IETF Logo Mail Archive

Re: [dns-privacy] ALPN protocol ID for DoT

Allison Mankin <allison.mankin@gmail.com> Fri, 13 December 2019 01:12 UTC

Return-Path: <allison.mankin@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43805120090 for <dns-privacy@ietfa.amsl.com>; Thu, 12 Dec 2019 17:12:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HSKfi0XEm_Yo for <dns-privacy@ietfa.amsl.com>; Thu, 12 Dec 2019 17:12:12 -0800 (PST)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38F9D120113 for <dns-privacy@ietf.org>; Thu, 12 Dec 2019 17:12:12 -0800 (PST)
Received: by mail-pl1-x632.google.com with SMTP id s10so504406plp.2 for <dns-privacy@ietf.org>; Thu, 12 Dec 2019 17:12:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MGORBA674836+tscOjw+rBsKjyHk8hsRqtaK+SPDad4=; b=kdleS040N7y2z07bPbCFJqTrjzKh6eLLKvyTV2BCiYanZM2EIay+wMNYko6zKd/Zic H5jXQMzGj5nRWrMJqXbfL7A0rEpzbHpH2uUUNygYD99RIqDJBBrUBfxwIACv0tX0Nf2Q MVOdmt53fR3I9cTc6kP0TGErkpSOg3J0vwG+qbsbgUkjCz7+b0CfoK4OsjBdSIwM8+42 1mNW/Y6JWfVrUHGCyO+A/llZ9y1E2IGMse73akVE2KJWOWVLQjTdISxOpBoVePIQuVwI uWXWNcazO2alF3PpgNLUCB8OhzwaBKEBRxo8+HaReEEGiAJ5kFv+KefiznUzeQwZceVd 3lEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MGORBA674836+tscOjw+rBsKjyHk8hsRqtaK+SPDad4=; b=ZhQyuaDNU+XNuq4Vsrs4ofW/HU3AfqOYKilRbhHlEIhiwLZhAgu2FODFb5Bl+MY5PK flIA+LWTbXFCQSXsjVS108YDybxe9L0evehlrqCfXOpMl3ZE91thSllQC5joMxMLtTSJ LPwrmua0uU7xhNzPnLFUscHZQRJWAtbDZwKce/yOllSXxADIef0LqdJ5zTfc1P8VL6H4 4uMdbOTfYIE8zlD/wy7iZBgnpHBwXjyqQ8D0ACZbaQwl6xbeo9aZRCzCQoe+k9j14jpn LZSrZ9o8v46u1uzVC9/W5wyozMgjYU78B01ety8/ecebYH/bXqiYCUABYO5j5LzmSyL3 pCnA==
X-Gm-Message-State: APjAAAXmjslpP65DRFLZoKmmWftn1kvBBPUwb1ZY6b+hpXUFHF04GqoL 1gZleN3T9ktpUpSE6fFnCKbbnPqXmtVJC+JKB7c=
X-Google-Smtp-Source: APXvYqz8tnf1WLpniyINMeB6U9eDKw4fch9zIAXxX4Cg3Bt/uJHjs410aSVzavL3LZtA+qtPYX2KazIeLV2fNQ3YV/M=
X-Received: by 2002:a17:90a:c790:: with SMTP id gn16mr13610048pjb.76.1576199531713; Thu, 12 Dec 2019 17:12:11 -0800 (PST)
MIME-Version: 1.0
References: <D59215DB-15F4-40F1-9606-C8BB6829BEE6@akamai.com>
In-Reply-To: <D59215DB-15F4-40F1-9606-C8BB6829BEE6@akamai.com>
From: Allison Mankin <allison.mankin@gmail.com>
Date: Thu, 12 Dec 2019 20:12:00 -0500
Message-ID: <CAP8yD=sAK+saanKriO=hr23-VB0BQYbLqrqts+9z=6tQd_d5tg@mail.gmail.com>
To: "Reed, Jon" <jreed@akamai.com>
Cc: Sara Dickinson <sara@sinodun.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002edac905998b8d3c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/8Q0k0Tw1cUMQyyINt_hZKposkIY>
Subject: Re: [dns-privacy] ALPN protocol ID for DoT
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Dec 2019 01:12:14 -0000

Thanks for checking. I recall we co-authors of RFC 7958 talked about ALPN
for DoT before (can't recall if it bubbled up to WG discussion). It seems
useful to me now.


Question for the WG:
Would we want to update RFC 7858 (or RFC 8310) to indicate the ALPN ID
exists? This would be for the sake of future implementors, whether they
want to run DoT and DoH, or want to cautiously run only DoT on 443.

Allison

On Thu, Dec 12, 2019 at 09:01 Reed, Jon <jreed@akamai.com> wrote:

> Hi all,
>
> I'm planning to request a registration of an ALPN ID[1] for DNS-over-TLS.
>   One primary use case we have is supporting both DoT and DoH on port 443,
> when port 853 is blocked between clients and the servers (this is by mutual
> agreement, as discussed in RFC 7858 ยง 3.1).   I plan on requesting the
> protocol ID 0x64 0x6F 0x74 ("dot"), following the conventions of using all
> lowercase in registrations.
>
> Per discussion with one of the expert reviewers, I'm polling the list to
> see if anyone has objections -- if so, please let me know.  I'd be
> interested in hearing the objections, and what alternatives might be
> proposed.
>
> Thanks,
> Jon
>
> [1]
> https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids
>
>
> --
> Jon Reed
> jreed@akamai.com
> Nameservers Service Performance
> Akamai Technologies
>
>
>
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
>

v2.23.0 | Report a Bug | By Email