Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

Vittorio Bertola <vittorio.bertola@open-xchange.com> Thu, 01 April 2021 12:38 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B1373A0E94 for <dns-privacy@ietfa.amsl.com>; Thu, 1 Apr 2021 05:38:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BUqANG329AkM for <dns-privacy@ietfa.amsl.com>; Thu, 1 Apr 2021 05:38:10 -0700 (PDT)
Received: from mx3.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7167D3A0E87 for <dns-privacy@ietf.org>; Thu, 1 Apr 2021 05:38:10 -0700 (PDT)
Received: from imap.open-xchange.com (imap.open-xchange.com [10.20.28.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx3.open-xchange.com (Postfix) with ESMTPSA id 30B006A021; Thu, 1 Apr 2021 14:38:05 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1617280685; bh=hdeTV2yhEcidCzF398OeYAGNo7FWPMf2SrF8SS96hQo=; h=Date:From:To:In-Reply-To:References:Subject:From; b=hqZ87OB/CjSXCfq1usZCu8RS6fzM8XBf5ODlIiMCfsKAaImk++qon02YwoMwGlrYM 8llUx64GPz1/dNVnR/nz6bbHWuu91gFsDKU/4lLBI1nX7dLNehRFpJeRFwwJOLOHtb 5rmdZJBfXKLbYfIDmBLC1CmhSIpV3tEJg1EgwR7fouszHzhZ+jSEO8qHxTKcpIxpgD +KjS1g0dmpQph0H6TaGgAZX/P+cBNqedLvppGl2rQqp1YC5OeAmdzbIArBNn0eCabY x/MpvBUJlz3tFA95a6PPUfNKzqhNJJ8szCfbCF6BEW40QGtgK1YqXdvW4BOk8smhHS Zjeo1abGEw9qA==
Received: from appsuite-gw2.open-xchange.com ([10.20.28.82]) by imap.open-xchange.com with ESMTPSA id PcDZC62+ZWAXZQAA3c6Kzw (envelope-from <vittorio.bertola@open-xchange.com>); Thu, 01 Apr 2021 14:38:05 +0200
Date: Thu, 1 Apr 2021 14:38:05 +0200 (CEST)
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Brian Haberman <brian@innovationslab.net>, dns-privacy@ietf.org
Message-ID: <1873743700.22570.1617280685129@appsuite-gw2.open-xchange.com>
In-Reply-To: <3b44bbe2-2d60-f6d3-70e4-a836411dbc32@innovationslab.net>
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com> <20210331091238.GA10597@nic.fr> <CAChr6SxPNVAZMYfZqF+K6Xf8FPGa9ZgHkL-uUvtKMEiJSPmp8Q@mail.gmail.com> <2607D274-936F-4A31-9E4D-EEBCF45BE838@pch.net> <CAChr6Szg+EbFqSpFPco8Gyb9pzNNnrSoQJcXTDVeg40_EXiPDg@mail.gmail.com> <4B1CCB51-C777-4434-B28E-76C22C12E4DA@pch.net> <CAChr6Sym=tm-vj-3FB-GbOG6U=U4CFsRE6yyWJk14waZQLbRiQ@mail.gmail.com> <ABD711DE-80CE-4B15-9153-82DA25E4F000@pch.net> <CAChr6Swfnc_s_-3TS6NuCzuqWduA-E6270x4uSLNGnTF+sLnmQ@mail.gmail.com> <981FF900-A7ED-46DF-9DDB-056E76822017@pch.net> <13460b9e-a7d4-1bad-b48c-64941fb4739f@cs.tcd.ie> <97657AD3-B264-4D96-AA0F-73294FBD8277@pch.net> <3b44bbe2-2d60-f6d3-70e4-a836411dbc32@innovationslab.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.5-Rev8
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/0EntfFgulI_dY-JByqlxldukkZ8>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Apr 2021 12:38:16 -0000


> Il 01/04/2021 14:08 Brian Haberman <brian@innovationslab.net> ha scritto:
> 
> The WG seems to fluctuate between wanting to treat all authoritatives
> the same and thinking of the root as being different from TLDs. If you
> recall during our interim meeting last year, we tried to keep them
> separate and some folks complained.
> 
> I (with no hats on) would take the Root Server Operators statement as a
> strong indication that they believe the root does need to be considered
> separately from the TLDs.

This discussion is more in the realm of policy than in that of protocol development, though it affects future decisions on ADoTQ. We started to discuss the root part of the issue, but the TLD one is also not that straightforward. If ADoTQ imposed significant additional costs on TLD operators, one could imagine that at least some operators could try - through whatever governance process applies to each of them - to raise the domain name price to compensate for these costs. Would ICANN and national regulators be receptive to this request? Would users be willing to pay for encrypted TLD connections? What would be the reaction of the rest of the domain name market? These are policy questions that would possibly determine a decision to deploy ADoTQ or not, and thus the success or failure of the protocol at the TLD level.

By the way, there are past examples of use of the DNS root by web browsers that generated very significant load, and thus cost, for root operators, without a matching advantage for end-users - e.g. https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/ . It looks like there is the need for better coordination and reciprocal understanding between the three communities - browsers, root operators and TLD operators. Perhaps this could be the subject of a session at one of the upcoming DNS community/policy conferences, trying to solicit views and/or experiments on how ADoTQ would impact root and TLD operations.

-- 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy