Re: [Add] Thoughts on a DoH (and DoT) BCP?
Brian Haberman <brian@innovationslab.net> Tue, 16 July 2019 17:35 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 561B0120ADC for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 10:35:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=innovationslab-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fr--Sc-reBot for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 10:35:19 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E255120A90 for <add@ietf.org>; Tue, 16 Jul 2019 10:35:19 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id z4so20462018qtc.3 for <add@ietf.org>; Tue, 16 Jul 2019 10:35:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=innovationslab-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=sxPJG9AEK3YLwb63zNr4NWxQa40O/m25o/wV5Z7JDbY=; b=fhoehhdr684zJwF9Roxy7WQt51dpE6m/83IgtlwD3YjeDYfPrIXo7NspS9CzBnqljG Z5cejVzk6zXD7hhODeg/FFTgrdjuHR6lZOyNHuqTetcpgMlyE40Ujl9UNeIn/zCYIHI2 AieoAgUktEW2DsiwOzLgbGboqU6yXFYNCE7sNK2E15nPqYFj8A75AJVIqDYrpQyJcGvW F8FqPXU61BnvUNqnZVdBBTSCqjSy3F8BOthecOZFTk17Q0FFRonziJpuiTNVfA0ZPUu1 P7EOUSYjx1YRTSsF0xeY1hK4de2U2T2b8RdRkh1OnkJMEGJQkzQFyTqJXKDbgOb2e5Y/ caYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=sxPJG9AEK3YLwb63zNr4NWxQa40O/m25o/wV5Z7JDbY=; b=bYvllpTTqGrA/ue83M6lm38utZYRZ5Vqoxr+ufkBvOww06eCvFPy67x8wBr3PNHNTn plH+HxUWWaQj6o7LmuPhaKns9SP4oCrJ4Nn3Rje6iEjeenVQA0uxThVQRjQSedTni5Wn V5pFL5iNucs9TbrX7br6PxKwkbIn9bMg9bfe5U/fQv9tn+wy6Au67BSstBYrjzStSuFX nFX3nGB2WSpdRAFkvclyb+mwXBsrwfvcMwkRgHQxt+wM+mV77P1mGv/uEhfRhOxgSCkJ RTs6SZym2Y24PLb/r32qMyet4bpgj5yPh6drt1Mgt8bthTY71bnsa57NyJ2cbXqgz/C4 wEZQ==
X-Gm-Message-State: APjAAAUPGy32qFL0OTdq6i11yXNim59UE2jyQa60tys3rV2jAJX06ATc j1ZXRUfao2MRqgPZ1ijRZnmD8t2F
X-Google-Smtp-Source: APXvYqyQpE7RACBRmKxoCOtrM1RQZmsREtD2aRLh9S2xaB+66mLzFl4bfuDI1deV+n/VuY4W4LUpFA==
X-Received: by 2002:a0c:88e9:: with SMTP id 38mr24679234qvo.31.1563298517981; Tue, 16 Jul 2019 10:35:17 -0700 (PDT)
Received: from clemson.local (nat-gwifi.jhuapl.edu. [128.244.87.132]) by smtp.gmail.com with ESMTPSA id d23sm9291406qkk.46.2019.07.16.10.35.17 for <add@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Jul 2019 10:35:17 -0700 (PDT)
To: add@ietf.org
References: <LO2P123MB2462DEB5330C313055D62CC396FB0@LO2P123MB2462.GBRP123.PROD.OUTLOOK.COM> <2ab90a6a-dd40-b7a0-b380-4dcbd657c89c@innovationslab.net> <DBDC5D2B-2AE8-4F91-9601-FF2D0CD57589@senki.org> <77611009-274c-a900-866b-e543a6d8053c@innovationslab.net> <LO2P123MB2462A6AF6EE58F23BBBC1C6896F00@LO2P123MB2462.GBRP123.PROD.OUTLOOK.COM>
