Re: [dns-privacy] Working Group Last Call draft-ietf-dprive-dtls-and-tls-profile
Sara Dickinson <sara@sinodun.com> Fri, 07 October 2016 17:32 UTC
Return-Path: <sara@sinodun.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46031129598 for <dns-privacy@ietfa.amsl.com>; Fri, 7 Oct 2016 10:32:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wCDzpxDjX1Zv for <dns-privacy@ietfa.amsl.com>; Fri, 7 Oct 2016 10:32:36 -0700 (PDT)
Received: from shcp01.hosting.zen.net.uk (shcp01.hosting.zen.net.uk [88.98.24.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 652A1129493 for <dns-privacy@ietf.org>; Fri, 7 Oct 2016 10:32:36 -0700 (PDT)
Received: from [62.232.251.194] (port=10483 helo=[192.168.1.141]) by shcp01.hosting.zen.net.uk with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.87) (envelope-from <sara@sinodun.com>) id 1bsZ0N-0004xs-Pv; Fri, 07 Oct 2016 18:32:31 +0100
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Sara Dickinson <sara@sinodun.com>
In-Reply-To: <20161007094840.GA27400@laperouse.bortzmeyer.org>
Date: Fri, 07 Oct 2016 18:32:21 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <34B559CE-B72D-467D-BF1B-36F9B991DD47@sinodun.com>
References: <5dc29c0c-9f34-dcac-8d94-f2722ee6a4ba@gmail.com> <20161007094840.GA27400@laperouse.bortzmeyer.org>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
X-Mailer: Apple Mail (2.3124)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - shcp01.hosting.zen.net.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - sinodun.com
X-Get-Message-Sender-Via: shcp01.hosting.zen.net.uk: authenticated_id: sara+sinodun.com/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: shcp01.hosting.zen.net.uk: sara@sinodun.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/2VCT__PXoLoi3EjE0qWVepgqHPs>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Working Group Last Call draft-ietf-dprive-dtls-and-tls-profile
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 17:32:38 -0000
> On 7 Oct 2016, at 10:48, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote: > > On Thu, Oct 06, 2016 at 02:58:09AM -0400, > Tim Wicinski <tjw.ietf@gmail.com> wrote > a message of 28 lines which said: > >> This starts a Working Group Last Call for: >> draft-ietf-dprive-dtls-and-tls-profile > > Executive summary: OK for me, > draft-ietf-dprive-dtls-and-tls-profiles-03 can (and should) be > published. I find that touchy issues, such as the relationship with > the authentication mechanisms described in RFC 7858, or such as the > table 1 "DNS Privacy Protection by Usage Profile and type of attacker" > are nicely done. Good to know - thanks. > > The table 1 could use some details about the possibility of detection > for passive attacks (for active attacks, it is addressed in section > 5). These details were promised in > <https://mailarchive.ietf.org/arch/msg/dns-privacy/8VMIuFKWZUAzP7UWivLn9fA_Ew4> > :-) Yes, thanks for catching (again)! I will add an example similar to the one in the mail thread into section 5 so that the discussion of detection of active and passive attacks are together. > > Technical question: > > The document seems to use "X.509" and "PKIX" as synonyms. Is it really > the case? Paul’s suggestions of using PKIX throughout seems sensible. > > Small legal detail: > >> this application [extended to be used for recursive clients and >> authoritative servers] is out of scope for the DNS PRIVate Exchange >> (DPRIVE) Working Group per its current charter. > > A bit exaggerated: the current charter says "it [the DPRIVE WG] may > also later consider mechanisms that provide confidentiality between > Iterative Resolvers and Authoritative Servers” A reasonable point. I copied that text directly from RFC7858 (DNS-over-TLS) as that is how the scope is justified in that document….. > > Editorial detail: > >> but may be the subject of a future I-D. > > Should probably be removed before it becomes a RFC. How about I change it to “may be the subject of future work”? Unless such an ID is likely to appear in the very near future? :-) Sara.
- [dns-privacy] Working Group Last Call draft-ietf-… Tim Wicinski
- Re: [dns-privacy] Working Group Last Call draft-i… Stephane Bortzmeyer
- Re: [dns-privacy] Working Group Last Call draft-i… Paul Hoffman
- Re: [dns-privacy] Working Group Last Call draft-i… Sara Dickinson
- Re: [dns-privacy] Working Group Last Call draft-i… Stephane Bortzmeyer
- Re: [dns-privacy] Working Group Last Call draft-i… tjw ietf
- Re: [dns-privacy] Working Group Last Call draft-i… Paul Hoffman
- Re: [dns-privacy] Working Group Last Call draft-i… Sara Dickinson
- Re: [dns-privacy] Working Group Last Call draft-i… Paul Hoffman
- Re: [dns-privacy] Working Group Last Call draft-i… Sara Dickinson
- Re: [dns-privacy] Working Group Last Call draft-i… Paul Hoffman
- Re: [dns-privacy] Working Group Last Call draft-i… Paul Hoffman
- Re: [dns-privacy] Working Group Last Call draft-i… Sara Dickinson