Re: [Add] data integrity and DNSSEC or DoH/DoT
"Livingood, Jason" <Jason_Livingood@comcast.com> Thu, 22 August 2019 21:41 UTC
Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31CF412008D for <add@ietfa.amsl.com>; Thu, 22 Aug 2019 14:41:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gd7kMuoLmlSY for <add@ietfa.amsl.com>; Thu, 22 Aug 2019 14:41:56 -0700 (PDT)
Received: from copdcmhout02.cable.comcast.com (copdcmhout02.cable.comcast.com [96.114.158.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E24712002F for <add@ietf.org>; Thu, 22 Aug 2019 14:41:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190412; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1566510115; x=2430423715; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=lxkbcs7n3Gy/DXE5lC7e1/sDVHTT+D5XrCu84ngZSAo=; b=uON2oEvEdY7U5rr24HT0cTIv9leCPryBKhI7yRW1I0QCEMGWaFtsKJJb0VFSowX9 GugEGOEgnOLPSP0qONQROhTd3mwZSjBMks+qQy/h/HKkE6OOlGraiQ14+aCfVtEN VM1zieo1x+O3pJ+m7Zt49tiIIhbnQIfTxvKKFedArTRFeOEHJq1PwpMmbInZCJb/ PQwvjYlKJcOEW8d/rTdCKgUThB87Ukk7xIoGks5F0IMuOJ6VIR8QTycV/iHWjdrp Gvb0A7y0e6EyuItgEALr8zT9+81kiSEiA7Wll3c2dLCp0L9dr0sDsKkmO4eXhCLN PGyKK92jSEXTO+sO3218Sg==;
X-AuditID: 60729ed4-227ff700000013e0-c4-5d5f0c23e8aa
Received: from COPDCEXC35.cable.comcast.com (copdcmhoutvip.cable.comcast.com [96.114.156.147]) (using TLS with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by copdcmhout02.cable.comcast.com (SMTP Gateway) with SMTP id 4E.97.05088.32C0F5D5; Thu, 22 Aug 2019 15:41:55 -0600 (MDT)
Received: from COPDCEXC37.cable.comcast.com (147.191.125.136) by COPDCEXC35.cable.comcast.com (147.191.125.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 22 Aug 2019 17:41:54 -0400
Received: from COPDCEXC37.cable.comcast.com ([fe80::3aea:a7ff:fe36:8a94]) by COPDCEXC37.cable.comcast.com ([fe80::3aea:a7ff:fe36:8a94%15]) with mapi id 15.01.1713.008; Thu, 22 Aug 2019 17:41:54 -0400
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: Rob Sayre <sayrer@gmail.com>, ADD Mailing list <add@ietf.org>
Thread-Topic: [Add] data integrity and DNSSEC or DoH/DoT
Thread-Index: AQHVWGmJ3qmJSdjfvkSR0QaIplHAGqcGZmOAgAAHjICAAAEkAIABRO4A
Date: Thu, 22 Aug 2019 21:41:54 +0000
Message-ID: <FD390CE2-9228-47A1-A592-21615D530750@cable.comcast.com>
References: <A1128702-1E19-4657-9740-E84AE09992F2@piuha.net> <CABcZeBMfOTjq-8hDDoKMtJvfHUA5nC8o60zuk-2Xe-ZhfwriJQ@mail.gmail.com> <766112E1-F532-4C6B-8CA8-A096671E02EE@piuha.net> <CA+9kkMAfuOwJu8_qJTuhAY4mUwR+tVUxr+k3QFHBk3byV672Ow@mail.gmail.com> <A7EA862E-8E80-40E3-834D-E628988C0A24@virtualized.org> <CAFWeb9KT=2JL0oHUgJ2WMcduR3na+hP2QncvRR4YurmqsAWxTA@mail.gmail.com> <59E0EC53-0E30-431C-8376-52C7BFC121A8@virtualized.org> <CAFWeb9+Z7RmXEr46qx5PaUcxh2R3+HXhrZeW-8QEMX4HLt7a-w@mail.gmail.com> <589DAFCB-1BDC-4156-A2CA-179C4559A6B2@virtualized.org> <cf2152d7-8618-7ad2-b8f9-7a259ab5df19@cs.tcd.ie> <683A176C-3CE6-4866-A736-F2A7465FA5B5@rfc1035.com> <ee8291ce-855f-a5d8-e9d8-74be9f58c321@cs.tcd.ie> <A73CCDC6-5AC4-4780-8B63-B9BD4A7ED70A@virtualized.org> <CAChr6SxuR20YD7idwniprB7C-4E1vxdhVzUSh4AVW=EeK6BHUA@mail.gmail.com>
In-Reply-To: <CAChr6SxuR20YD7idwniprB7C-4E1vxdhVzUSh4AVW=EeK6BHUA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1c.0.190812
x-originating-ip: [96.115.73.254]
Content-Type: multipart/alternative; boundary="_000_FD390CE2922847A1A59221615D530750cablecomcastcom_"
