Re: [dns-privacy] Preliminary Minutes Posted
Paul Wouters <paul@nohats.ca> Sat, 25 July 2015 10:37 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBB3B1B2D7C for <dns-privacy@ietfa.amsl.com>; Sat, 25 Jul 2015 03:37:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.69
X-Spam-Level:
X-Spam-Status: No, score=0.69 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k6K1PZAWkhmI for <dns-privacy@ietfa.amsl.com>; Sat, 25 Jul 2015 03:37:28 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDB171B2D7B for <dns-privacy@ietf.org>; Sat, 25 Jul 2015 03:37:27 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3mdkP22p9FzD7M; Sat, 25 Jul 2015 12:37:26 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=LJkuA4SJ
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id nbPs2mDFCC3K; Sat, 25 Jul 2015 12:37:25 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sat, 25 Jul 2015 12:37:25 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 03843800B3; Sat, 25 Jul 2015 06:37:24 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1437820644; bh=meOXej3WW5ecnQxuiSPcIloJYIXFWcTPk7ZllLSOOic=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=LJkuA4SJN9kR3hUsf5vlXFUmGaxozDgV5vC+ebnfAvPCFEVKFNxqrcm5b7m06Z3NQ zk6H/IqCC25pSaTHcIQWP+Bm9UHLDK5skZr3rVDwtDOBVhTRnQmgRq2Oj97mMr55Qe lFInmLMCv3/CsiUKPkh5odHKYs+fNnv3KV2zJVXE=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.1/8.15.1/Submit) with ESMTP id t6PAbNK1004105; Sat, 25 Jul 2015 06:37:23 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Sat, 25 Jul 2015 06:37:23 -0400
From: Paul Wouters <paul@nohats.ca>
To: Tim WIcinski <tjw.ietf@gmail.com>
In-Reply-To: <55B343C7.9010800@gmail.com>
Message-ID: <alpine.LFD.2.11.1507250623060.854@bofh.nohats.ca>
References: <55B343C7.9010800@gmail.com>
User-Agent: Alpine 2.11 (LFD 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/6mWf7NcW4TElSfqv51YGixaWttY>
Cc: dns-privacy@ietf.org
Subject: Re: [dns-privacy] Preliminary Minutes Posted
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 10:37:29 -0000
On Sat, 25 Jul 2015, Tim WIcinski wrote: > The rough consensus in the room was to > request an early port allocation request; and to > start with a new port directly. I thought that at least one of these had a third hum option that was not insignificant (although not as strong as the actions listed here) I am still very much concerned about both using a new port and concerned using a starttls option - mostly focused on the stub to (external) recursive. For one, I really don't want us to hurt port 53's current freedom, and fear if we open that up to basically an encrypted stream of unknown but presumed DNS traffic that we will see an increase in port 53 manipulation and filtering. (middleware boxes also basically killed IKE port 500, and we had to switch to port 4500 for most of it to the point where we could now almost obsolete port 500) On the other side, I really want encryption to be part of the standard so it becomes harder to filter out my queries just because these are encrypted. Using a separate port could mean an instant death sentence for such deployment. That said, I guess I'm leaning towards a new port and not mucking with the current port 53. Paul
- [dns-privacy] Preliminary Minutes Posted Tim WIcinski
- Re: [dns-privacy] Preliminary Minutes Posted Paul Wouters