Re: [Add] What to do in this potential working group
Eric Rescorla <ekr@rtfm.com> Wed, 21 August 2019 17:01 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99E0A120CAA for <add@ietfa.amsl.com>; Wed, 21 Aug 2019 10:01:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XTgsZrGOmgLT for <add@ietfa.amsl.com>; Wed, 21 Aug 2019 10:01:55 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67DE2120CDD for <add@ietf.org>; Wed, 21 Aug 2019 10:01:55 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id x4so2827559ljj.6 for <add@ietf.org>; Wed, 21 Aug 2019 10:01:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tl3hHs0j76JXTz/jBmkfJRqVVU0tp7uYBzQa49p28HE=; b=QqOgrObf79aOE2US2Pc+ml4/WvOnrZo71Nm7FGJeFPD2rf7z7YOqKx71x/KROwbCPm 8AgXWHBzFvyrhDLhA89qOoR/Xe276iMHcREDKl0aXVRg2+ah2Nt7R39W85V1sKU6KPuY gHPKi0h7EEP4nf0wcaAcXsCDpM06fNL4U6NK8XNJp7IM4gknTyq2zGsi3BjqxHdWOr0b b1KT/faVCSY4Dt+eBWsZyUsYiHqMmNAP+4dTSB3C20AWKeBKs55nB48vHHh3CTUxWMHP f2uERSZcmWBMXnGhxp6IwC6cfz7u31pzbx2VCvVgY8ZPYbYZhd/Sdwrbd6XV9+vwTdIb kQRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tl3hHs0j76JXTz/jBmkfJRqVVU0tp7uYBzQa49p28HE=; b=SrEjU1OER23qlyPLU/jUFPDtSgjVMsBH/kThAzCu/5krE6C1IHUA7eResbop8izVYo 3Bf48zh7XkpMCE1HR8+uqmznSVxu7qrftPp8LPeGXwmP4N/vbhio9IWvytocn+Nvq+bk lMQo4vyM/anqkXcwNoBTbH8DIhPVXXQb6yG49mAaDRnBbRX/GKJA0xCVTG0fOPS2ZYa1 rtcDHGfg4OT4p4hQSpAsxuwGiDNQYt9wvF/+RZ6sefuwU14nDTQzByAhDHasdDw9AvXS uTM68ygVf89x8mPPH50fUe0XZzppMSwuEKEp8ZcuUvQyw1sJuGsstiPLtkufQ3JpvkuB HwdQ==
X-Gm-Message-State: APjAAAW7eva+0auq8cqaU51rVS9DVn1EaZ0p3GR+jC2BAdAOwzxTIL7K Dwf+GvNHKlNTUF4jbSel7yemH8XAwlZX9TOe6a9MnKXv
X-Google-Smtp-Source: APXvYqwpR6doNPScaph6ofbi0zplfZPGRN7+0NbMS/pppv6hYsq74sX6BnjJ7tuYJdZySVCam5zj81f3Unw/gvud03A=
X-Received: by 2002:a2e:9acf:: with SMTP id p15mr19746606ljj.13.1566406913619; Wed, 21 Aug 2019 10:01:53 -0700 (PDT)
MIME-Version: 1.0
References: <A1128702-1E19-4657-9740-E84AE09992F2@piuha.net> <CABcZeBMfOTjq-8hDDoKMtJvfHUA5nC8o60zuk-2Xe-ZhfwriJQ@mail.gmail.com> <766112E1-F532-4C6B-8CA8-A096671E02EE@piuha.net> <CABcZeBO1nqtSOn8hmcC58Ys5rC9=fXLPQhWStgWL0oSfMQ072g@mail.gmail.com> <a250ce7e-db59-8b74-3ac7-9c5d751b1cb8@bellis.me.uk>
In-Reply-To: <a250ce7e-db59-8b74-3ac7-9c5d751b1cb8@bellis.me.uk>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 21 Aug 2019 18:01:16 +0100
Message-ID: <CABcZeBMmAqsRwA1YwdzCyRT_tNzkHEDe3u916c7KhWWBeKqPkg@mail.gmail.com>
To: Ray Bellis <ray@bellis.me.uk>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a908640590a38701"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/fKULjVhgO3bJFgUOemvyRx8Pbmc>
Subject: Re: [Add] What to do in this potential working group
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2019 17:02:04 -0000
On Wed, Aug 21, 2019 at 5:58 PM Ray Bellis <ray@bellis.me.uk> wrote: > > > On 21/08/2019 17:31, Eric Rescorla wrote: > > Jari, > > > > I understand that this is your opinion and the argument you re making > > but I can't say I agree with the overall assessment you are making. > > > > We have a situation now where the DNS is tragically insecure and > > nonprivate -- and not really that decentralized -- and we have an > > opportunity ti make it more secure at the cost of making it more > > centralized. In this instance, I think that's a tradeoff worth > > considering, while also looking for ways to minimize centralization. > > With respect, the DNS operations community doesn't appear to agree with > you. > No doubt. There are perfectly good ways to protect both the privacy and integrity > of the DNS that don't require that centralization. > Indeed: this is what I was referring to when I said "ways to minimize centralization". Specifically, ISPs could commit to strong privacy policies and join our TRR program. -Ekr > Ray > > -- > Add mailing list > Add@ietf.org > https://www.ietf.org/mailman/listinfo/add >
- [Add] What to do in this potential working group Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Orth
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Vyncke (evyncke)
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Tommy Jensen
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… David Conrad
- [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] data integrity and DNSSEC or DoH/DoT David Conrad
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] Unstated assumptions in What to do in t… John Levine
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Martin Thomson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Daniel Stenberg
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Martin J. Dürst
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Willem Toorop
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rubens Kuhl
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] What to do in this potential working gr… Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Andrew Campling
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett