IETF Logo Mail Archive

Re: [homenet] Status of draft-tldm-simple-homenet-naming CFA

Ted Lemon <mellon@fugue.com> Sun, 13 August 2017 12:28 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A3D1132758 for <homenet@ietfa.amsl.com>; Sun, 13 Aug 2017 05:28:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsneBP1dGi-Y for <homenet@ietfa.amsl.com>; Sun, 13 Aug 2017 05:28:08 -0700 (PDT)
Received: from mail-pg0-x229.google.com (mail-pg0-x229.google.com [IPv6:2607:f8b0:400e:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00149132514 for <homenet@ietf.org>; Sun, 13 Aug 2017 05:28:07 -0700 (PDT)
Received: by mail-pg0-x229.google.com with SMTP id y129so31558606pgy.4 for <homenet@ietf.org>; Sun, 13 Aug 2017 05:28:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=DhTX+NOajgc0Jjr4sl+ku2guCwSRzIIT9Ha9qFXE0sA=; b=GGRA2B7RM6Ii99vGZyCcjtqkady1phvftC7DjcfbXJaCaY3jDDqF5r/rrUPI3ne2Wv LYQ2S7t6m+RwLZPvz22GZUVBi8sDJh3OW6nvLlztov473jO3OMXiFPax+GL+8xze3z2R Va/6n8kia0XaH/j5GDcuE7/Qy2ouw/vGkPSvzV4qo5RdO1XWttilYSEWErWQMK+5b+hC 7z3T+1vSWNzcniZBRwnaxN/acBUnD4NSpJzOqYlX7Yjj7QN8lop5QZakSkvk8z6J8WCL b+QDnRMEo79rAzE/i+0/GHr4tdmqXQ1D7bf7M1+mAC4fbRLAYwG2Bv29M//HafZyU7mg hg9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=DhTX+NOajgc0Jjr4sl+ku2guCwSRzIIT9Ha9qFXE0sA=; b=AGsxIR5FeFaVW07A9m8t5x0SGBxRn86tytlzjpXHd1eLe3HiXjriiKd9hZ2xuoz6fU tyAEY22Bm0CvNJPwbVUvcRaaaj/JvJNrt5GJtAnP4uJIjjE+NK5uqEOGe53IBoMbt9qN EGjm7a3Oi6U9D3wLrlQW9sofPTXHvFLJ5joq7jFjMB/OR1g68NOuBJiOkM68td3Vi77k P1E8/3VHguPR4V5X/i2izbUQjj2L2dFBv2MQ6Q5mWSNMaRODWU/urHgQNTtTdVI+eMZ5 e//553jybWJS+oefO9lONQux1dkVI2zLvXTCEbuFN55VR4JyfFz6WimS9XCAYH6qnuL1 zpvw==
X-Gm-Message-State: AHYfb5hb9V6qoBsLqZeU9APh2OltTB2rss5djOO4+COfPgDE3qf7WjLA em/a8+jmjIoYBWWWXG0fLpwNo9rVC1/F
X-Received: by 10.98.139.134 with SMTP id e6mr21698819pfl.111.1502627287476; Sun, 13 Aug 2017 05:28:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.180.131 with HTTP; Sun, 13 Aug 2017 05:27:26 -0700 (PDT)
In-Reply-To: <871sofzqma.fsf@toke.dk>
References: <2D09D61DDFA73D4C884805CC7865E6114DBF5904@GAALPA1MSGUSRBF.ITServices.sbc.com> <20170810203843.xq7wxdxp27vqt4pz@mx4.yitter.info> <87wp6byvw5.fsf@toke.dk> <A9C8CA05-54A0-4160-B2F0-645744BD259E@fugue.com> <87poc3yt3d.fsf@toke.dk> <22E4B7B8-317F-4CBB-8536-D0AB345B0837@fugue.com> <87h8xez9ys.fsf@toke.dk> <CAPt1N1m+218+FX_G+2W-msDWmxP8XXMKF9S0faTeCBnEEzk1uw@mail.gmail.com> <877eyaz2jm.fsf@toke.dk> <CAPt1N1m5nVGD-y2VrbkoTEPTs4qF98oRxGuvd-Has1yzuS0fmg@mail.gmail.com> <874ltez1wg.fsf@toke.dk> <7E8390B5-9048-4783-B17F-6C9EA5610887@fugue.com> <7ivalujdfu.wl-jch@irif.fr> <15F1CE39-82EE-4B0D-A31B-2C1805991541@fugue.com> <871sofzqma.fsf@toke.dk>
From: Ted Lemon <mellon@fugue.com>
Date: Sun, 13 Aug 2017 08:27:26 -0400
Message-ID: <CAPt1N1=oiU+DbjD6izOBNJOnC25d=-S3ARqFxydRfWLEet5mEQ@mail.gmail.com>
To: Toke Høiland-Jørgensen <toke@toke.dk>
Cc: Juliusz Chroboczek <jch@irif.fr>, HOMENET <homenet@ietf.org>
Content-Type: multipart/alternative; boundary="f403045c4322b345b80556a1ad0b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/xV_Yfg0tSW6uTUeVNGnJpjj3a5s>
Subject: Re: [homenet] Status of draft-tldm-simple-homenet-naming CFA
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Aug 2017 12:28:11 -0000