From: Brian Haberman <brian@innovationslab.net>
Openpgp: preference=signencrypt
Autocrypt: addr=brian@innovationslab.net; keydata= mQINBFm5KgYBEACs2icafejrG19L5DRNFq8Q2O+K+LRxjR4qAElZDnXFXNA2ipFWPeT0J2wa KJ+h9UdfhDm8DzULB553CYm+Q3XF1N56TglkIRMZYc7mYXZEr3x7e4fmX4kD4qMjBLG8cL26 rEe3Q0qaiMGY69/4o5coVMT0qmHjgCH1tkG+L2Y8MKr1gFxS18eO8MVoWe1yDKuyxFSElHGB 3mZn4gcqeCaemPGG3CiVNlp4KnijpNcSgvseXbkQEA4IXEsIvUL8MIwOTXg9Gh5cbtisZpuf +4B0LNMUSqWlqyKd9M3KCMj+dW4vsFytc00Z+GyQ+ArOR9GwTdAwJ5qqVODTvbjKqOR1zolJ 1JxLUtSiv7Lx5x2OrCexPYXkzlTkjG9Imtg2XNh55R/JKMC3KU1NQL3nS9tJXeoRWNgWSZrG MsrbeejbqLVb9LblXNpgLciJ96XHMvYAXX7p4LAwivzSRrVg46vErYIAV6EvDvwVENWW8JCU 0vX5iTGfkEwU4KxCa7WAmmD8yiNspHP1J0uk93Sta5K0PuTi7b+EZlCjdrqOEWLGPv6qXlIu FwLLcCaDs3XdVvwgNM+UFRxFH1aOVQQKCiCOCcNlwgYG1u4ZbD2T6hd/d2tOAKu/MNnQVF7d Cfi2BtSjzglLcY61e37zqTM04BgU+LniZ7V99yneM6DM2UzgkwARAQABtClCcmlhbiBIYWJl cm1hbiA8YnJpYW5AaW5ub3ZhdGlvbnNsYWIubmV0PokCQAQTAQoAKgIbAwUJB4YfgAULCQgH AwUVCgkICwUWAgMBAAIeAQIXgAUCWbkqSAIZAQAKCRBo1jycU9GLYQixD/9UX0uiAvbJ+4dK z3Ne3kUdDK0Lk73RGfFgE/ezsc9I6ED82h+arC8pAoDnBWgzTxugZdbexek983bgMq02XFsG pJf7hudeKnB8UmtjTc0j1UUgi129FYyBmINS2Lz1gpEOygFfbeOGLJK5qZJwD3I3O6yN8SUZ uwahXXd1aEB+d1eGhNqxkjQ+L7vdfTlN662GWog3ROMwUbrg0+QAbn/Vlp2iIYO6VERUZ9Yr GfFJX9b9LKa6AHxzAaqFIix1h2wBiIacpIBGU/4+3+wL5zkCbGSRzoIHW8srllj7ehgwwfNx QevibuZWJ4XpHpIxrtsmBO7ERFk8pN7oiQ9M3b2Cg9OBD5vgxyMCHEKIblWyKz8GLtz5357L ORU1EBWB8BoJPBHz3u7bZE+jH9+w5PpI087Ae78KCDkTNj7o2wbkRoYLmLpMo8DOwAumyy5R 2DuRu0cn5Rw5pFjlJkyfM0Wf80Ml/SINrUORWeqSbsHSX8i+Y0Oyt5JNo9NFbgN0Gn/Qo364 I8cLgbvUAyFHwhnmbHB+QXFCGAy73NOQ+g2fCRPeSbihhYa34ugfmd4oa6W2w805ixzM7iGr P+wDB1dhA7eHKVmoo9Kxvm9VzU+2homYGEROd/H6n0BMvWtp1oFh/JvEgZN6dVLg3p+XX5Zj Ggy568bIY4P5kP7pAxh017kCDQRZuSoGARAAtCWxW1cRne/iGbFuibvB8d3upcbCB7oz4LWk LSE20Db2ymn04ici9V+wBSWX57me5jQdwMi/gzVVZcupbzWTg5Yhv7Qt7CKORJLEKo6nULbb 4aEpdOXD9s7wwx+foFjzjtDOH/JYoB+OEe2oW39VmK6EsIx7ClsLf6+cih5yApZHtmV+2M3J YSxD2kCUE619ITFLAkMf203ap5vJ6DDaaKnVoNhF9qV7jlJEceGqHTBG4KkBX/zNCehMIfhr ViY/B2IWAHeuZ99lnCPx2mehGGa4XLjQauUkY9KB7dOq/ODyt+7SL0dfWrOVf3BnU3C308b4 9YdId8KI4dJ30nfXn6ifTK9STZHZE+Mt1sIVmtEguqMXEk/axZmT14x194c7ZPmU/uCQTE3U y1NFs4Yof50WF1ze0CyN2ycmqx11mHjP5+L23TqcdIWmJG+EtdHUAFpu42kbB0fML3Oc/cEU SmWK3WpF5YPljLM2gyh3RXjuiBnaGoJaKTOj5zXQ2G2l3/ijbn9FbqmFup+R352dxUyakXEP xNe3HdyjfyUcy/RJNeZz/lgUIhkxWQjOOU1RIN41RtCKcF9tJjMwgQvI51QmPvf90/6ab3I/ vwEpjlRb4AbuWfPWe89J+Z3TG97V9sntlMcQ6MGiPLbyFpiXIf2150e6FxZdJtipVwY2d/kA EQEAAYkCJQQYAQoADwUCWbkqBgIbDAUJB4YfgAAKCRBo1jycU9GLYfy0EACYrxb4nWtOnIu0 N7rXXo/0ZjaBTyUhJ6hzy2D7rt3vv/qj2ui+N21ui/yMDS928za/XRfP25qN9A1puioHqN4l