Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for Encrypted DNS
Erik Kline <ek.ietf@gmail.com> Thu, 13 October 2022 15:05 UTC
Return-Path: <ek.ietf@gmail.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C066C14CE35; Thu, 13 Oct 2022 08:05:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bAxKTQ7khHS3; Thu, 13 Oct 2022 08:05:49 -0700 (PDT)
Received: from mail-vk1-xa2a.google.com (mail-vk1-xa2a.google.com [IPv6:2607:f8b0:4864:20::a2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54920C14CE20; Thu, 13 Oct 2022 08:05:49 -0700 (PDT)
Received: by mail-vk1-xa2a.google.com with SMTP id h25so558917vkc.6; Thu, 13 Oct 2022 08:05:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ttq4Xxvx9RBU6NEWpNjyokm3/5+o6ir6Sh/USikpMc4=; b=OZ483zSQyz370oWJXbY50jRHta7eF4AvsUk0f6EEF1HSLj77EYGXJtS/ecXeng0Jg8 67b376ze3qaoDKFJDrKixGZ0x6dhXvT7GGH57aQqxVZ6a5Hg0uZRSsrxejKpoAJ0K2eE DjltX7nUg1bRUlos9HhSe8bBSDrqrsOGE/aDURv2iG8oIug+wF/DhzqPZpdHxdSzzp5h 8n+DZ50/cKmUvHJWp6IfzFa/so2MxKjRYHpDwbFXvXz0dNXu+gegjZG7KXglm8wwrxdA XdjylymNIz/0qT/ANFKEnd1vXfhFMWBK/Xjlwe7qIpnUiOnVG6VNPep53BnfUEpz+eFx cEMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ttq4Xxvx9RBU6NEWpNjyokm3/5+o6ir6Sh/USikpMc4=; b=iRXgPWmbZjg7f6k5CrIW5Wf7bFsF5qWx3Okq+NWCERbhyhDLxGTkTA1AAKYQbwZDI/ /Xgkfx7FgZMlY7MXiHGXR7d37fxW91NK8rMP+f7dNJ2f2+CgsLy6QO26p7o1r1DIrRqP xsyTedFehqRpqKW0MP4U/PWzIS2OVNjFS1dfJ9gvGVoreFRFXd2BW4+z3bnqGXNa8MPe lVbJQzUvoVc8cx5HUNWkBTCBUHa2a/qL28YmMJPoQeIiaNeibIwhBfmiOGMQS37364/L KP5axYfhDhbtzM1I5lriL67RODxD3i8MkXdXvN5meqgHtQdH1s8svXpiiWd7kNOD4uyh 4wUg==
X-Gm-Message-State: ACrzQf0vLZ8JvnoMC9AWPw00F+IrHeRgEqTpEfj+rvXXRjF74ZDZmYJ3 WEzhd+ppA87gK4JpMnmCOfmkEb8BpCazuGC5+gE=
X-Google-Smtp-Source: AMsMyM4pd+WIplMjWWuZiGQvOIf632OXvTjTocrtgijcxEUw69XY70qHQZtduGLOdkm5ALS5ytPd5gcEYKydVyrtXLk=
X-Received: by 2002:a1f:9f16:0:b0:3af:1cc7:5096 with SMTP id i22-20020a1f9f16000000b003af1cc75096mr319700vke.8.1665673548111; Thu, 13 Oct 2022 08:05:48 -0700 (PDT)
MIME-Version: 1.0
References: <28766_1665646855_6347C107_28766_2_1_c61b294eae1742b4bfbf125d0fd0e92f@orange.com> <B6BBABE1-9194-4190-A84A-BA64889FC6E6@hopcount.ca> <CAHbrMsAsC0N2uNpFuiMYEiPgQQQzAwikuiTL0dWZoNhgcPRwNw@mail.gmail.com>
In-Reply-To: <CAHbrMsAsC0N2uNpFuiMYEiPgQQQzAwikuiTL0dWZoNhgcPRwNw@mail.gmail.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Thu, 13 Oct 2022 08:05:35 -0700
Message-ID: <CAMGpriUQD3P6-Ok9tPmpzZ3Q=MHO1wQymGb5h5vqL+xDWgwyZQ@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: Joe Abley <jabley@hopcount.ca>, radext@ietf.org, ADD Mailing list <add@ietf.org>, opsawg <opsawg@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000025a31705eaebd88e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/LNEx5kyjvz-D6seU_f2XVbaNlTg>
Subject: Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for Encrypted DNS
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2022 15:05:53 -0000
