[dns-privacy] draft-ietf-dprive-unilateral-probing support/implementation

"George (Yorgos) Thessalonikefs" <george@nlnetlabs.nl> Sun, 04 December 2022 11:01 UTC

Return-Path: <george@nlnetlabs.nl>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D5DCC14CF0F for <dns-privacy@ietfa.amsl.com>; Sun, 4 Dec 2022 03:01:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u813DlgvmzLu for <dns-privacy@ietfa.amsl.com>; Sun, 4 Dec 2022 03:01:44 -0800 (PST)
Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5951BC14F5E1 for <dns-privacy@ietf.org>; Sun, 4 Dec 2022 03:01:43 -0800 (PST)
Received: by mail-ej1-x62b.google.com with SMTP id vv4so21436557ejc.2 for <dns-privacy@ietf.org>; Sun, 04 Dec 2022 03:01:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nlnetlabs.nl; s=google; h=content-transfer-encoding:subject:to:in-reply-to:content-language :from:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=V7cjLQ6ejM+e3L2+NjcVP9PfN7DRrRQXYOHYSdrzwOg=; b=NWUdvmrj893vfxY3Y3uNWBmRqLokoWX9oTFVV6XU7m06eT+qV47kuJLzESUfrAAHvW Gx66Q5MRDgxrXYEriALR7yEEGZnhAuj+rnFKxCL+ac07Ik5zH/gNZtu1BX1idNZLpicO Y6C+5rOQIgEwRiiMguOqFInTHtuwSMrPznQKfkfuVXzjDDdu80SovZr5XAp8Z7acXGoP bLUWqMM1PKxPCo6xZxpZwws+gp+oVwZDom2tngx3naOHJIqgTDalVRD1hZ8Q9OH1lEyS bng/CV6Vdz+RN0t2zxt7sKviG4kQcQIl02AHrKcFHC70nI/g6WbGRrpMMau7byHwEmfr 8gvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:subject:to:in-reply-to:content-language :from:user-agent:mime-version:date:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=V7cjLQ6ejM+e3L2+NjcVP9PfN7DRrRQXYOHYSdrzwOg=; b=PTF4lyU480CX9HBoaAZXEPo3fw0Qa3SxpPnrYPlTtmKxYCIZt7PMt7va4GpyjFwOQE DLJUEnsgY80/fdj21bzIxxgkdDbykxUqbZxlsjHuhzVMoUMDSmXdOoRdUtl8vSMpvffM u0k0m8cAKqt4sQtJunpk5EeKMLHiJa/Grurh1nuo//ezgexPn7BjWjvluyndBo5rF8mA UQJ/vlBWMkM+jKyfbpeF9JgjBIExBUPV2nInTVAZo9x0NKGKw44zCteYs/eponJyX5FK kl4gLOrzmemni2omY6nLhr5+9jKIBziIuKwMn5ku9C/tedyi2rqIBoHy50qwYIkAU93G 3aFg==
X-Gm-Message-State: ANoB5pmfmrqebckPf3wQVjK450AdWwuNE5t5rbZ7OIyLhzs7UVkjMEcZ XAyeXobm3rxPze7CYLxbJSFPBFnxMLWOGeFd
X-Google-Smtp-Source: AA0mqf40Zx0mSDBp9eBsjasAzntsswQNopUpTr26NB142OLT5Julnba9QpnruRJPWoKkLNgkSxFDmg==
X-Received: by 2002:a17:906:ce2b:b0:7c0:cc7e:c783 with SMTP id sd11-20020a170906ce2b00b007c0cc7ec783mr6802124ejb.133.1670151702228; Sun, 04 Dec 2022 03:01:42 -0800 (PST)
Received: from ?IPV6:2a02:a465:9fdd:1:2502:8b6d:e9e7:7c22? (2a02-a465-9fdd-1-2502-8b6d-e9e7-7c22.fixed6.kpn.net. [2a02:a465:9fdd:1:2502:8b6d:e9e7:7c22]) by smtp.gmail.com with ESMTPSA id 10-20020a170906200a00b007ae243c3f05sm4962016ejo.189.2022.12.04.03.01.40 for <dns-privacy@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 04 Dec 2022 03:01:41 -0800 (PST)
Message-ID: <a7aa7f54-13f7-ea92-17af-18f96714defe@nlnetlabs.nl>
Date: Sun, 04 Dec 2022 12:01:38 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.13.1
From: "George (Yorgos) Thessalonikefs" <george@nlnetlabs.nl>
Content-Language: en-US
In-Reply-To: <00d24ff7-45cc-5ec0-5783-57008fcc3e26@desec.io>
To: dns-privacy@ietf.org
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/9SQeRsPyRdzZA6N7y-ZOMP-s8BI>
Subject: [dns-privacy] draft-ietf-dprive-unilateral-probing support/implementation
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Dec 2022 11:01:48 -0000

Dear WG,

NLnet Labs has plans to implement draft-ietf-dprive-unilateral-probing 
in Unbound starting with the IETF116 hackathon.
We expect to only support DoT at first as DoQ support for upstreams is 
not there yet in Unbound.

As Peter said, we also hope for a long-term solution for defending 
against active attackers as well, but operational experience from this 
draft could pave the way forward.

Best regards,
-- Yorgos