Re: [dns-privacy] [Ext] Threat Model
Dan Wing <danwing@gmail.com> Wed, 06 November 2019 03:21 UTC
Return-Path: <danwing@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEFF2120828 for <dns-privacy@ietfa.amsl.com>; Tue, 5 Nov 2019 19:21:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T9HIVUYXUgkq for <dns-privacy@ietfa.amsl.com>; Tue, 5 Nov 2019 19:21:44 -0800 (PST)
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 164CE12002E for <dns-privacy@ietf.org>; Tue, 5 Nov 2019 19:21:44 -0800 (PST)
Received: by mail-pf1-x42b.google.com with SMTP id n13so6039297pff.1 for <dns-privacy@ietf.org>; Tue, 05 Nov 2019 19:21:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=SVznIvi1sEom+BfkBMrmeJUuD2fZIaFoBqR5WpYkzBU=; b=CVGT1SPR7+iuNjU5aDw+tMtPwAN/Xmaqgxmv1UyX7S0eCu0pb/axJ8eZXTdJW7IeGF /10SpGjrnK8t9HP5wJ81tZyTjHVpZ88HdPOZuTz7IfgDnrHucEPAqEzFzKYpJChXhJVL 0aBCMcd0+OIHtRRiD4yMAZF4aEKPfwUVsSmojVlEkHsExDr0HKAjS9hXSXG9r6wGCX3j K29DmWYo2mXbDvQrlzIt8OpUWrBqhqwnUzom/jkihEaQolB88LPg9XTV6Xty9w/C21U0 FhiRHkf/VOnp7F9inp4S/085YhekN2wPeDdVVaA0JVRlVxB0ZlB6gFkcMAKb16HSDtiG aaxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=SVznIvi1sEom+BfkBMrmeJUuD2fZIaFoBqR5WpYkzBU=; b=q7hw8pof0vmkY5WklN7//jZ6L6CqjNdWDb6ZtXfHcki8CXgjb8HgB7m1oOyN9djK1N HwJSIz7k8rMCZ2h6b6AQ3TCmmncE/hRVDixrNrVwE8DjmHzWyCt799zFJHBWL4j/S8z9 UvQTfTlW4NabO4gwbua50fqeG1wqnorcdAJwNQceLOC4TbMdJYmDAOY+iyjz7wPdJxs3 rg6Mc4CaFXfhuoihd/VJfnIXiPeS5ln9Q28ZmYNOHhT3tI9Ae8APx0Hj9lMQ2VXezz7s XREjNd4VJB4ykeBlYW0Tob5j9rOSmg4D9PXYGuaRrNP9FYVGBlQ8OcUAs9DrKwPT68OJ BfHg==
X-Gm-Message-State: APjAAAWhGNFfmQ10rpjtKhPPJ8dALsk3k2qdHSDuR2h2pbOQbXFrjXyD 9J3j/RDZc+qLeze638E32MXyYQMo
X-Google-Smtp-Source: APXvYqyUZiSicjo+knepiYvOzCqhQazwG6TgJkgZUlPV/35zT7u+yrSQBmd+yFpW0jq3frAia6VHgA==
X-Received: by 2002:a63:1323:: with SMTP id i35mr256774pgl.450.1573010503219; Tue, 05 Nov 2019 19:21:43 -0800 (PST)
Received: from [192.168.1.87] (47-208-190-34.trckcmtc01.res.dyn.suddenlink.net. [47.208.190.34]) by smtp.gmail.com with ESMTPSA id i123sm25177133pfe.145.2019.11.05.19.21.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Nov 2019 19:21:42 -0800 (PST)
From: Dan Wing <danwing@gmail.com>
Message-Id: <5CD1BFD0-7972-4CEA-99C4-2967CE2C290E@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_48CD1016-9387-47E2-8AE2-FD5C10A1794A"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 05 Nov 2019 19:21:41 -0800
In-Reply-To: <CAHw9_iKhaA9Nb+eH92YfzdepU90_DgLyS-ZDaMAehKOFO0ksEA@mail.gmail.com>
Cc: Paul Wouters <paul@nohats.ca>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
To: Warren Kumari <warren@kumari.net>
References: <CABcZeBMQEJ=LE8ATQYnJj59srsK47hf4HT3BMMg3X2crVfSUXQ@mail.gmail.com> <CABcZeBOhSYvqPyDcm9zbMYRc03DmPcCKYTYE-uC54=Mm9HMcnQ@mail.gmail.com> <99ee8cd4-9418-2d64-57fd-487b4f2c3a1a@cs.tcd.ie> <CABcZeBOBFFi=dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com> <CAHw9_iLz5No-SKa74To03ida3DHfeKY58CrJFJpLph8FsvzNQQ@mail.gmail.com> <CABcZeBMFDbATVRvJvvs5b4giQ=0B82i76ahv-ffDgWJOzqZccw@mail.gmail.com> <CAHw9_i+e8veeAz+KYXjvchmjKJz6OZHX1pEYx_Tvs8n5xnfBnQ@mail.gmail.com> <6D6233DC-4D7C-45BC-9D4E-08E6E882C1A5@nohats.ca> <alpine.DEB.2.20.1911042035571.29247@grey.csi.cam.ac.uk> <CAH1iCioH86q1CX7A+F8ON4uzpGqipUy8m3iczyNqSKirAsYBQg@mail.gmail.com> <alpine.LRH.2.21.1911041652450.5093@bofh.nohats.ca> <CABcZeBOtY3saJe5DWTu=Jqy5guqdoKPKSR+XYddbvxwxKsxmig@mail.gmail.com> <CAHw9_iKaeT0VEjZfoCi9Nddc+VBBj0JHWDHv+=g3xzvb6L+Nvg@mail.gmail.com> <alpine.LRH.2.21.1911050941090.30046@bofh.nohats.ca> <CAHw9_i+MxMCd7dDO7N0-hc1SDjvBeoLoUvbg4JWDzXyjR0u4xQ@mail.gmail.com> <alpine.LRH.2.21.1911051437000.11602@bofh.nohats.ca> <CAHw9_iKhaA9Nb+eH92YfzdepU90_DgLyS-ZDaMAehKOFO0ksEA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/4fcwfJpAt9zm3JOxRHJHS63nIOU>
Subject: Re: [dns-privacy] [Ext] Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 03:21:46 -0000
On Nov 5, 2019, at 3:13 PM, Warren Kumari <warren@kumari.net> wrote: ... > I'd like to see something less stupid than ns01-dot.kumari.net, but I > don't really see what else the child controls at the parent (without > having a separate set of info / RR type / encoding stuff in DS, etc) Perhaps encode feature flags into the last digits of the SOA's Expire time? For example kumari.net <http://kumari.net/> has an expire time of 1209600, and those last two (decimal) digits could be used for binary encoding feature flags, so 1209601 = DoT, 1209602 = DoH, 1209603 = DoT and DoH, and so on. This gives us 6 feature flags we could shove into Expire time. -d
- [dns-privacy] Threat Model Eric Rescorla
- Re: [dns-privacy] Threat Model Christian Huitema
- Re: [dns-privacy] Threat Model Brian Dickson
- Re: [dns-privacy] Threat Model Ted Hardie
- Re: [dns-privacy] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] what's good enough, or Threat M… John Levine
- Re: [dns-privacy] what's good enough, or Threat M… Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] what's good enough, or Threat M… John R Levine
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model David Conrad
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] Threat Model Livingood, Jason
- Re: [dns-privacy] [Ext] Threat Model Tony Finch
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model John Levine
- Re: [dns-privacy] [Ext] Threat Model John Levine
- Re: [dns-privacy] [Ext] Threat Model Tony Finch
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Dan Wing
- Re: [dns-privacy] [Ext] Threat Model Mark Andrews
- Re: [dns-privacy] [Ext] Threat Model Ralf Weber
- Re: [dns-privacy] [Ext] Threat Model Hugo Connery
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Ted Hardie
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Bob Harold
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Ebersman
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Bob Harold
- Re: [dns-privacy] [Ext] Threat Model sthaug