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrJKsWRmVeSWpSXmKPExsWSUDRnsq4yT3yswbPZGhb/T69js+icNYHJ gclj56y77B5LlvxkCmCKamC0KckoSk0scUlNS80rTrXjUsAANkmpaflFqa6JRTmVQak5qYnY lYFUpqTmZJalFuljNUYfqzkJV5gyTlzYyVKwz6ZizbpnzA2MD626GDk5JARMJPo332btYuTi EBI4wiSxqXE/lNPCJDHl71wo5zSjxMIf89lBWtgEzCTuLrzCDGKLCDhKLJrzkg3EFhYwl9j6 4xkjRNxCYumLzSwQtpvErlVtQDYHB4uAqsS7h0EgYV4BF4lrE5eAlQgJXGST+HmNC8TmFAiU 2LhpP1icUUBM4vupNUwgNrOAuMStJ/OZIK4WkFiy5zwzhC0q8fLxP1YQW1RAX2LJj82sEHFF iV/zrrBB9KZLHFx/nR1ir6DEyZlPWCBqxCUOH9nBOoFRbBaSFbOQtMxC0jIL6ANmAU2J9bv0 IUoUJaZ0P2SHsDUkWufMhbKtJBafPsmGrGYBI8cqRj5LMz1DQxM9Q1MLPSNDo02M4AQ078oO xsvTPQ4xCnAwKvHwqrHFxwqxJpYVV+YeYpTgYFYS4S2bGBcrxJuSWFmVWpQfX1Sak1p8iFGa g0VJnJe1OzZWSCA9sSQ1OzW1ILUIJsvEwSnVwOi19MHMf2r5CxPM9r9I8G/g52U5+HVueb74 r4pNxWdnvzv44IW7zZoVKyoZPC8f7Sx33vKnyvGijsnCpst3f714/VI78qsQx4FnXF+4nq4V bjL49qas1079XeLDDX3J4ZrZDxI/mT2zdrfYHBsRnaNpyHT/8V4VpiZml4s7lTqibmtIiN4X N1RiKc5INNRiLipOBAAPG2enPAMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/vCR0se_M52IYuEJyRNRP0KoFfNE>
Subject: Re: [Add] data integrity and DNSSEC or DoH/DoT
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2019 21:41:58 -0000
From: Add <add-bounces@ietf.org> on behalf of Rob Sayre <sayrer@gmail.com> Date: Wednesday, August 21, 2019 at 6:23 PM To: David Conrad <drc@virtualized.org> Cc: Jim Reid <jim@rfc1035.com>, ADD Mailing list <add@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie> Subject: Re: [Add] data integrity and DNSSEC or DoH/DoT On Wed, Aug 21, 2019 at 3:15 PM David Conrad <drc@virtualized.org<mailto:drc@virtualized.org>> wrote: My response to Ted that caused me to get sucked into this particular swamp (something I already regret) > Is that the swamp where the only significant DNSSEC providers are Google and Cloudflare? [JL] Please note that Comcast performs DNSSEC-validation in the US for our customers. ISPs in other countries do as well. So it’s not just the big quad platforms. That isn’t to say that DNSSEC deployment doesn’t still have a ways to go, but such is life. For reference, see https://corporate.comcast.com/comcast-voices/dnssec-deployment-update and https://corporate.comcast.com/comcast-voices/comcast-completes-dnssec-deployment. Jason
- [Add] What to do in this potential working group Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Orth
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Vyncke (evyncke)
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Tommy Jensen
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… David Conrad
- [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] data integrity and DNSSEC or DoH/DoT David Conrad
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] Unstated assumptions in What to do in t… John Levine
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Martin Thomson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Daniel Stenberg
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Martin J. Dürst
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Willem Toorop
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rubens Kuhl
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] What to do in this potential working gr… Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Andrew Campling
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett