[dns-privacy] Ben Campbell's Yes on draft-ietf-dprive-dns-over-tls-07: (with COMMENT)
"Ben Campbell" <ben@nostrum.com> Tue, 15 March 2016 03:58 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DB8212D8B2; Mon, 14 Mar 2016 20:58:59 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.16.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20160315035859.11533.34536.idtracker@ietfa.amsl.com>
Date: Mon, 14 Mar 2016 20:58:59 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/CP8qIyrBY79KGUVogvQL6arNSjE>
Cc: tjw.ietf@gmail.com, dns-privacy@ietf.org, draft-ietf-dprive-dns-over-tls@ietf.org, allison.mankin@gmail.com, dprive-chairs@ietf.org
Subject: [dns-privacy] Ben Campbell's Yes on draft-ietf-dprive-dns-over-tls-07: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2016 03:58:59 -0000
Ben Campbell has entered the following ballot position for draft-ietf-dprive-dns-over-tls-07: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dprive-dns-over-tls/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I'm balloting yes, but I do have a few comments/questions: - 3.1, third paragraph: This seems to put normative requirements on clients and servers that do not implement this draft. If that is really needed, then perhaps this needs to update the appropriate base spec(s)? - 3.2, last paragraph: That's a bit of an odd use of SHOULD. I suggest s/SHOULD/can - 3.3: This section seems more about DNS over TCP in general. Is it specific to TLS? Are the 2119 keywords in this section new requirements, or do they describe existing requirements from 5966/7766? (If the latter, please consider stating them with descriptive language rather than normative language.) - 4 and subsections: There seems to be a notable absence of a profile that requires server authentication but does not require pinning. I assume there's a good reason for that which is obvious to people with stronger TLS and/or DNS backgrounds than mine. But it might be helpful to say why. Do (or should) the profiles have anything to say about clear-text fallback if a client cannot connect to the server's DNS-over-TLS port, or the TLS handshake fails? I infer that such fallback should not occur with the pinned profile, but what about the opportunistic profile?
- [dns-privacy] Ben Campbell's Yes on draft-ietf-dp… Ben Campbell
- Re: [dns-privacy] Ben Campbell's Yes on draft-iet… Stephane Bortzmeyer
- Re: [dns-privacy] Ben Campbell's Yes on draft-iet… Stephane Bortzmeyer
- Re: [dns-privacy] Ben Campbell's Yes on draft-iet… Ben Campbell
- Re: [dns-privacy] Ben Campbell's Yes on draft-iet… Sara Dickinson