Re: [dns-privacy] [Ext] Intended Status for draft-ietf-dprive-unilateral-probing
> -Original Message- > From: Paul Hoffman > Sent: Thursday, March 2, 2023 1:48 PM > To: Hollenbeck, Scott > Cc: dpr...@ietf.org > Subject: [EXTERNAL] Re: [dns-privacy] [Ext] Intended Status for draft-ietf- > dprive-unilateral-probing > > Caution: This email originated from outside the organization. Do not click > links > or open attachments unless you recognize the sender and know the content is > safe. > > On Mar 2, 2023, at 10:11 AM, Hollenbeck, Scott > wrote: > > > >> -Original Message- > >> From: Paul Hoffman > >> Sent: Wednesday, March 1, 2023 2:51 PM > >> To: Hollenbeck, Scott > >> Cc: dpr...@ietf.org > >> Subject: [EXTERNAL] Re: [Ext] [dns-privacy] Intended Status for > > draft-ietf- > >> dprive-unilateral-probing > >> > >> Caution: This email originated from outside the organization. Do not > >> click > > links > >> or open attachments unless you recognize the sender and know the > >> content > > is > >> safe. > >> > >> On Mar 1, 2023, at 10:46 AM, Hollenbeck, Scott > >> wrote: > >>> After a recent-re-read of draft-ietf-dprive-unilateral-probing and > >>> its > >> normative dependencies, I have a strong belief that the draft > >> describes > > more of > >> an experiment than a Proposed Standard. > >> > >> All protocols before they are deployed are experiments. > >> > >>> The reason we need "opportunistic" and "unilateral" actions is > >>> because > > there > >> are gaps in specification, implementation, and deployment of services > >> for recursive-authoritative encryption. > >> > >> That is not what the WG decided. It decided that opportunistic was > > sufficient for > >> some threat models. Other threat models have the gaps you discuss. > > > > [SAH] WG decisions aren't immutable. I posted this as a proposal for > > reconsideration. > > > >>> Experimental status worked for QNAME minimization. > >> > >> That's irrelevant. > >> > >>> It can work here, too. > >> > >> So could Informational; that is also irrelevant. > > > > [SAH] It's hardly irrelevant given the successful approach taken with > > QNAME minimization. It's a valid example of how Experimental status could > work. > > The experimental status of the original QNAME minimisation document was > due to there being protocol options that the WG thought could not be chosen > between without data from deployments. That is not the case with draft-ietf- > dprive-unilateral-probing. In fact, the opposite is the case: because the > probing > is unilateral, the resolver gets to make its own choices about what is working > and what is not. That's the whole point of the decision ladders in the > document. [SAH] Perhaps, but this is what the working group's charter says about this topic: "Investigate potential solutions for adding confidentiality to DNS exchanges involving authoritative servers (Experimental)." Experimental. Not Proposed Standard. Scott ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] [Ext] Intended Status for draft-ietf-dprive-unilateral-probing
On Mar 2, 2023, at 10:11 AM, Hollenbeck, Scott wrote: > >> -Original Message- >> From: Paul Hoffman >> Sent: Wednesday, March 1, 2023 2:51 PM >> To: Hollenbeck, Scott >> Cc: dpr...@ietf.org >> Subject: [EXTERNAL] Re: [Ext] [dns-privacy] Intended Status for > draft-ietf- >> dprive-unilateral-probing >> >> Caution: This email originated from outside the organization. Do not click > links >> or open attachments unless you recognize the sender and know the content > is >> safe. >> >> On Mar 1, 2023, at 10:46 AM, Hollenbeck, Scott >> wrote: >>> After a recent-re-read of draft-ietf-dprive-unilateral-probing and its >> normative dependencies, I have a strong belief that the draft describes > more of >> an experiment than a Proposed Standard. >> >> All protocols before they are deployed are experiments. >> >>> The reason we need "opportunistic" and "unilateral" actions is because > there >> are gaps in specification, implementation, and deployment of services for >> recursive-authoritative encryption. >> >> That is not what the WG decided. It decided that opportunistic was > sufficient for >> some threat models. Other threat models have the gaps you discuss. > > [SAH] WG decisions aren't immutable. I posted this as a proposal for > reconsideration. > >>> Experimental status worked for QNAME minimization. >> >> That's irrelevant. >> >>> It can work here, too. >> >> So could Informational; that is also irrelevant. > > [SAH] It's hardly irrelevant given the successful approach taken with QNAME > minimization. It's a valid example of how Experimental status could work. The experimental status of the original QNAME minimisation document was due to there being protocol options that the WG thought could not be chosen between without data from deployments. That is not the case with draft-ietf-dprive-unilateral-probing. In fact, the opposite is the case: because the probing is unilateral, the resolver gets to make its own choices about what is working and what is not. That's the whole point of the decision ladders in the document. > > Informational could also work. It's not as accurate, but it is another option. > >> The definition for the Experimental maturity level, taken from RFC 2026, > is: >> >> 4.2.1 Experimental >> >> The "Experimental" designation typically denotes a specification that >> is part of some research or development effort. Such a specification >> is published for the general information of the Internet technical >> community and as an archival record of the work, subject only to >> editorial considerations and to verification that there has been >> adequate coordination with the standards process (see below). An >> Experimental specification may be the output of an organized Internet >> research effort (e.g., a Research Group of the IRTF), an IETF Working >> Group, or it may be an individual contribution. >> >> This draft is not a research effort, nor is it a development effort. It is > a protocol >> that can be used (and, to a limited extent, is already being used) on the > Internet >> today. > > [SAH] I am suggesting that it SHOULD be described as a research effort > because > of the specification gaps. This feels weird. The specification gaps are for use cases not covered by this protocol. Thus, the protocol is not an experiment to tease out specification gaps for different use cases. > Is it really a great idea to publish a Proposed > Standard that includes a normative reference that explicitly says that it > wasn't designed for this specific purpose? According to the earlier discussion in the WG, yes. It would probably be less so if the other use cases had active drafts, given that this particular use case is for the lowest amount of additional privacy, but there are no such drafts. > One "already being used" example that I've recently seen > (https://ant.isi.edu/events/dinr2023/S/s43.pdf) describes itself as > "research" > and an "experiment". Not as a prototype, or a proof of concept, but as > research and an experiment. That description aligns much more closely with > Experimental status than Proposed Standard status. I've asked Wes privately > if > he could provide his own perspective. ISI is a research institution, so it makes good sense that they are doing research using this protocol. That doesn't mean that everyone who intends to use the protocol intends to do so as an experiment. --Paul Hoffman ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] [Ext] Intended Status for draft-ietf-dprive-unilateral-probing
> -Original Message- > From: Paul Hoffman > Sent: Wednesday, March 1, 2023 2:51 PM > To: Hollenbeck, Scott > Cc: dpr...@ietf.org > Subject: [EXTERNAL] Re: [Ext] [dns-privacy] Intended Status for draft-ietf- > dprive-unilateral-probing > > Caution: This email originated from outside the organization. Do not click links > or open attachments unless you recognize the sender and know the content is > safe. > > On Mar 1, 2023, at 10:46 AM, Hollenbeck, Scott > wrote: > > After a recent-re-read of draft-ietf-dprive-unilateral-probing and its > normative dependencies, I have a strong belief that the draft describes more of > an experiment than a Proposed Standard. > > All protocols before they are deployed are experiments. > > > The reason we need "opportunistic" and "unilateral" actions is because there > are gaps in specification, implementation, and deployment of services for > recursive-authoritative encryption. > > That is not what the WG decided. It decided that opportunistic was sufficient for > some threat models. Other threat models have the gaps you discuss. [SAH] WG decisions aren't immutable. I posted this as a proposal for reconsideration. > > Experimental status worked for QNAME minimization. > > That's irrelevant. > > > It can work here, too. > > So could Informational; that is also irrelevant. [SAH] It's hardly irrelevant given the successful approach taken with QNAME minimization. It's a valid example of how Experimental status could work. Informational could also work. It's not as accurate, but it is another option. > The definition for the Experimental maturity level, taken from RFC 2026, is: > > 4.2.1 Experimental > >The "Experimental" designation typically denotes a specification that >is part of some research or development effort. Such a specification >is published for the general information of the Internet technical >community and as an archival record of the work, subject only to >editorial considerations and to verification that there has been >adequate coordination with the standards process (see below). An >Experimental specification may be the output of an organized Internet >research effort (e.g., a Research Group of the IRTF), an IETF Working >Group, or it may be an individual contribution. > > This draft is not a research effort, nor is it a development effort. It is a protocol > that can be used (and, to a limited extent, is already being used) on the Internet > today. [SAH] I am suggesting that it SHOULD be described as a research effort because of the specification gaps. Is it really a great idea to publish a Proposed Standard that includes a normative reference that explicitly says that it wasn't designed for this specific purpose? One "already being used" example that I've recently seen (https://ant.isi.edu/events/dinr2023/S/s43.pdf) describes itself as "research" and an "experiment". Not as a prototype, or a proof of concept, but as research and an experiment. That description aligns much more closely with Experimental status than Proposed Standard status. I've asked Wes privately if he could provide his own perspective. Scott ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
