IETF Logo Mail Archive

Re: [dns-privacy] Review of draft-ietf-dprive-rfc7626-bis-03 - Section 3.5.1.1 Comments

Christian Huitema <huitema@huitema.net> Wed, 08 January 2020 08:11 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13AF4120170 for <dns-privacy@ietfa.amsl.com>; Wed, 8 Jan 2020 00:11:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rm7e9jLf3CRN for <dns-privacy@ietfa.amsl.com>; Wed, 8 Jan 2020 00:11:44 -0800 (PST)
Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47F1B1200A4 for <dns-privacy@ietf.org>; Wed, 8 Jan 2020 00:11:44 -0800 (PST)
Received: from xse286.mail2web.com ([66.113.197.32] helo=xse.mail2web.com) by mx148.antispamcloud.com with esmtp (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1ip6R7-0005oP-Vi for dns-privacy@ietf.org; Wed, 08 Jan 2020 09:11:36 +0100
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 47t24d4B1dzBPM for <dns-privacy@ietf.org>; Wed, 8 Jan 2020 00:10:57 -0800 (PST)
Received: from [10.5.2.31] (helo=xmail09.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1ip6Qb-0002YJ-Ey for dns-privacy@ietf.org; Wed, 08 Jan 2020 00:10:57 -0800
Received: (qmail 20086 invoked from network); 8 Jan 2020 08:10:57 -0000
Received: from unknown (HELO [192.168.200.66]) (Authenticated-user:_huitema@huitema.net@[72.235.197.82]) (envelope-sender <huitema@huitema.net>) by xmail09.myhosting.com (qmail-ldap-1.03) with ESMTPA for <mt@lowentropy.net>; 8 Jan 2020 08:10:56 -0000
To: Eric Rescorla <ekr@rtfm.com>, Sara Dickinson <sara@sinodun.com>
Cc: last-call@ietf.org, DNS Privacy Working Group <dns-privacy@ietf.org>, Martin Thomson <mt@lowentropy.net>
References: <4639bd67-6fca-47d1-aaeb-85fcd0394f46@www.fastmail.com> <7E5F804D-535F-4CB3-8F7F-ABD0ED4B833A@sinodun.com> <CABcZeBON0ung2htbaiKWGKJSUsHrPhrcEfJgVDoO3+UYCQZxsg@mail.gmail.com> <7729E44B-38EB-4EAF-8EFF-ED286696373E@sinodun.com> <CABcZeBNKsQ1pEVwxwYMgGTUhFntQ4h+L1Qyo=Q_nfN7p13y-UQ@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <85cb9bdb-690f-dd01-b824-3f33dbe111b7@huitema.net>
Date: Tue, 07 Jan 2020 22:10:55 -1000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
MIME-Version: 1.0
In-Reply-To: <CABcZeBNKsQ1pEVwxwYMgGTUhFntQ4h+L1Qyo=Q_nfN7p13y-UQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------5FD5E2258C9FC44BD793DB34"
Content-Language: en-US
X-Originating-IP: 66.113.197.32
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0c2Pj46HODYmpAMVAv0J1pOpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDwPzgJ2Ucltmld9WkfaJBY9Xt FNSzkMWnDricnMrpFJq1Ow2A6vWDHNlJvEah43jxQVFPFt+4EqMnp4CTDhVg0lKlzDUUdXZXKiJE 9FAeBYpBbCpe79Kozx0nomzoHNuERt4i8by3jNap5RzeUfq/5u42Vki7412dpbhrD2d47zbC3VvU djSCswikK/licfX+oIF6uBSWByrPG2Vxuo/vVPllrFEbCkMryfcYCsgMUJObfBQoU3roWy2GH1DY sAiH3gousbgNfxi2R3uFLvZP/HBXvrLBlKCVRjjdPbjQ4HnBNho1Lszw5OO01yYoll8q2UgzFF+j HNSbIoW1Q++Wvj3dKxLhoxcmaInYbR5vlqFg3eKzPG9E5MikC2dVXWcpK172i/E5sOgbaCtBiSIx 1XwCY8vmv+JqOVJamBHfOGVwjn7Xut/lXagsodd5qqODTFiwcpU4fyz75jxpU98RPGiH1Wgh6RAe nBR+licROGZHACxpZlh61XOh5v3g6f2dGBfTiFUgMuua665ZNZolbVrjB4jk2ge4MwGcK12N8w6I 9kVgrP8d/S99xR9aHf3T0ryXeQDqqkgHDboVrOy1pkXw8BMIsfBCWTvqwtHGsGbsxBoFbdIyTZwD 0tTyhMSsxN7AdG5dGcUW9psuByhoRoaPmF/7MAKyW1Kb4FKGpjSm/UO1vO7UdsxC8wUba45slOQk lkdIhTiEm+Km4dLQ35v6swd5IHP4xIKORT1wivuSqap6MqoISiKt4iiD9bav9R/2gMGq0KWAzmMf +ibVDpdplkxcBm4XM6d7s4Bx3w1WbaUe4g0kgaInvdEp64qlVpe//bVkg87Xe61e30HXuSERbInM iTBIUBbQ/Dy6Ip4D1rnEhdYtY/lMQX5s39oH5ijcGdSK77ViXbmzTYWgl82XucjoLWQ7++7jcUS/ T5w=
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/4Iv8ABHq8Oul1gIC6WRgkrNc9jw>
Subject: Re: [dns-privacy] Review of draft-ietf-dprive-rfc7626-bis-03 - Section 3.5.1.1 Comments
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2020 08:11:51 -0000

On 1/7/2020 12:47 PM, Eric Rescorla wrote:
>
>     To address the more general problem I suggest:
>
>     “Should the trend away from using ISP managed resolvers to using a
>     small set of large public resolvers continue, then an increased
>     proportion of the global DNS resolution traffic will to be served
>     by only a few entities. Some potential impacts of centralisation
>     within the Internet Infrastructure are outlined in
>     [I-D.draft-arkko-arch-infrastructure-centralisation] and include
>     some privacy related considerations.. "
>
>
> Yeah, my point is that I don't agree with this. Right now there is a
> lot of ISP centralization and the move of some of that traffic to
> public resolvers potentially decreases centralization at the margin. I
> certainly don't agree with citing draft-arkko, which is not at all a
> neutral or factual source, so this is just a way of incorporating by
> reference material which doesn't have consensus.


Centralization manifests itself in many ways. EKR is correct that big
ISP do get a huge part of the traffic -- last time I checked, there was
at least one ISP in China and another in India that served pretty much
as many customers as Google DNS. There is also centralization at work
due to outsourcing of the DNS service by ISP. This is a classic
concentration path: an outsourcer that serves many ISP will achieve
economies of scale and may be able to monetize the data flow, making
outsourcing a viable option for the ISP. Experience predicts that
competition between these outsourcers will exhibit "winners take all"
dynamics leading to concentration. As EKR says, the move to third party
resolvers may well counter concentration in the back end of the network.
It could also achieve the opposite, but there are risks on both sides of
this issue. I don't see how we can achieve consensus that one side of
the risk is more dangerous than the other.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email