[hrpc] Two examples of drafts that have political consequences
Stephane Bortzmeyer <bortzmeyer@nic.fr> Fri, 21 July 2017 15:21 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D61DD131B05 for <hrpc@ietfa.amsl.com>; Fri, 21 Jul 2017 08:21:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id csU5fs5r535m for <hrpc@ietfa.amsl.com>; Fri, 21 Jul 2017 08:21:07 -0700 (PDT)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fece:1902]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D55FD1317A4 for <hrpc@irtf.org>; Fri, 21 Jul 2017 08:21:06 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 902CD31CE6; Fri, 21 Jul 2017 17:21:03 +0200 (CEST)
Received: by godin (Postfix, from userid 1000) id D02C0EC0BB2; Fri, 21 Jul 2017 17:20:33 +0200 (CEST)
Date: Fri, 21 Jul 2017 17:20:33 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: hrpc@irtf.org
Message-ID: <20170721152033.GA4434@laperouse.bortzmeyer.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-Transport: UUCP rules
X-Operating-System: Ubuntu 16.04 (xenial)
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/jkz8YRtL1k-TaXwyqhxD2LzrnMI>
Subject: [hrpc] Two examples of drafts that have political consequences
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "niels@article19.org" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jul 2017 15:21:09 -0000
If you meet people who say "IETF does purely technical work, we don't do politics", here are two good current examples that may seem technical but have political consequences. The first one is the most obvious, because it has clear privacy risks and they are acknowledged in the draft: draft-tale-dnsop-edns0-clientid "Client ID in Forwarded DNS Queries" proposes to add something in the DNS requests that will identify the client. This is already done in some proprietary products like Cisco Umbrella <https://docs.umbrella.com/developer/networkdevices-api/identifying-dns-traffic2>, which uses the MAC address or the device serial number. As expected, the discussion in DNSOP was the usual "It is deployed, better to document it, so we could at least add some protections" vs. "Bad ideas must not be published, it may be seen as endorsment". The second one is more subtle. draft-ietf-tls-dnssec-chain-extension "A DANE Record and DNSSEC Authentication Chain Extension for TLS" describes a way to send DNSSEC records required for DANE authentication into the TLS session, instead of having to retrieve them from the DNS. It may reduce latency, and solve some bootstrap problems (using DANE to authentify a DNS resolver…) But a consequence is that the TLS client must accepts the same root trust anchor as the TLS server, which prevents the use of signed alternative DNS roots. I do not claim it is ground for rejection, just that technical choices constrain what you can do with the network.
- [hrpc] Two examples of drafts that have political… Stephane Bortzmeyer