SAsxwCC3mT9GJXVXVgivg3MeciqBXoOdnk1hUkP1CTKL3qZ9pSuw8bPlNE7+b1xF7Oce37YH +QRVmBXbGwTxtDTCZ9Js0/IpiUtg9QCfmryB1r/fD0TFb8b9aCBuVeKocWSuX9UXRt7zRGM8 BJwOLvdLdGvV8us1imlBKFLai4L8CPgihuc/s7ZB0r3pgW697hXScWhGHF3OUWbPFVkNyivM xtDcq+9ZlUMrxFbwUEABi8NFwvzwn+YJQqlrPiF4xxsScYpnIlfWEuP6Vpp6Z/u5x+1MNyZb oxNWWaevMVeo3tdRV9F6/YFqucw4JQ9HqlCKQ62sW9+e5SSlxGNlV4j9cchG6a4fAZqxL+pS ks+KitK3ap/R4RUG+nbjLlhCwGJIti8lxvdYAoPqjtwEUmMJv4dIl0/2h1495cwBIi7XeRKZ Rx38TV3G3LCx0J8dFhkyTG5TxUZQFgHjznkIX7bzeSQX72MxT0b/tc38yM71WpAgAY+MlHCT FQRKqIQsH/4MFir+g/oV2uPNGwmg0QEOnv9zZ79JJ/nBmuXC2RwUVTtZgtiZXhaP0afvR0eg WPEzptIZZCSmtBOOYkfsAw==
Message-ID: <a71fc3bc-f8a0-5c5c-3e43-65771978e01b@innovationslab.net>
Date: Tue, 16 Jul 2019 13:35:16 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <LO2P123MB2462A6AF6EE58F23BBBC1C6896F00@LO2P123MB2462.GBRP123.PROD.OUTLOOK.COM>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="KSX6iXGQFNfNdA7blUARS5CObGyKZcJbO"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/ypWMBZOiHf_6yWd8fSqjj0gA_Ig>
Subject: Re: [Add] Thoughts on a DoH (and DoT) BCP?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 17:35:21 -0000
Hi Andy, On 7/10/19 7:50 AM, andrew.fidler@bt.com wrote: > Thanks Barry / Brian for highlighting the dprive-bcp-draft, I agree we should not have two BCPs from different WGs conflicting with one another. Let us discuss this in the 15min BoF slot we have allocated for overlap with existing chartered work in DPRIVE, DOH and DNSOP. > > On the potential topics list for a DoH BCP which areas do you believe are already covered in the DPRIVE draft and/or ongoing DPRIVE work? Which areas do you believe are not covered and should be considered by the ADD BoF? > From a DoT perspective, I think ADD could focus on: - split DNS - TLS session management - TLS overhead minimization Some of the last two are covered in the DoT spec (https://tools.ietf.org/html/rfc7858#section-5) Regards, Brian > Thanks, > > Andy > > andrew.fidler@bt.com > > This email contains information from BT that might be privileged or confidential. And it's only meant for the person above. If that's not you, we're sorry - we must have sent it to you by mistake. Please email us to let us know, and don't copy or forward it to anyone else. Thanks. > We monitor our email systems and may record all our emails. > British Telecommunications plc > R/O : 81 Newgate Street, London EC1A 7AJ > Registered in England: No 1800000 > > -----Original Message----- > From: Add [mailto:add-bounces@ietf.org] On