IETF Logo Mail Archive

Re: [mif] Last Call for MIF DNS server selection document

Keith Moore <moore@network-heretics.com> Mon, 12 September 2011 12:52 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B880B21F84D4 for <mif@ietfa.amsl.com>; Mon, 12 Sep 2011 05:52:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.475
X-Spam-Level:
X-Spam-Status: No, score=-3.475 tagged_above=-999 required=5 tests=[AWL=0.123, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8EkkKsc6tIEF for <mif@ietfa.amsl.com>; Mon, 12 Sep 2011 05:52:17 -0700 (PDT)
Received: from out4.smtp.messagingengine.com (out4.smtp.messagingengine.com [66.111.4.28]) by ietfa.amsl.com (Postfix) with ESMTP id E033C21F84D5 for <mif@ietf.org>; Mon, 12 Sep 2011 05:52:16 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 0318028EE9; Mon, 12 Sep 2011 08:54:20 -0400 (EDT)
Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute3.internal (MEProxy); Mon, 12 Sep 2011 08:54:20 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=subject:mime-version:content-type:from :in-reply-to:date:cc:message-id:references:to; s=smtpout; bh=lt3 CxFDqwvQXU212us+tyLcUqPg=; b=Aiyh5EySwesNqzjRwMfZR4rGwWOdtW7a+WO TJDw7xwjQf1Wz8pCkqwSWEEyiB6GkYWow23tnvdOMqpk3DVolp1QdpKBV+B3wfdN Vza6eOiqjlM7fn0yehTGAjAIPtQqRLXu6f3mXbGoe90JVgQcGpWHiiYhSTGULRyJ cYicSi6Y=
X-Sasl-enc: UhHOxC3ShlWebcDBT6wnBZaYPWDZw5jPIQW9esyktiKs 1315832059
Received: from host65-16-145-177.birch.net (host65-16-145-177.birch.net [65.16.145.177]) by mail.messagingengine.com (Postfix) with ESMTPA id B364F7401CC; Mon, 12 Sep 2011 08:54:18 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: multipart/alternative; boundary="Apple-Mail-1-369912639"
From: Keith Moore <moore@network-heretics.com>
In-Reply-To: <916CE6CF87173740BC8A2CE44309696202571ED2@008-AM1MPN1-032.mgdnok.nokia.com>
Date: Mon, 12 Sep 2011 08:54:05 -0400
Message-Id: <051540FD-3AA1-4D1E-BAE3-AE7AC42BBBE3@network-heretics.com>
References: <COL118-W599D9E8760C3E370077FC3B1140@phx.gbl> <20110908204329.GN38973@shinkuro.com> <916CE6CF87173740BC8A2CE44309696202570894@008-AM1MPN1-032.mgdnok.nokia.com> <20110909181657.GB46494@shinkuro.com> <916CE6CF87173740BC8A2CE44309696202571ED2@008-AM1MPN1-032.mgdnok.nokia.com>
To: teemu.savolainen@nokia.com
X-Mailer: Apple Mail (2.1084)
Cc: mif@ietf.org
Subject: Re: [mif] Last Call for MIF DNS server selection document
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2011 12:52:17 -0000

On Sep 12, 2011, at 8:47 AM, <teemu.savolainen@nokia.com> <teemu.savolainen@nokia.com> wrote:

> The resolver MUST take into account differences in trust levels of DNS server 
> selection information the resolver has received. The resolver MUST prefer DNS 
> servers of trusted interfaces. The DNS servers of untrusted interfaces may be 
> of highest priority only if trusted interfaces specifically configure low 
> priority DNS servers.
> --
> [...]
> --
> Trustworthiness of an interface and configuration information received over 
> the interface is implementation and/or node deployment dependent. Trust may be 
> based on, for example, on the nature of an interface. For example, an 
> authenticated and encrypted VPN or layer 2 connection to a trusted home 
> network may be considered as trusted, and an unauthenticated and unencrypted 
> connection to an unknown visited network may be considered as untrusted.</t>


I don't think it makes sense to impose a MUST requirement in conjunction with something that's so imprecisely defined.

Also, the notion that trustworthiness of an interface and trustworthiness of a DNS server are somehow related strikes me as dubious.

Keith

v2.23.0 | Report a Bug | By Email