Re: [dns-privacy] ADoT signalling
Christian Huitema <huitema@huitema.net> Mon, 04 November 2019 17:58 UTC
Return-Path: <huitema@huitema.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B16F120B96 for <dns-privacy@ietfa.amsl.com>; Mon, 4 Nov 2019 09:58:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YalKrc72_Hcf for <dns-privacy@ietfa.amsl.com>; Mon, 4 Nov 2019 09:58:29 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5331012083A for <dns-privacy@ietf.org>; Mon, 4 Nov 2019 09:58:28 -0800 (PST)
Received: from xse402.mail2web.com ([66.113.197.148] helo=xse.mail2web.com) by mx66.antispamcloud.com with esmtp (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1iRgcH-0006le-O9 for dns-privacy@ietf.org; Mon, 04 Nov 2019 18:58:20 +0100
Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 476L6B1KTBz4JdZ for <dns-privacy@ietf.org>; Mon, 4 Nov 2019 09:54:42 -0800 (PST)
Received: from [10.5.2.16] (helo=xmail06.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1iRgYr-0000sH-Ve for dns-privacy@ietf.org; Mon, 04 Nov 2019 09:54:42 -0800
Received: (qmail 13071 invoked from network); 4 Nov 2019 17:54:41 -0000
Received: from unknown (HELO [192.168.1.101]) (Authenticated-user:_huitema@huitema.net@[172.58.43.152]) (envelope-sender <huitema@huitema.net>) by xmail06.myhosting.com (qmail-ldap-1.03) with ESMTPA for <johnl@taugh.com>; 4 Nov 2019 17:54:41 -0000
To: Eric Rescorla <ekr@rtfm.com>, Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: dns-privacy@ietf.org, John Levine <johnl@taugh.com>
References: <20191103223335.4395EE54E62@ary.local> <20191104142555.GA10561@nic.fr> <CABcZeBNDPbNznf8dSA8NdVH4TMVJEGGNjR09k4GTyjXWaEm0ZA@mail.gmail.com>
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <711d51d8-8786-6bdd-b95f-d968781b09db@huitema.net>
Date: Mon, 04 Nov 2019 09:54:41 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1
MIME-Version: 1.0
In-Reply-To: <CABcZeBNDPbNznf8dSA8NdVH4TMVJEGGNjR09k4GTyjXWaEm0ZA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------4C7B25F252AEB305640810C0"
Content-Language: en-US
X-Originating-IP: 66.113.197.148
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 66.113.197.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: unsure
X-Spampanel-Outgoing-Evidence: Combined (0.13)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0T9zDZOvA8ND4p2eQxdfzLSpSDasLI4SayDByyq9LIhVxOeRZpiI5hzA rLGfjUdsLETNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGDwPzgJ2Ucltmld9WkfaJBY9Xt FNSzkMWnDricnMrpFJoV49KKCd55gOSzqNpwehlAQVFPFt+4EqMnp4CTDhVg0lKlzDUUdXZXKiJE 9FAeBYpBbCpe79Kozx0nomzoHNuEDksuFaCMmrMT7NyMQX4ROA7GrRD93GuKsil0DsNlfaQNjS91 xLLHjz8tOnVewUzjKn6AaXxoL/FjeXc4guU5t5coTPkiAq+E/1gvF2d40ruQVyADaS6UpCBADjTx teudCa15Ytj/yAhGv8ezOASMHW/bWfgucjnNmABpGhD9TTsjQT2BGVI0EbGkW8Q42wJCdCZm6kTr qH+fmxyzQoG+NtezYqxGMqsKjARq8PBC4qjRn0hhkccum+xyb3k4eNalTAas0edmB2q/yBRqnQY9 Wp4oEuFb796V1/nl3YbqwU/VPb6Z51AWQAUvAUQbV3oqEaMjfjmXaBok2IyAEprch60jiD6XqsJZ tjQxlyCdsezS7hFYrrgoDJ1Cc6n7COT8DpslLKg+hs0EX8fsDBO2tAyaTvx8MDVM7hahsSAkh+uS ax8yVT5LNQc0pviCIZ+V87H2ECndxkpBwp1FkQyHa0qTD2ipD9y2znxCv9uYkc8RFZ4oobg8BBg3 Jq+ntzj0wkLibReBShkaGhhVom3ZNg9mDnaXtu0kZC/OWmUorWihQjznOBr69WOCbFQ/iNu9aSQ8 vLt+XEAUYyC79hR7u3W8TfMUfXZNQGXIjuXCLLr30oVRdoWkGrwIsqMp3d0lz1caQoi44Wcfj1z/ J5tTt7j1ptfltBQnq8NvNwuG6kuhBG0YWFj/7xYZzwR7/PiKfowXlsolACJrkW/vjDp2NmSdEOMf tBjsWb6BDQzjSsG66974nkMwEqjhfSKHlA2Q3p5onVdn12r9xqR15ROHBesyXD9BkbKX7eGI2jGt /RQxL7hrJSk60SF3F6RYOYr2
X-Report-Abuse-To: spam@quarantine11.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Adf-H8OkEFdbtmLOUb1fepoeEOA>
Subject: Re: [dns-privacy] ADoT signalling
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Nov 2019 17:58:37 -0000
On 11/4/2019 7:12 AM, Eric Rescorla wrote: > > > On Mon, Nov 4, 2019 at 6:26 AM Stephane Bortzmeyer <bortzmeyer@nic.fr > <mailto:bortzmeyer@nic.fr>> wrote: > > On Sun, Nov 03, 2019 at 05:33:34PM -0500, > John Levine <johnl@taugh.com <mailto:johnl@taugh.com>> wrote > a message of 14 lines which said: > > > I thought it might be useful to make a list of possible ways to > signal > > that a server offers ADoT: > > I would like also a discussion on whether signaling is 1) good 2) > necessary. > > Even if you get a signal, the reality may be out-of-sync with the > signal, for instance because of a problem on the server side (remember > AAAAs published without checking IPv6 connectivity works) or on the > client side (port 853 blocked). > > > I'm less worried about the latter because I would expect recursive > resolvers to generally be operated by people who are able to establish > their port 853 status. Note that port 853 is a convention. Servers could trivially run multiple services over port 443, and demux based on the ALPN. I suppose that if we see a lot blockage of port 853, servers will just do that -- run on port 443, demux based on ALPN="DoT"... -- Christian Huitema
- [dns-privacy] ADoT signalling John Levine
- Re: [dns-privacy] ADoT signalling Stephane Bortzmeyer
- Re: [dns-privacy] ADoT signalling Stephane Bortzmeyer
- Re: [dns-privacy] ADoT signalling Eric Rescorla
- Re: [dns-privacy] ADoT signalling Stephane Bortzmeyer
- Re: [dns-privacy] ADoT signalling John R Levine
- Re: [dns-privacy] ADoT signalling Eric Rescorla
- Re: [dns-privacy] ADoT signalling Christian Huitema
- Re: [dns-privacy] ADoT signalling John R Levine
- Re: [dns-privacy] ADoT signalling Manu Bretelle
- Re: [dns-privacy] ADoT signalling Livingood, Jason
- Re: [dns-privacy] ADoT signalling Warren Kumari
- Re: [dns-privacy] ADoT signalling John Levine
- Re: [dns-privacy] ADoT signalling Christian Huitema