Hm.   What I think the ideal resolver to have on a homenet is as follows:

(1) It can be configured to scatter queries randomly to a large number of
resolvers all over the internet.
(2) It can be configured to send certain queries to forwarders provided by
one or more local ISPs
(3) It can be configured to filter domain names based on a subscribed list
(or a set of subscribed lists) of known-bad domains.
(4) It can be configured to provide its own answers for some set of names,
in order to break devices you own and have paid for out of
provider-supplied walled gardens.
(5) ...

However, this feels to me like it's a laundry list of features that are not
_required_ by a homenet.   Many of these features require a fair amount of
understanding to configure.   Doing (3) in the local resolver is actually
hard, because the list can be quite large, or else it's privacy-violating,
because you have to send your query stream to the thing that manages the
list.   Ideally (3) would be done on the same mass of resolvers that you
are using for (1), so as to keep the query stream private.

The point is that what I have specified in the architecture document is
what is minimally required to allow a homenet to function given ordinary
ISPs and ordinary users.   I think trying to do some of the things on the
above laundry list would be very interesting work; trying to get it to
where end-users can use it without being experts and without being made
vulnerable to scams would be very cool, but is out of scope for this
document.

Does that make sense?

On Sun, Aug 13, 2017 at 6:52 AM, Toke Høiland-Jørgensen <toke@toke.dk>
wrote:

> Ted Lemon <mellon@fugue.com> writes:
>
> > What I find completely perplexing about this conversation is that you,
> > Markus and Toke, all of whom I know to be smart people, think this is
> > hard.   What is hard about it?   I think the reason you think it's
> > hard is simply that you don't know how to do it.
>
> Ah no, this was not was I was trying to express. As you say, technically
> implementing what's currently in your draft is doable, but adds a small
> to moderate amount of complexity. This can be acceptable, *if* it
> provides a corresponding benefit. However, I do not believe that it
> does, for two main reasons:
>
> 1. In every encounter I've had with an ISP-provided DNS server, that
>    server is either (a) flaky, (b) censored or (c) both. So limiting
>    ourselves to getting replies from just one upstream for a given query
>    is going to give worse performance than using all available servers
>    (or just doing our own full recursing from the root).
>
> 2. Even if DNS queries are paired with source prefixes, the client still
>    has to pick which source prefix to send the DNS query from; how is it
>    going to do that? (This may just be me that is ignorant of the
>    details of the MPvD architecture; if so, please do enlighten me).
>
> Together, these points mean that as far as I'm concerned, what you're
> proposing is adding complexity to achieve a behaviour that is going to
> result in *worse* performance than doing the simple thing. Which is not
> a good proposition, as I'm sure you'll agree.
>
> Now, as I said a few mails back, I am perfectly happy to be convinced
> that there *is* a benefit worth paying the complexity cost for; but,
> well, someone is going to have to do the convincing... :)
>
> -Toke
>

v2.23.0 | Report a Bug | By Email