IETF Logo Mail Archive

Re: [DNSOP] [External] Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00

Andy Grover <andy@pmtu.dev> Tue, 16 July 2019 03:52 UTC

Return-Path: <andy@pmtu.dev>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B524412004F for <dnsop@ietfa.amsl.com>; Mon, 15 Jul 2019 20:52:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hq3tPwKpxNNB for <dnsop@ietfa.amsl.com>; Mon, 15 Jul 2019 20:52:04 -0700 (PDT)
Received: from pigeon.buunabet.com (pigeon.groveronline.com [198.145.19.6]) by ietfa.amsl.com (Postfix) with ESMTP id 7560112000E for <dnsop@ietf.org>; Mon, 15 Jul 2019 20:52:04 -0700 (PDT)
Received: by pigeon.buunabet.com (Postfix, from userid 501) id BFAC2607BA; Mon, 15 Jul 2019 20:52:02 -0700 (PDT)
Received: from [192.168.1.47] (c-73-96-61-98.hsd1.or.comcast.net [73.96.61.98]) (using TLSv1.2 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by pigeon.buunabet.com (Postfix) with ESMTPSA id F1BAE6077B for <dnsop@ietf.org>; Mon, 15 Jul 2019 20:52:01 -0700 (PDT)
To: dnsop@ietf.org
References: <CAChr6SyVmgMpD6Cd=m2Z03nts-Bv9ZVgJkG8oaj_jzwYMUZuCg@mail.gmail.com> <4966582.gC1Lsr5W4Z@linux-9daj> <CAChr6SyapDz8ZKNU8nOuncPMWajBuE+eF3WMFP9GWAs+B-uP9g@mail.gmail.com> <3220557.rvQTihJl8x@linux-9daj> <CAChr6SyM3LSgAdu5+SJGq-n=+AZc7M44BVSru_EZgf9svBHo3w@mail.gmail.com> <OF8D4BE6E1.0CDB3E8E-ON86258438.005BC3BC-86258438.005CDBC6@prominic.net> <b109c871-5980-1599-4e6c-2a126da89519@mozilla.com> <CAChr6SwLn62im2u65uWvR86=L7=oM+YuCAEAtkLkuV_1t53d+g@mail.gmail.com>
From: Andy Grover <andy@pmtu.dev>
Openpgp: preference=signencrypt
Autocrypt: addr=andy@pmtu.dev; keydata= mQENBFz6mPMBCAClDMGqYBeCSE0Q+rU7v0JibtGh+nSZoNTSdXOHUkk3rN7rmJwdjlWsL0aT 2BGsSYBQjuqlculeJAQq6GG8dj7gjkDX8zVvjNPVqZxNd0bRh9DFE5AZrz3TiTIUwNauKWE9 XvVCMn/ZfzEJhehLa7SUs5vgZ6NHaScq4KZByfNsmiu/n+mPRhJOjgIN7fql5u+ElnNHxOP3 Z9vsoQc5pS9YAMKtEvyWgljm4fbZMs6VBDUGJGaLRmALF5VrJ5AJKzbZWZmaXYNqoxdtakT5 PhJuXkqdnrijZw8TJCglQ/z2wiq2HCU2pzq6/l+19yV0m9iegEuPgtAuwqkh4ecsPAbbABEB AAG0IUFuZHkgR3JvdmVyIDxhZ3JvdmVyQG1vemlsbGEuY29tPokBVAQTAQgAPhYhBKVh7hV4 1gY7lZbAkBVqKb2tr6NBBQJc+pjzAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA AAoJEBVqKb2tr6NB7uwH/RIEtXUCpRGCbVO5LyXmlzTCue9djrb8YrvOOyeVzUxA5kIskguB 5DH7X7RuVa1PlsfsG2F40/5/bPS/fjYIUOGxTQdyiXGeVPotDvg4vaC/3zV16gs8YxOgzKgb P7QhFLHkZoITe6gOv4R0QH1qvRkbg9cyyPr5FoIPaLoXDnw4DWxaNBUSsN+fPRI87yUjPO1v kL+OWBOnBsHxNGaHjd/s9WsIUp8RbLbfMEI+xlM8lM+r5ccECkMS/l9NFX+mCMUlRXqTkd49 mWYJWY5zNnLyqbAZcaRGCrFlX/gjDn8p+pXQEdvtbbqy3KMofxrmf73ECSStM0WnOEgWtSFG ycW5AQ0EXPqY8wEIAMY7xc/W7mIt2nyAe9K/5RiuyGaDItuaEbFzfRmxFvISJm3s5LiyyrGA 82o0HQWqoMjPyLd+pGSSxHL5aWCUsj5vt/rV0FCPvC8W3a0bWxHa+sbb0VeAHna18Ozav1Cx RFLW437tqaD8yF5yh1c0aGolCqv2LjMHetm+UmFoQVbSfcJoxpXepJFVDwvrqqlL+5BoQM15 MzCwux/D8RCgNlTXTnlfm6bRvlD5ttgDoyzN7qYwm+RjA9Izhyps39fKzdk8xkgeu/A55C94 KcPuSs4U9ti7WeU+CubDaLB3bxp7KCyjWpX3oS2CxHFnQsBAbzGx8UeH3dXbdni1AjE71wkA EQEAAYkBPAQYAQgAJhYhBKVh7hV41gY7lZbAkBVqKb2tr6NBBQJc+pjzAhsMBQkDwmcAAAoJ EBVqKb2tr6NBP2MH/0g/e3idsu/ajGzRx6CaRd/ZNxG0/p0aYT4iQWUEt0KZVyHKf17OQK2z u3QSGjSR2V1H419U0m5V3HSMQmy5XrGi3ks4f01Cgq2HiYizhwVwqNVfZERY+WavEIr35w/L eJqEI2Cm4PySxbOOuFig6R7GAknL76iKQBlMH8uX7yV9p0JnrI6tn0lm2n4UjW76CJ3Fk6gD wqoDYDQXfIxYtyMD6QUfiSDZ+8KZoCMDYQQsEcDBz0hRI2mHwL1jHkGNMcVOhBZPtUHinFTc EiQKDXQKkBvschbpbcfJI5g82v6Bl5M995ob7wsXy8VN5+usot+bKqQHGYMsBMbqJf+Ci1I=
Message-ID: <882ddc6b-3f0f-eaf9-0aec-4fe1d6150f75@pmtu.dev>
Date: Mon, 15 Jul 2019 20:52:01 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <CAChr6SwLn62im2u65uWvR86=L7=oM+YuCAEAtkLkuV_1t53d+g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tPY7R3R2A3rIzBfrBzYFcd59DEo>
Subject: Re: [DNSOP] [External] Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 03:52:07 -0000

On 7/15/19 8:21 PM, Rob Sayre wrote:
>     Mozilla's intent is to deploy a set of trusted recursive resolvers, as
>     Ekr explained back in March on the DoH list:
> 
> 
> And also to supply a domain name that disables everything? That's what
> the draft does, right?

Although the draft talks about policy a lot, it is actually pure
"mechanism". The draft makes it possible for the user (or user agent) to
know something it did not know before: whether the local DNS resolver
implements a policy.

A user agent may decide to do different things with that piece of
additional knowledge, but without the knowledge there's no opportunity
for a decision to be made. That's not saying everything's going to get
turned off, but everything always turned on isn't ideal either.

To speak more concretely, right now some existing filtering DNS
providers have ways for users to know if things are working as desired.
OpenDNS has internetbadguys.com for examplle, and other providers have
similar. These are useful, but would be more broadly useful if they
weren't provider-specific. That's basically all this draft is proposing
-- defining one canary domain to check instead of one for each provider.

-- Andy

v2.23.0 | Report a Bug | By Email