IETF Logo Mail Archive

Re: [saag] Discovery: can it be solved

Tony Rutkowski <trutkowski.netmagic@gmail.com> Thu, 18 November 2021 00:27 UTC

Return-Path: <trutkowski.netmagic@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A30963A040C for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 16:27:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.62
X-Spam-Level:
X-Spam-Status: No, score=-1.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 59pJe8ZaSO2c for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 16:27:19 -0800 (PST)
Received: from mail-wr1-x435.google.com (mail-wr1-x435.google.com [IPv6:2a00:1450:4864:20::435]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BD2E3A040A for <saag@ietf.org>; Wed, 17 Nov 2021 16:27:19 -0800 (PST)
Received: by mail-wr1-x435.google.com with SMTP id i5so8006239wrb.2 for <saag@ietf.org>; Wed, 17 Nov 2021 16:27:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:date:subject:message-id:in-reply-to:to:cc:importance :mime-version:content-transfer-encoding; bh=xbecjBKZWxSMzse4Tlk6IiTXuJ84SrH9Z1qeQoxKXno=; b=fwHS2o8SIDYqpSE0I3Dvb1UMS6f3eEW3gzPIA4KfiKjpwS/FvG097nqkkoX1Zc/bYA 7awlBS3IgGk4GXMqQxdwqEKpaBoadU7hMWbOxZBBy4aLA1m79az2sJuqssPc23Nw8Rbx 12pqE620TGLbRPiXioAJiLIv0cPX/7/DfbJtKzuZROc+qTu7HM5sOgqQ97O7V/XhZ3me oBAx8F7ho6tq79t4ewl6Yhz3fEcO7qMVKxY5wE0UHy43ndoVH+IBXi/dre8S4gGx0Dk+ LMdkdeWD9zKY549f6Pl4FPKqVqadq6Bl2190CGkFJULpaWcKOV3Hm6rZhHNjWFjFsNFo iRmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:date:subject:message-id:in-reply-to:to:cc :importance:mime-version:content-transfer-encoding; bh=xbecjBKZWxSMzse4Tlk6IiTXuJ84SrH9Z1qeQoxKXno=; b=EmnnydFBKYIK0wAUc4KhUtxZQIm7D9bkMuixgeE6i5HjfRO673302QhUNm+yTaRnQg PGOUE2eQQSn2QwwL5i8GAZYTDUkKQk+AupEmCQMH44NummCMKKFHoBwfnrRkJ5AVA/W3 mLJWM0EfczbTpryep2//B30r7eiUPXAoKOi5BVNuyHjrI2E5fb+AY2lhe6HuJ9lsJoKK AoUQ7dwGejKd7A8qvcW7hAj4cKKPF+nl9bL3TjREe72a1I+2UByiBWCRcd+t36Oj9h6v mEbz3L4x0eQ3KXZQMsHpHBDY7dT/aaF0nyzdPbLc2yByKXJXBI05ueXKFG4YYKj1gLNJ WYvA==
X-Gm-Message-State: AOAM533J4hFFlO6aasM8NOzoXw7//jv8wvIMacfgVZg36JqPF0gk6otr tl1usf0ys6afCCOLh2uUQs4=
X-Google-Smtp-Source: ABdhPJxF/EeJewqz4UkoxaQx5cFexQPskn1I8VTY5DpuBKrvRLp3Oj+kWWcdG8JbILVZd6MwQ14SEA==
X-Received: by 2002:a5d:6843:: with SMTP id o3mr25109597wrw.174.1637195232535; Wed, 17 Nov 2021 16:27:12 -0800 (PST)
Received: from [172.17.1.196] ([92.173.110.141]) by smtp.gmail.com with ESMTPSA id x1sm1315684wru.40.2021.11.17.16.27.11 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Nov 2021 16:27:12 -0800 (PST)
From: Tony Rutkowski <trutkowski.netmagic@gmail.com>
X-Google-Original-From: Tony Rutkowski <trutkowski@netmagic.com>
Date: Thu, 18 Nov 2021 01:27:13 +0100
Message-ID: <50e4c7c9-c35b-4f16-9246-3f57fe291311@email.android.com>
X-Android-Message-ID: <50e4c7c9-c35b-4f16-9246-3f57fe291311@email.android.com>
In-Reply-To: <CACsn0c=8E5GQ4dJ8WnibfoRb-j2OJakJmH+t5TBU8gdje9=Xag@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: Ted Hardie <ted.ietf@gmail.com>, IETF SAAG <saag@ietf.org>
Importance: Normal
X-Priority: 3
X-MSMail-Priority: Normal
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/VjxUMbUCfKLwDbOpERIr8EKMqYU>
X-Mailman-Approved-At: Sat, 27 Nov 2021 08:28:45 -0800
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2021 00:27:24 -0000

This OSI internet community thought they solved the problem 35 years ago with their OID system. Bob Kahn thought he would solve this problem 25 years ago with the Handle System.  He got halfway there with the DOI system.  He then went to the ITU-T and tied Handles into X.1255. When that didn't work, he created his own international organization, DONA.  Still no real take-up. The incentives to solve it are overwhelmed by the disincentives and chaos of network and information architecture autonomy.

Watson seems about right. 


On Nov 18, 2021 12:51 AM, Watson Ladd <watsonbladd@gmail.com> wrote:

On Wed, Nov 17, 2021, 5:14 AM Ted Hardie <ted.ietf@gmail.com> wrote:
>
> Hi David,
>
> On Tue, Nov 16, 2021 at 9:25 PM David Schinazi <dschinazi.ietf@gmail.com> wrote:
>>
>> I don't see any value in standardizing discovery of privacy-related services.
>> When a client device (a user agent, if you will) ships a feature that is
>> marketed at improving user privacy, the vendor makes some promises to its
>> users. For example, it could say "your IP address is hidden from websites".
>> The vendor needs to follow through on that claim, and the way it does that is
>> by using specific proxies that it trusts.
>
>
> Put differently, the need for discovery depends on what claim the folks shipping the feature put forward.  I can imagine claims that work with discovery, like "This software protects from on-the-wire observers collecting your DNS traffic by using any locally available DoH or DoQ services.  It falls back to a globally configured service when no local services are available."  I can imagine claims that do not.

Local services are also unlikely to have the same degree of
independence from adversaries. Would you trust your ISP to delink your
identity from itself?

To be clear I don't think these problems are surmountable. I'm asking
the people who think they do to raise, hold, or fold, rather than make
the same arguments across working groups (often simplifying very
different trust and deployment models).

Sincerely,
Watson Ladd

_______________________________________________
saag mailing list
saag@ietf.org
https://www.ietf.org/mailman/listinfo/saag


v2.23.0 | Report a Bug | By Email