Re: [dns-privacy] draft-ietf-dprive-dtls-and-tls-profiles: strict privacy

"Paul Hoffman" <> Fri, 28 October 2016 15:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 756E7129658 for <>; Fri, 28 Oct 2016 08:39:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gRC1SsfG0Boz for <>; Fri, 28 Oct 2016 08:39:35 -0700 (PDT)
Received: from (Opus1.Proper.COM []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 44BB1129ADE for <>; Fri, 28 Oct 2016 08:39:35 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.15.2/8.14.9) with ESMTPSA id u9SFdXCg095903 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 28 Oct 2016 08:39:34 -0700 (MST) (envelope-from
X-Authentication-Warning: Host [] claimed to be []
From: Paul Hoffman <>
To: Sara Dickinson <>
Date: Fri, 28 Oct 2016 08:39:33 -0700
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <>
Cc: "" <>
Subject: Re: [dns-privacy] draft-ietf-dprive-dtls-and-tls-profiles: strict privacy
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 28 Oct 2016 15:39:36 -0000

On 28 Oct 2016, at 3:21, Sara Dickinson wrote:

>> On 27 Oct 2016, at 19:28, Paul Hoffman <> wrote:
>> I will admit that I thought there was just one bottom level of OS in 
>> our discussion, cleartext. If there are two (cleartext; no 
>> communication), the document needs more discussion in multiple places 
>> because it would be surprising to any implementer who didn't follow 
>> the long discussion during the end stages of RFC 7435.
> As the draft stands it is clear about what Strict is and allows for 
> all flavours of OS, essentially leaving it as an implementation 
> choice. If, because of the nature of DNS, the feeling is it makes more 
> sense that Opportunistic _always_ falls back to clear text in order to 
> get service then I can see the value in that. It is just a question of 
> spelling this out clearly in the draft.

Right. However, the draft currently says in a few places that you choose 
opportunistic if you want to be sure you get DNS service. So you either 
have to remove those, or remove the possibility that OS will not go to 

>> Which users do we think would not want to negotiate weak TLS (such as 
>> DES-MD2) but would be willing to go to cleartext? For other than 
>> crypto experts (who are likely to only want Strict), how would weak 
>> TLS be worse than cleartext?
> There was some discussion in Buenos Aires (I think) about an 
> intermediate ‘Relaxed’ mode where a client is willing to use a 
> (weakly) encrypted connection but not willing to fallback to clear 
> text so as to have some protection against passive monitoring. But 
> IIRC the consensus was ‘keep it simple, Strict or Opportunistic’.

I don't remember the conversation, but I really don't remember anyone 
advocating for "more complicated". Strict, 
Opportunistic-only-to-good-crypto, and Opportunistic-to-cleartext is 
more complicated than Strict and Opportunistic-to-cleartext. Users don't 
know how to set "good crypto".

> For me the other ‘intermediate’ case I was really thinking of in 
> the hard-fail case for Opportunistic is when the client does have 
> authentication information configured (as opposed to having none) but 
> the authentication fails.

That's Strict, yes?

> Should there be scope for the client to decide in that case that 
> something is wrong enough it doesn't want to continue? As you say, 
> maybe this is complicating the picture too much.

We can make this as complicated as we want. My goal is to prevent people 
from turning it off when the Internet doesn't work and they find out 
it's because DNS-over-TLS was turned on.

--Paul Hoffman