On Thu, Oct 13, 2022 at 7:51 AM Ben Schwartz <bemasc= 40google.com@dmarc.ietf.org> wrote: > I don't think we need to determine whether ECH is relevant for the DNR use > case. Indeed, ECH as presently specified will generally fit inside the > 250-octet limit. My point is that we are setting ourselves up for a very > painful compatibility challenge if longer SvcParams come into use in the > future. I can certainly imagine longer parameters (e.g. signed objects > with certificate chains) that might be useful in DNR. > > Even if longer SvcParams aren't useful in DNR, creating an encoding that > can't carry them introduces a serious compatibility problem for systems > that copy between SVCB, DNR, and RADIUS. What is such a tool supposed to > do when a valid SVCB record or DNR option is unrepresentable in RADIUS? > What is a naive operator to do, faced with this error message? > > I understand that we can't eliminate this problem, due to the 4K limit, > but I think it's worth avoiding it as much as we can, even if it costs us a > page or two of standards text. > +1 --Ben > > On Thu, Oct 13, 2022 at 9:03 AM Joe Abley <jabley@hopcount.ca> wrote: > >> Hi Mohamed, >> >> I may well have missed some nuance in the discussion that came before, >> but I found this comment interesting: >> >> On Oct 13, 2022, at 03:41, mohamed.boucadair@orange.com wrote: >> >> This specification targets typical broadband services in which the use of >> ECH is not relevant. It does not make sense for ISPs to be hosting multiple >> domains on the same IP address as the encrypted DNS resolver. >> >> >> Can you say why? >> >> If an operator has invested in infrasructure designed to be able to >> handle TLS and HTTP at high volumes with high availability, does it not >> seem possible that they would seek to reuse that general TLS/HTTP >> infrastructure for multiple purposes? If ECH is relevant in other services >> carried over HTTPS, why is it definitively not relevant for this one? >> >> >> Joe >> -- >> Add mailing list >> Add@ietf.org >> https://www.ietf.org/mailman/listinfo/add >> > _______________________________________________ > OPSAWG mailing list > OPSAWG@ietf.org > https://www.ietf.org/mailman/listinfo/opsawg >
- [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encrypted… Joe Clarke (jclarke)
- Re: [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encry… Joe Clarke (jclarke)
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Ben Schwartz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Blumenthal, Uri - 0553 - MITLL
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Ben Schwartz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Joe Clarke (jclarke)
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Joe Abley
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Ben Schwartz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Erik Kline
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Michael Richardson
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [radext] [Add] 🔔 WG LC: RADIUS Exten… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [dhcwg] [Add] 🔔 WG LC: RADIUS Extens… Alan DeKok
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… mohamed.boucadair
- Re: [OPSAWG] [Add] 🔔 WG LC: RADIUS Extensions for… Bernie Volz
- Re: [OPSAWG] [dhcwg] [Add] 🔔 WG LC: RADIUS Extens… mohamed.boucadair
- Re: [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encry… Joe Clarke (jclarke)
- Re: [OPSAWG] 🔔 WG LC: RADIUS Extensions for Encry… Joe Clarke (jclarke)
- Re: [OPSAWG] [dhcwg] 🔔 WG LC: RADIUS Extensions f… Bernie Volz
- Re: [OPSAWG] [Add] [dhcwg] 🔔 WG LC: RADIUS Extens… mohamed.boucadair
- Re: [OPSAWG] [Add] [dhcwg] 🔔 WG LC: RADIUS Extens… Bernie Volz