Re: [dns-privacy] [Ext] Re: ADoT requirements for authentication?

Jim Reid <jim@rfc1035.com> Thu, 31 October 2019 17:11 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03773120800 for <dns-privacy@ietfa.amsl.com>; Thu, 31 Oct 2019 10:11:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 199cgazN6o42 for <dns-privacy@ietfa.amsl.com>; Thu, 31 Oct 2019 10:11:50 -0700 (PDT)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F1D2120251 for <dns-privacy@ietf.org>; Thu, 31 Oct 2019 10:11:50 -0700 (PDT)
Received: from dhcp-221-71.meetings.nanog.org (dhcp-221-71.meetings.nanog.org [199.187.221.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 8AE1B2420FDE; Thu, 31 Oct 2019 17:11:47 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <BAD38F3A-5344-410A-BC8A-A25DD66257A6@cable.comcast.com>
Date: Thu, 31 Oct 2019 17:11:45 +0000
Cc: dns-privacy@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3333A176-94CA-4CD5-9BDD-A5AB499F5346@rfc1035.com>
References: <943e3973-f6a7-9f6e-a66a-33aff835bd5e@innovationslab.net> <503df6fb-b653-476f-055f-15c1a668ba36@innovationslab.net> <5fe86408-35a8-16ea-d22a-9c6c4a681057@icann.org> <CA+9kkMBZUPfWov6B+pgLYuFmZh10dTzwF2PdKs5Vozzssqvzjw@mail.gmail.com> <edf53c16-3be9-786c-dcb1-0edc9fd9711c@icann.org> <CA+9kkMC5ynqK+8QO==5Pi_9edjTkJJ3yLHBHqJFOox8fi1_8HQ@mail.gmail.com> <CAHbrMsAAvadukzifKEj9eEWB91aDjmnu775F_YdtBaUHrHwDDQ@mail.gmail.com> <CA+9kkMCVj3Lte1dooNthm0f6eBPFUGbxdQBGyjB62KD8wn+f-g@mail.gmail.com> <CAHbrMsCU4b7yNwEfq1J0qsX3vbij+bLdXpanPMKaF+h6yqkXKw@mail.gmail.com> <CA+9kkMA9=m67w=yPR4=cNmHvMH29ogzBVzA8GZU_HCBkVNUxOg@mail.gmail.com> <CABcZeBMyrW=D+dyoT3FUvfe+9hM7ZCndv=tZ9B2F170U0Z7obw@mail.gmail.com> <CAHbrMsAgR-Andoxs5WRMp2jE3Gf_1EWWpsrAm3eFc-vGhb5A3w@mail.gmail.com> <CABcZeBNTJYQc_1kbK7cL3S8KcHfEzpNsZaeK=OeYopEpjLF9_Q@mail.gmail.com> <CAHbrMsBaGBx-gye+Y+4Ja_a9Dkvkt6kLva3fzyvrzuuzxECZuw@mail.gmail.com> <CABcZeBP64qr81ccw+cbYy6FuQkgArS=G9_itEt8A_UfN8SO7GA@mail.gmail.com> <BDFD7D8F-BB99-46DF-85AC-922DDF25A1D3@rfc1035.com> <BAD38F3A-5344-410A-BC8A-A25DD66257A6@cable.comcast.com>
To: "Livingood, Jason" <Jason_Livingood@comcast.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/-T0cdVpKyfRxDS7ObsLVAgsau5g>
Subject: Re: [dns-privacy] [Ext] Re: ADoT requirements for authentication?
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 17:11:51 -0000


> On 30 Oct 2019, at 18:40, Livingood, Jason <Jason_Livingood@comcast.com> wrote:
> 
> I agree that this is not a technical issue of scaling the root; that quantity of queries per day and second is not a big problem. Rather, as you note, it is a layer-9 issue. But I don't think we should constrain our requirements development & protocol design because of this. 

In principle, I agree with you. Though in practice, I'm questioning if it makes sense to work on ADoT unless there's a strong likelihood it will get mainstream deployment and adoption. [What's the point of producing something that won't see widespread use?] And surely if there's going to be ongoing protocol design work, that needs to take account of the concerns of those who run busy authoritative servers? AFAICT apart from a recent ID from Verisign, they have not been part of the discussion so far.