more generally, if there's interest in taking up work in
> the area of "revisiting how a stub resolver should secure its
> communication with a DNS64 resolver".

With the PREF64 mechanism (RFC8781) already seeing widespread adoption,
are we at a point where we could simply deprecate RFC7050?