[dns-privacy] Next steps for draft-rescorla-dprive-adox
Eric Rescorla <ekr@rtfm.com> Tue, 11 May 2021 21:32 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B908A3A273A for <dns-privacy@ietfa.amsl.com>; Tue, 11 May 2021 14:32:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDQK6-hcaq-y for <dns-privacy@ietfa.amsl.com>; Tue, 11 May 2021 14:32:07 -0700 (PDT)
Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA9203A273B for <dprive@ietf.org>; Tue, 11 May 2021 14:32:04 -0700 (PDT)
Received: by mail-il1-x12d.google.com with SMTP id e14so18414937ils.12 for <dprive@ietf.org>; Tue, 11 May 2021 14:32:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=Y3FmK1Kfa8azpY7Va24CzhBS3srzJiYEbNi3Z1jIz10=; b=YFdUdRaWJ4gxwoaxUqMtmWd1IwJaLs+/aORKIsdygLv62q2rA5Ot65CSA3UBzvG8mm z68kQv2dJ5E3IY/Nu1EZ5sTqBAnkDTTpT5QcKg5NdvOtiFV0nqOEambFjvojZEFQXCI5 Xz0mS1yIu9sH3zNuoarvLZZDaGYSaE4rrtw2E62elKdPxK7ZkhnKzBS3iyDW7uEvqyMF HCPiqhVloptrd0kFRM3iV8Hx8uaxd3vGdD2pC11WEbjuUz7Ujys1MFW26wK8vDC3R586 1sH+T6NrK9kb7WChHsYRmExAwZObQVrqsQmOnuWLkXtns2hLSMlbOf7QFQCeXl7e9bwK /FZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Y3FmK1Kfa8azpY7Va24CzhBS3srzJiYEbNi3Z1jIz10=; b=SohUJBp3lWoF/7/ZWlVIxGNsRPbATeeWamSeBL8gsjmXZPipAx83gf1uMgaQJE+SvO EL6/R6jNjUSsrq3m9Kx33DJbwH7jWrODOj9k194uz8bn0jE8YQz2T+PXzYj5lBBnI/7f JO8DTqfWdei9HSMr8EsIyqcH6ehMhb0I4mC4RrElk4QMsBbmSdphDg37+eTfD20dDOPJ tRBsgXicwezS4wmPSu6sI0OclMCK9m2ccAXdDWJErKWppvcyjbImFSNrXW1PBl6aa6WY 0OF/iMD0xU9YNMRsyURWjlCHxCrG74BDADJQASLj14vxtbn/w2gKsxHuKrOyI8og+LCv KywA==
X-Gm-Message-State: AOAM530p1HtMJTdhAqW51w+kYwButxEi2SVxnJf9dAzvD0wNfpm7hseK OA2W+4RQqRHpID+i0+BzokfOBdQlCvhEeanm/r90vkJAuVmGz83+
X-Google-Smtp-Source: ABdhPJwTuyon4BRvp6UqbjPcJ94+6fyxVj41uLnwhpNjweX9elYG5YlADXv9AER/s4WuduzNVThgWa+isoPtsIWJ9HI=
X-Received: by 2002:a92:cb86:: with SMTP id z6mr28771375ilo.35.1620768722973; Tue, 11 May 2021 14:32:02 -0700 (PDT)
MIME-Version: 1.0
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 11 May 2021 14:31:27 -0700
Message-ID: <CABcZeBOKv66-SOqYZDG0=v=X6tQOAobz4DZx9sD3-ppTE+wGOg@mail.gmail.com>
To: dprive@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ff0f5e05c2149f71"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/-MOxiQd9pImJRw5x1aWdhoo1J8w>
Subject: [dns-privacy] Next steps for draft-rescorla-dprive-adox
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 May 2021 21:32:09 -0000
Hi all, Now that we've had some time to let the ideas settle, I'd like to discuss what would be required in order for the WG to adopt draft-rescorla-dprive-adox-latest. >From my perspective, the primary open question is the wisdom of having some kind of record in the parent domain. For the reasons I indicated in my presentation and in Section 6, if we are unable to securely indicate the use of ADoX in the parent, it will not be possible to protect many queries (i.e., those for the apex). I note that this is also embodied in: https://www.ietf.org/archive/id/draft-pp-dprive-common-features-00.txt and https://www.ietf.org/archive/id/draft-ietf-dprive-unauth-to-authoritative-00.txt While I understand that there are people who have reservations about whether it will be practical to popuate the parent, I think the analysis cited above suggests that there will be comparatively little value in attempting to have a non-opportunistic mode without this feature (regardless of which record it is encoded in). So, from my perspective, the question is: 1. Do we want a non-opportunistic mode? [My answer, of course, is yes] 2. Is this proposal a plausible starting point for that? If the answer to both of those question is "yes", then I'd like to ask for adoption. If not, can we try to dig into each of them? -Ekr
- [dns-privacy] Next steps for draft-rescorla-dpriv… Eric Rescorla
- Re: [dns-privacy] Next steps for draft-rescorla-d… Paul Wouters
- Re: [dns-privacy] Next steps for draft-rescorla-d… Eric Rescorla
- Re: [dns-privacy] Next steps for draft-rescorla-d… Paul Wouters
- Re: [dns-privacy] Next steps for draft-rescorla-d… Ben Schwartz
- Re: [dns-privacy] Next steps for draft-rescorla-d… Paul Wouters
- Re: [dns-privacy] Next steps for draft-rescorla-d… Ben Schwartz
- Re: [dns-privacy] Next steps for draft-rescorla-d… Tim Wicinski
- Re: [dns-privacy] Next steps for draft-rescorla-d… Andrew Campling