Behalf Of Brian Haberman > Sent: 08 July 2019 14:22 > To: Barry Greene <bgreene@senki.org> > Cc: add@ietf.org > Subject: Re: [Add] Thoughts on a DoH (and DoT) BCP? > > Hi Barry, > > On 7/5/19 6:07 AM, Barry Greene wrote: >> >> The issues that Andrew is bring up would take that dprive-bcp draft in a totally different direction. Is this want you want? Would the authors be open to the change? >> > > My reason for pointing out the dprive BCP is to make sure everyone is aware of that document. > > As for the content... It is a dprive WG document, so it is subject to consensus-based changes. Neither I, as dprive co-chair, nor the draft authors have any more influence over the content than any other IETF participant. > > What I don't want is for 2 BCPs from different WGs to conflict with one another, hence the pointer. > > Regards, > Brian > >>> On Jul 4, 2019, at 9:29 AM, Brian Haberman <brian@innovationslab.net> wrote: >>> >>> Signed PGP part >>> >>> >>> On 7/3/19 3:41 PM, andrew.fidler@bt.com wrote: >>>> There are many challenges facing enterprise and internet service provider / operator networks that intend to deploy and operate DoH (and DoT) resolver services. The IETF should consider developing a BCP which documents these concerns and provide appropriate guidance. Some of these issues include: >>> >>> Please remember that there is already an operationally-focused BCP >>> draft for DoT. >>> >>> https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/ >>> >>> Regards, >>> Brian >>> >>> >>> >> >
- [Add] Thoughts on a DoH (and DoT) BCP? andrew.fidler
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Stephen Farrell
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Brian Haberman
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Barry Greene
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Brian Haberman
- Re: [Add] Thoughts on a DoH (and DoT) BCP? andrew.fidler
- Re: [Add] Thoughts on a DoH (and DoT) BCP? andrew.fidler
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Brian Haberman
- Re: [Add] Thoughts on a DoH (and DoT) BCP? philippe.fouquart
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Rob Sayre
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Rob Sayre
- Re: [Add] Thoughts on a DoH (and DoT) BCP? philippe.fouquart
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Lars Eggert
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Rob Sayre
- Re: [Add] Thoughts on a DoH (and DoT) BCP? Stephane Bortzmeyer
- Re: [Add] Thoughts on a DoH (and DoT) BCP? chris.box