IETF Logo Mail Archive

Re: [Add] [Ext] Updated charter proposal for ADD

Rob Sayre <sayrer@gmail.com> Wed, 15 January 2020 20:03 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10C75120A19 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 12:03:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zeo3ONmI44V3 for <add@ietfa.amsl.com>; Wed, 15 Jan 2020 12:03:22 -0800 (PST)
Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA22B1209F6 for <add@ietf.org>; Wed, 15 Jan 2020 12:03:21 -0800 (PST)
Received: by mail-io1-xd2c.google.com with SMTP id n11so19161067iom.9 for <add@ietf.org>; Wed, 15 Jan 2020 12:03:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=y5tJbKm0xKFtQrCvmAOtlLcwSY2XX6d6G0RsYUq+kx4=; b=qhLmNixlDC2u+ofAsjqWZuc9opRjc4fsnpWTFjuo9hb/cjK7NrZszQgF8wLoG2+wbJ pfK9Jb6TdIknRk5bq6U4thNhFVmu0H99HvdBAwlwjaJWAz4D2J/P/fsRrv3GHAHW+w1A BSq69FP4HZf68dob/BHgqDo++H1r05nrGhQKUxhWFIHON3Pxp1s3A5IgmuKh1oSOK4yb Zcp/MHv/1VLH2L3dTF41+Sx3jpZgBUsvSCdrVWnp4Ta15+klwQXfu+KlgNOzds3nMed5 XrolZaZoQxMH693p/lh9GiWkcwDjGVbct7/CWZ8gnPLVqndsZ9IWpcC9gQhFnJgDjuex /wxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=y5tJbKm0xKFtQrCvmAOtlLcwSY2XX6d6G0RsYUq+kx4=; b=eMOIxneDRnQNR8nZbK7VIVd18z6Q6ip8QbpR4+4lAAgtPwK78/20hfNJz/xOFSXvVe j4jPB8gYdY9HmnJBEoodHz+a3ubpEptOS59qBp7o5JCDBkd06nCGfh8LCZuzDw58hv7C Z8d9KsA7dqFjsJpmy5gw2ucd9yst0K1BwrdxZBlZsaM6EKuR/pxcqFwTCuhrmJ96Kms8 QqgWuvZ3pAm86u5mNLrRV2yHLPDKdyhenYYY4VULHn9yv2GksI6GXKPGoJR88eLfzWSA BC07rF7oTSJ67oS1Kc5T1r6zwP/bX5PsKWiFmrhSzw7ImRMQcCrolSbGyVCTw+gc0LwM JcLQ==
X-Gm-Message-State: APjAAAWL9O548LNpkDgEaTojGGV2fkDPndSbVA18zb6S57yiDboYLGHj JFED5K0MAVgPduOH7l9upM/WOR5aWpa5V2OnUs7cqF+H9C0=
X-Google-Smtp-Source: APXvYqyxQUlF4cBR7ROaTB9+Hecijzpum6qGDZVA+5aVdVkHtgRsS+H/z8dNfOMBGsaHIptIeKqA+zI9PUSTxv5tHZg=
X-Received: by 2002:a6b:ec08:: with SMTP id c8mr23399907ioh.257.1579118600608; Wed, 15 Jan 2020 12:03:20 -0800 (PST)
MIME-Version: 1.0
References: <236B0A34-8C7F-49D2-8075-5AF5AC35BDFB@apple.com> <AD6E599F-96E8-44FC-8A05-8BFD2F659129@icann.org> <66C24EE6-5C7B-4788-AE26-06B900915010@fugue.com> <CAChr6SzcuomCFisPhLHYfQGzbR2=yYhtsGHV8+kd5gCdJn+ABA@mail.gmail.com> <LO2P265MB05730A944404EFD86DF99E8CC2370@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM>
In-Reply-To: <LO2P265MB05730A944404EFD86DF99E8CC2370@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM>
From: Rob Sayre <sayrer@gmail.com>
Date: Wed, 15 Jan 2020 12:03:07 -0800
Message-ID: <CAChr6SzygCAMGUXmOL9Hb_w5CgjeFK30KodystPYPt4jD6Fkeg@mail.gmail.com>
To: Andrew Campling <andrew.campling@419.consulting>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003f621a059c3333f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/XwBlMRCW_iV0zebZbphtfIF4kY4>
Subject: Re: [Add] [Ext] Updated charter proposal for ADD
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2020 20:03:27 -0000

On Wed, Jan 15, 2020 at 11:47 AM Andrew Campling
<andrew.campling@419.consulting> wrote:

> On Wed, Jan 15, 2020 at 19:24 Rob Sayre <sayrer@gmail.com> wrote:
>
> > Right now, my DNS server is 192.168.86.1, and encrypted DNS seems
> designed to bypass it.
>

Well, a lot of networking products (both consumer and corporate) have an
unencrypted DNS server on a private IP.

I was wondering how the certificates would be constructed if they wished to
offer DoH or DoT. I know public services are able to get certificates with
SAN[1] extensions containing public IPs (e.g. the Cloudflare cert for
1.1.1.1). That doesn't seem to make sense for private IPs, so I'm wondering
how private networks will offer encrypted DNS, and whether the debate
around the security considerations is important.

thanks,
Rob

[1] https://tools.ietf.org/html/rfc5280#section-4.2.1.6

v2.23.0 | Report a Bug | By Email