Re: [dns-privacy] Suresh Krishnan's Discuss on draft-ietf-dprive-dtls-and-tls-profiles-09: (with DISCUSS)
Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 06 June 2017 08:18 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23E7E129AD5; Tue, 6 Jun 2017 01:18:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IrqrF_VkdQEh; Tue, 6 Jun 2017 01:18:44 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DE50129AD3; Tue, 6 Jun 2017 01:18:41 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 4CBA928054D; Tue, 6 Jun 2017 10:18:39 +0200 (CEST)
Received: by mx4.nic.fr (Postfix, from userid 500) id 4584028059A; Tue, 6 Jun 2017 10:18:39 +0200 (CEST)
Received: from relay01.prive.nic.fr (unknown [10.1.50.11]) by mx4.nic.fr (Postfix) with ESMTP id 3EC2928054D; Tue, 6 Jun 2017 10:18:39 +0200 (CEST)
Received: from b12.nic.fr (b12.tech.ipv6.nic.fr [IPv6:2001:67c:1348:7::86:133]) by relay01.prive.nic.fr (Postfix) with ESMTP id 3B7D16000082; Tue, 6 Jun 2017 10:18:39 +0200 (CEST)
Received: by b12.nic.fr (Postfix, from userid 1000) id 2C15C3FD23; Tue, 6 Jun 2017 10:18:39 +0200 (CEST)
Date: Tue, 06 Jun 2017 10:18:39 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Suresh Krishnan <suresh.krishnan@gmail.com>
Cc: The IESG <iesg@ietf.org>, tjw.ietf@gmail.com, draft-ietf-dprive-dtls-and-tls-profiles@ietf.org, dns-privacy@ietf.org, dprive-chairs@ietf.org
Message-ID: <20170606081839.kqp4q5c235vu4of5@nic.fr>
References: <149438779589.28796.5612447657226364837.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <149438779589.28796.5612447657226364837.idtracker@ietfa.amsl.com>
X-Operating-System: Debian GNU/Linux 9.0
X-Kernel: Linux 4.9.0-3-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20170113 (1.7.2)
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=1.2.2
X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2017.6.6.80916
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/-7aio2BY4pswiGSL492N7R-Qk5c>
Subject: Re: [dns-privacy] Suresh Krishnan's Discuss on draft-ietf-dprive-dtls-and-tls-profiles-09: (with DISCUSS)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 08:18:46 -0000
On Tue, May 09, 2017 at 08:43:15PM -0700, Suresh Krishnan <suresh.krishnan@gmail.com> wrote a message of 37 lines which said: > I do have a concern regarding section 7.3 as it is not clear what > really is being requested on the DHCP front here. While using an IP > address or an FQDN are generally both possible choices while > providing configuration options using DHCP, the use of FQDNs for > acquiring trusted DNS servers seems problematic. We have spent a > great deal of effort writing up some of the potential issues in > Section 8 of RFC7227. It seems there was no reply to this DISCUSS? If so, let me give my opinion: I disagree with the DISCUSS. Section 7.3 is just here to lay down some paths toward a future and possible DHCP extension. It does not attempt to standardize one. It does not request anything from the current DHCP servers. Mentioning section 8 of RFC 7227 could help, but this section does not discuss the DNS-specific issues (such as the fact we need both IP address and name of the DNS resolver, which RFC 7227 frame it as an exclusive choice). Possible solution if it is absolutely necessary to clear the DISCUSS: moving section 7.3 to an appendix to make clear it is not part of the DNS-over-TLS profiles definition.
- [dns-privacy] Suresh Krishnan's Discuss on draft-… Suresh Krishnan
- Re: [dns-privacy] Suresh Krishnan's Discuss on dr… Stephane Bortzmeyer
- Re: [dns-privacy] Suresh Krishnan's Discuss on dr… Suresh Krishnan
- Re: [dns-privacy] Suresh Krishnan's Discuss on dr… Stephane Bortzmeyer
- Re: [dns-privacy] Suresh Krishnan's Discuss on dr… Sara Dickinson
- Re: [dns-privacy] Suresh Krishnan's Discuss on dr… Suresh Krishnan
- Re: [dns-privacy] Suresh Krishnan's Discuss on dr… Terry Manderson