Re: [dns-privacy] Possible use case: Opportunistic encryption for recursive to authoritative
Rob Sayre <sayrer@gmail.com> Sat, 08 August 2020 02:12 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C65D3A0A8E for <dns-privacy@ietfa.amsl.com>; Fri, 7 Aug 2020 19:12:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yb-cHBMqzN4G for <dns-privacy@ietfa.amsl.com>; Fri, 7 Aug 2020 19:12:40 -0700 (PDT)
Received: from mail-il1-x12f.google.com (mail-il1-x12f.google.com [IPv6:2607:f8b0:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE0E63A0A88 for <dns-privacy@ietf.org>; Fri, 7 Aug 2020 19:12:40 -0700 (PDT)
Received: by mail-il1-x12f.google.com with SMTP id e16so3295329ilc.12 for <dns-privacy@ietf.org>; Fri, 07 Aug 2020 19:12:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SLSukEWxSxsS0Xf1nXvpF0EpSUU5xYbTa4gHDNxZUVo=; b=PVkxjtWKV8wRZEGNKpAXxwVdfCnRgUTC16ql68z93iPmKh6yVgOwkgYkoNMZBi9Uvk j3dn2DGmdA+qmRQR1Ky6XDDKeSH77j+gG0JwaXvGQ3n+sus5Vdt/vupvmDyj2/POiO6X V3jLdivoA6PhJKrmTqirFvqKz/bsCgVtbnbOcYmtksfaQFcjigiWhTFbNdx/NeRShKl6 9YHhsUH/vFtXDaPnAFEL0FjHfDNU8uhyuYGvyDr7li4B+w3aZjDoDvtyCEs7EHF4rsA0 bKzNk73j4iQT249U9Uhmv+PYhs+Qx9X5pSU4RkszUpDZG86fuJ1ggcJZ8VcxoTkzpc51 na4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SLSukEWxSxsS0Xf1nXvpF0EpSUU5xYbTa4gHDNxZUVo=; b=V8cYhUW8WnaYB2wc+aCdyqPqIYFskICbfHkSWEZ1XYDQiSxLiuCM6zHFOeF9jDbXky R2D3dYMc9M070D4dkM+XsZ4a01Ri1RBDsmMJaXl3KcZSbzXrIWxaN3um1XLMDqRJ71EZ Q9srV5ebH2wySsE1Twq/Sl4y1A3+GqHjTafA/5hNpgptCw2+lxCpOTwWfZFN8em+lEV2 qcFhc8IbWgbhpdG1WqaUcL8tYQ3xE0EWcaHHSngOkWOFSkZOFDU+j2BKwIQ1BVEuwSLj mifEb5ll/4eyVLre3kp2mTmI2NBve00uQ0yY2gZRt4A3qKbiVso+wEyK2JhoGUMJSR7r Bw/g==
X-Gm-Message-State: AOAM532sc1pWu9OuwZRuobKyZv3fxR2q6hliEvYpcVbsEQbRWG/DhMbC 6jymw+e62AhcdBZ2X+NgmqMK8P8pGCDkWtilnj0ilHjs
X-Google-Smtp-Source: ABdhPJw96fqCT7dJVV7lep767uMK2JxgMCmSsOGcxzEp8OQugS9U8QsYj0uouU+WVeXckL3zvOriIOX9goWO15OQcU8=
X-Received: by 2002:a05:6e02:8b4:: with SMTP id a20mr7314880ilt.254.1596852759999; Fri, 07 Aug 2020 19:12:39 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6SwGjo889gkMK0aE-76NTSrP799jMm8RBQaDRKo+XvWQ-w@mail.gmail.com> <20200808020442.127E71E60494@ary.qy>
In-Reply-To: <20200808020442.127E71E60494@ary.qy>
From: Rob Sayre <sayrer@gmail.com>
Date: Fri, 07 Aug 2020 19:12:28 -0700
Message-ID: <CAChr6SzAxy6AFUb0BDm2VgcrG=pxNqx6b5Ex+S4mLNAT26A_jA@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: DNS Privacy Working Group <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000084bb3105ac544135"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/3UHRBkI2ZzkmWEBTyr_kOjvaZx0>
Subject: Re: [dns-privacy] Possible use case: Opportunistic encryption for recursive to authoritative
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2020 02:12:42 -0000
