Re: [Add] What to do in this potential working group
Eric Rescorla <ekr@rtfm.com> Thu, 22 August 2019 10:27 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15EAB120816 for <add@ietfa.amsl.com>; Thu, 22 Aug 2019 03:27:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0qOIW9asXpJ for <add@ietfa.amsl.com>; Thu, 22 Aug 2019 03:27:33 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45901120815 for <add@ietf.org>; Thu, 22 Aug 2019 03:27:33 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id c9so4147448lfh.4 for <add@ietf.org>; Thu, 22 Aug 2019 03:27:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jfCvgdwnvTBi4iy2ezw5Gja9G2w38qOX9nYMvcXlEgo=; b=bticJcYfevmidfzBPQovWGcD/KaD8rJlHdmL9Bw+7FePVcsULo3q/EFpvK36st9WWF n+uEyAhk6VEQq30MMtg30pP2RIyGrNH+RaA4XtLEd3Wth9bcbhpIQDU2zLGcDlUM+7zT 9lalUWltzWydUcjwmJpgAhWqRJWQVlFvHgv8GsaHfPjyN/5Yq691Tpg/Pl1YrP86Bgn9 V9vMD/eZpVoIqK3JkJLCHe7Vu2aUpl4k44X6WRf/4MeSNYR4YHcO+wuz+0eW+PyvmcHh 6CYqIXZX/I9GdXIHN4+CG4SqWhTn1ETddKe1+zMC/XF3QUKw/1pT+s2KQqoeifHJRXUQ ZXcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jfCvgdwnvTBi4iy2ezw5Gja9G2w38qOX9nYMvcXlEgo=; b=MaxJrfA51hIhZlF14mU6IeRGaqMXGeRtTwuRE8MI1zM5iZzy3LPKrlGDqAQ0u+Q+lO O3ukczoOkZgG59I2aE272k9FodGoIzspZTHSUz+wR2m4G1qBlv0TIouy0WXFe2nayfMj 0o1AJQ5zt612WuFTDCarJbtOspnF6Lp63SkmHwtr3A8LtGtE+24AxpQr2oRCs0QW6N81 7AuULL31VFw2OjnoHL6nkb/mEqdvwZnJkQaSUyVHr9c5IfeemYADdhpFyPEg2rA/viCJ 8tD+xVYLSrTmdsZzR2AepBHBZRcXdGKehJMHE0kpPxtC73MpznRG0s8F6xs7igLuxgA3 4eXQ==
X-Gm-Message-State: APjAAAUS1HEZ0fGdms0j+JWoWV56tSwGmY6Mc4SNBfVjP6Dmv4L2p0tz 5byz+KzghUNPuPpK2dYDO7/bUgEHq33TKpoh3xciSA==
X-Google-Smtp-Source: APXvYqxWQEQQjBghhzITJwii6L60mP4EDN+uKWk11MykzZMOGRpgxDxbQMWpxR3sw2/g7+6V7ZJjYhxWgjj2b+AtRHw=
X-Received: by 2002:ac2:51a3:: with SMTP id f3mr20365245lfk.94.1566469651492; Thu, 22 Aug 2019 03:27:31 -0700 (PDT)
MIME-Version: 1.0
References: <A1128702-1E19-4657-9740-E84AE09992F2@piuha.net> <CABcZeBMfOTjq-8hDDoKMtJvfHUA5nC8o60zuk-2Xe-ZhfwriJQ@mail.gmail.com> <766112E1-F532-4C6B-8CA8-A096671E02EE@piuha.net> <CA+9kkMAfuOwJu8_qJTuhAY4mUwR+tVUxr+k3QFHBk3byV672Ow@mail.gmail.com> <E83D9594-E7CB-4DAC-8EDC-333E9B0964F1@piuha.net> <279abf8c-198b-5da8-1cb9-4f86bf1f37c7@nostrum.com> <D547C79F-771D-41CC-B86E-3B08140FB7BC@piuha.net> <alpine.DEB.2.20.1908220921190.4312@tvnag.unkk.fr> <87C8E6E6-2DEE-4637-9C86-65B27615611C@piuha.net>
In-Reply-To: <87C8E6E6-2DEE-4637-9C86-65B27615611C@piuha.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 22 Aug 2019 11:26:54 +0100
Message-ID: <CABcZeBPtU5nStN3KhsmjbXRKuQ57BM30-ip7CqF-xjRCkZCSWw@mail.gmail.com>
To: Jari Arkko <jari.arkko@piuha.net>
Cc: Daniel Stenberg <daniel@haxx.se>, ADD Mailing list <add@ietf.org>, Adam Roach <adam@nostrum.com>
Content-Type: multipart/alternative; boundary="0000000000002115430590b223b2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/Fjz3FFxpedTJNzWeDINioAGDzPc>
Subject: Re: [Add] What to do in this potential working group
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2019 10:27:35 -0000
On Thu, Aug 22, 2019 at 8:57 AM Jari Arkko <jari.arkko@piuha.net> wrote: > I’m obviously handwaving the solution a bit, but my point is — if we want > to make an improvement, then it should be an incumbent on us to do a full > solution. This is not a standard we apply anywhere else in the IETF. Rather we strive for incremental improvement. I certainly agree that your proposal has merit, and if you have a concrete way of going about it, rather than just handwaving about how someone else should do it, let's talk. Shipping my mom’s queries to a single entity /w possible risk of > surveillance and other leaks is a recipe for insufficient design, I agree that there is a risk, but given that we know that the current design *also* has a high risk of surveillance and other leaks, and that in fact those sorts of things regularly occur, this doesn't seem to me to be anywhere near as strong an argument as you seem to think it is. > IMHO. If we want an improvement, sell me a solution that I actually want, > one that does improve my privacy and resilience against filtering. > Our view is that TRR will do so. You obviously have a different opinion, and as Adam said, at least in Firefox, you will be able to make that choice for yourself. -Ekr > Jari > > -- > Add mailing list > Add@ietf.org > https://www.ietf.org/mailman/listinfo/add >
- [Add] What to do in this potential working group Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Orth
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Vyncke (evyncke)
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Tommy Jensen
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… David Conrad
- [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] data integrity and DNSSEC or DoH/DoT David Conrad
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] Unstated assumptions in What to do in t… John Levine
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Martin Thomson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Daniel Stenberg
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Martin J. Dürst
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Willem Toorop
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rubens Kuhl
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] What to do in this potential working gr… Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Andrew Campling
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett