[dns-privacy] Erik Kline's No Objection on draft-ietf-dprive-unilateral-probing-12: (with COMMENT)
Erik Kline via Datatracker <noreply@ietf.org> Sat, 16 September 2023 06:03 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F97DC14CEFD; Fri, 15 Sep 2023 23:03:37 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Erik Kline via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dprive-unilateral-probing@ietf.org, dprive-chairs@ietf.org, dns-privacy@ietf.org, brian@innovationslab.net, tjw.ietf@gmail.com, brian@innovationslab.net
X-Test-IDTracker: no
X-IETF-IDTracker: 11.11.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Erik Kline <ek.ietf@gmail.com>
Message-ID: <169484421725.20540.17499988491702390674@ietfa.amsl.com>
Date: Fri, 15 Sep 2023 23:03:37 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/CGEO65TyKCTUdHPBZKWLxD3RXms>
Subject: [dns-privacy] Erik Kline's No Objection on draft-ietf-dprive-unilateral-probing-12: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Sep 2023 06:03:37 -0000
Erik Kline has entered the following ballot position for draft-ietf-dprive-unilateral-probing-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # Internet AD comments for draft-ietf-dprive-unilateral-probing-12 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments ### S3.1 * A 3rd option for a pool operator is to use a load-balancer that forwards queries/connections on encrypted transports to only those members of the pool known (e.g. via monitoring) to support the given encrypted transport. ### S4.2 * There is no "port closed" ICMP message. There is a Port Unreachable code under the Destination Unreachable type category. * The IP addresses given are not "two A records" but rather the values that might appear in an A Resource Resource and AAAA Resource Record. ### S4.4 * The use of lowercase "must" for the ALPN strings seems a bit odd. Should this section say that the ALPN is a "MUST"? It could perhaps be reworded to say something like "... and if an APLN is included it MUST be <the_thing>". ### S4.6.3 or S8 * I think a very important caveat here is when a node running its own recursive resolver has just joined a network and not yet completed any captive portal probes. Initiating encrypted transport connections prior to satisfying the captive portal testing stage could have negative consequences (especially given the MUST in S4.6.3.4). Whether the state of the captive portal check(s) can be known by the recursive resolver function or not is an implementation-specific matter. Yes, this really only applies to recursive resolvers running on mobile devices, but some devices can actually do this.
- [dns-privacy] Erik Kline's No Objection on draft-… Erik Kline via Datatracker
- Re: [dns-privacy] [Ext] Erik Kline's No Objection… Paul Hoffman
- Re: [dns-privacy] [Ext] Erik Kline's No Objection… Erik Kline