On Fri, Aug 7, 2020 at 7:04 PM John Levine <johnl@taugh.com> wrote: > In article < > CAChr6SwGjo889gkMK0aE-76NTSrP799jMm8RBQaDRKo+XvWQ-w@mail.gmail.com> you > write: > >Assuming this traffic is encrypted, which I am in favor of, the CPU load > on > >the authoritative server will increase after an outage or network problem. > > > >Is this already factored in? > > How is that diffferent from now? If a DNS server is offline and comes > back online, it will see a bunch of queries. > The issue is that connection establishment will be expensive, which is something separate from getting a bunch of queries. As others have pointed out, this cost will be amortized to almost nothing most of the time. After an outage, this connection establishment cost will have to be dealt with in parallel. I don't have an opinion on whether this should be implementation guidance, or even in the spec. thanks, Rob
- [dns-privacy] Possible use case: Opportunistic en… Paul Hoffman
- Re: [dns-privacy] Possible use case: Opportunisti… Ben Schwartz
- Re: [dns-privacy] [Ext] Possible use case: Opport… Paul Hoffman
- Re: [dns-privacy] Possible use case: Opportunisti… John R. Levine
- Re: [dns-privacy] Possible use case: Opportunisti… Tim Wicinski
- Re: [dns-privacy] Possible use case: Opportunisti… Puneet Sood
- Re: [dns-privacy] Possible use case: Opportunisti… Rob Sayre
- Re: [dns-privacy] Possible use case: Opportunisti… Puneet Sood
- Re: [dns-privacy] Possible use case: Opportunisti… Rob Sayre
- Re: [dns-privacy] Possible use case: Opportunisti… Manu Bretelle
- Re: [dns-privacy] Possible use case: Opportunisti… John Levine
- Re: [dns-privacy] Possible use case: Opportunisti… Rob Sayre
- Re: [dns-privacy] Possible use case: Opportunisti… Paul Wouters
- Re: [dns-privacy] Possible use case: Opportunisti… Brian Haberman
- Re: [dns-privacy] Possible use case: Opportunisti… Ask Bjørn Hansen
- Re: [dns-privacy] Possible use case: Opportunisti… Paul Ebersman
- Re: [dns-privacy] [Ext] Possible use case: Opport… Paul Hoffman
- Re: [dns-privacy] Possible use case: Opportunisti… Peter van Dijk
- Re: [dns-privacy] Possible use case: Opportunisti… Peter van Dijk
- Re: [dns-privacy] [Ext] Possible use case: Opport… Brian Haberman
- Re: [dns-privacy] Possible use case: Opportunisti… Tony Finch
- Re: [dns-privacy] Possible use case: Opportunisti… Paul Wouters
- [dns-privacy] TLSA for secure resolver-auth trans… Peter van Dijk
- Re: [dns-privacy] Possible use case: Opportunisti… Vladimír Čunát
- Re: [dns-privacy] [Ext] Possible use case: Opport… Paul Hoffman
- Re: [dns-privacy] TLSA for secure resolver-auth t… Ilari Liusvaara
- Re: [dns-privacy] TLSA for secure resolver-auth t… Paul Wouters
- Re: [dns-privacy] [Ext] TLSA for secure resolver-… Paul Hoffman
- Re: [dns-privacy] TLSA for secure resolver-auth t… Vladimír Čunát
- Re: [dns-privacy] TLSA for secure resolver-auth t… Paul Wouters
- Re: [dns-privacy] Possible use case: Opportunisti… Viktor Dukhovni
- Re: [dns-privacy] TLSA for secure resolver-auth t… Peter van Dijk