IETF Logo Mail Archive

Re: [dns-privacy] [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]

Mikael Abrahamsson <swmike@swm.pp.se> Tue, 19 May 2020 09:51 UTC

Return-Path: <swmike@swm.pp.se>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EC923A0A04 for <dns-privacy@ietfa.amsl.com>; Tue, 19 May 2020 02:51:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=swm.pp.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cGOUyDHFG1iV for <dns-privacy@ietfa.amsl.com>; Tue, 19 May 2020 02:51:48 -0700 (PDT)
Received: from uplift.swm.pp.se (swm.pp.se [212.247.200.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 411CC3A0A02 for <dns-privacy@ietf.org>; Tue, 19 May 2020 02:51:47 -0700 (PDT)
Received: by uplift.swm.pp.se (Postfix, from userid 501) id 95625B2; Tue, 19 May 2020 11:51:44 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=swm.pp.se; s=mail; t=1589881904; bh=RUHkfZ9XPFttd46N31pT8KRz//Rnw0GpAT1cidG0BVw=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=FDLR/7HmywyHMgeoeGqkdMjmJdL8dP83NfEfjUek8g5WZouybSPGm6zwZe6tRzzV5 GxE80UX17fh62Y9qhiGbEGX5jqLv4Z+SMAzk7KvXH8N4RsgLclDL4D/r4IiWj8TxX9 WRVB42rAeExopuOKqGA3seagBRTm9/LH4g+Dwnns=
Received: from localhost (localhost [127.0.0.1]) by uplift.swm.pp.se (Postfix) with ESMTP id 93821B1; Tue, 19 May 2020 11:51:44 +0200 (CEST)
Date: Tue, 19 May 2020 11:51:44 +0200
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Peter van Dijk <peter.van.dijk@powerdns.com>
cc: dns-privacy@ietf.org
In-Reply-To: <a15e2d1df86820f2483516662d3712d8a60161cd.camel@powerdns.com>
Message-ID: <alpine.DEB.2.20.2005191147500.7596@uplift.swm.pp.se>
References: <158987990316.29446.4343920282978207647@ietfa.amsl.com> <a15e2d1df86820f2483516662d3712d8a60161cd.camel@powerdns.com>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
Organization: People's Front Against WWW
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Bkq7FlS13a6KJIvc9x1rTh93yeA>
Subject: Re: [dns-privacy] [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2020 09:51:51 -0000

On Tue, 19 May 2020, Peter van Dijk wrote:

> please find below all details about our proposal for enabling DoT from 
> resolver to authoritative.

Thanks, interesting approach.

Some thoughts...

"If the DoT connection is unsuccessful or the public key
    supplied the server does not match one of the DS digests, the
    resolver MUST NOT fall back to unencrypted Do53."

Can we somehow make this behavior configurable by means of a flag (or 
something) by the domain holder? To say if fallback is ok or not?

Also, when I want to roll keys, can I specify multiple keys during this 
key roll period?

-- 
Mikael Abrahamsson    email: swmike@swm.pp.se

v2.23.0 | Report a Bug | By Email