IETF Logo Mail Archive

Re: [dns-privacy] ADoT signalling

"Livingood, Jason" <Jason_Livingood@comcast.com> Tue, 05 November 2019 15:52 UTC

Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BAC39120132 for <dns-privacy@ietfa.amsl.com>; Tue, 5 Nov 2019 07:52:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b=UWBQjI6z; dkim=pass (2048-bit key) header.d=comcast.com header.b=SGevj7pS; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=comcastcorp.onmicrosoft.com header.b=wu+BmQf8
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BJEbNKckWlRw for <dns-privacy@ietfa.amsl.com>; Tue, 5 Nov 2019 07:52:37 -0800 (PST)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC5081200FA for <dns-privacy@ietf.org>; Tue, 5 Nov 2019 07:52:37 -0800 (PST)
Received: from pps.filterd (m0184889.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xA5Fnj59015241 for <dns-privacy@ietf.org>; Tue, 5 Nov 2019 10:52:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=20190412; bh=qf/l6qNJq1XfKZMLojR+B3pM+Q8ngO0LZdea5uvMZIc=; b=UWBQjI6zPQx7GXfzjGvd289w9+bI3I6mJfZYZoNYORAGlI+eh1KcWILjBtin/icaQ1w4 V9xnEmujw4XhRYrbsqjah/isuZIVA7Z1BekZdRkofOLfKmv+u8y2/HqS6HE6y5RbiY7I Xje9xNJ/g9Gm0YZzjFcESmBHJrA+G7rstFUudiGkFh7WLCWpbQww5WZGTuXMSkG8cJgz s+Gs551t+ag1DGT4hcP77nC68PiN/cRyGCvpHYXntIADLwfqUT2TlJHCbr2c8DweKdE/ 8c0Q07i0NqvKAXhUhxxd62LSsyo8FypRBeQRO6iGhG3yl9wOIlWZfglSYvmXUL7frvXr 3g==
Received: from copdcmhout02.cable.comcast.com (copdcmhout02.cable.comcast.com [96.114.158.212]) by mx0b-00143702.pphosted.com with ESMTP id 2w13n4pks0-133 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dns-privacy@ietf.org>; Tue, 05 Nov 2019 10:52:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190412; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1572969155; x=2436882755; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=qf/l6qNJq1XfKZMLojR+B3pM+Q8ngO0LZdea5uvMZIc=; b=SGevj7pSQDySXqOb9uuCyzEnWU6STLgRr08M4ida2q+pXZN1lPnDsHT5PWEWjm2N DZGR9USjifsFzks7FYFowwsWgkU7hGZyC4wOcB2PfaAoEtFh0xi5L6zWZax5kH3t NRuY5K4MlJcsAAlgb/UBfnuFd9KpHOURc+ffCmR3G9k1KSgP/llFJpXOeUrplH3v LT7P9N8sLBAcLuriqGTdxUXsH6uKjfTgHuwK1iZaK0LC6gWAIlYK2A6q51KvTwV1 EId2kHErHQ9b9kwpSXxm5fepzvteilMV/d15IsZNoJshDg23PAwviwuNTAzDaTgg K1Bdy3Nz9zQre/5cYXWEAA==;
X-AuditID: 60729ed4-04dff7000000a7f4-70-5dc19ac3fe92
Received: from COPDCEXC38.cable.comcast.com (copdcmhoutvip.cable.comcast.com [96.114.156.147]) (using TLS with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by copdcmhout02.cable.comcast.com (SMTP Gateway) with SMTP id 62.41.42996.3CA91CD5; Tue, 5 Nov 2019 08:52:35 -0700 (MST)
Received: from COPDCEX13.cable.comcast.com (147.191.124.144) by COPDCEXC38.cable.comcast.com (147.191.125.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Tue, 5 Nov 2019 08:52:34 -0700
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by COPDCEX13.cable.comcast.com (147.191.124.144) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 5 Nov 2019 08:52:34 -0700
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (104.47.40.53) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 5 Nov 2019 10:52:20 -0500
Received: from BY5PR11MB4403.namprd11.prod.outlook.com (52.132.252.96) by BY5PR11MB4289.namprd11.prod.outlook.com (10.255.89.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Tue, 5 Nov 2019 15:52:18 +0000
Received: from BY5PR11MB4403.namprd11.prod.outlook.com ([fe80::c15e:699c:749e:790a]) by BY5PR11MB4403.namprd11.prod.outlook.com ([fe80::c15e:699c:749e:790a%7]) with mapi id 15.20.2408.024; Tue, 5 Nov 2019 15:52:18 +0000
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: John R Levine <johnl@taugh.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dns-privacy] ADoT signalling
Thread-Index: AQHVkpbRwjxEYTOEe0mrx615qxOllqd7bl4AgAD6ooA=
Date: Tue, 05 Nov 2019 15:52:18 +0000
Message-ID: <27FD42DC-143A-4AEE-A134-16D4BD797BA7@cable.comcast.com>
References: <20191103223335.4395EE54E62@ary.local> <alpine.OSX.2.21.99999.374.1911041454470.70879@ary.local>
In-Reply-To: <alpine.OSX.2.21.99999.374.1911041454470.70879@ary.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
x-originating-ip: [2001:558:1438:aa::6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 71601443-806f-4ac4-bd44-08d762082307
x-ms-traffictypediagnostic: BY5PR11MB4289:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <BY5PR11MB4289D760D15DCBFBFBE547B8C77E0@BY5PR11MB4289.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0212BDE3BE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(136003)(396003)(39860400002)(346002)(366004)(376002)(199004)(189003)(8676002)(305945005)(76176011)(7736002)(80792005)(6306002)(478600001)(6246003)(14444005)(33656002)(71200400001)(71190400001)(6436002)(6486002)(6512007)(256004)(186003)(6506007)(6116002)(66556008)(229853002)(102836004)(91956017)(76116006)(66946007)(66476007)(66446008)(64756008)(81166006)(486006)(99286004)(476003)(2906002)(46003)(316002)(81156014)(58126008)(110136005)(25786009)(5660300002)(966005)(86362001)(2501003)(14454004)(8936002)(2616005)(11346002)(446003); DIR:OUT; SFP:1102; SCL:1; SRVR:BY5PR11MB4289; H:BY5PR11MB4403.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:3; MX:1;
received-spf: None (protection.outlook.com: cable.comcast.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 60mkWqqOp1oX+OzciGR2tmyf4HOujuj4HM8q4kXupDir9tMmfDtuwZiDvlhiMnAJPQeGh+oTZHhZL2+Qn1RBQpCA6tbxs4PjFcokmgOfggWJi9OHtWG+CzjbYUWzm5xDEcxsoZNHZt87CWSpsMrfS8R4MUh9Ab7G5MSLKu4/AtWeFa5aDTDu/s6K16dZHim6GrQPgKY7hAueIckX7shCsPosa5UXqL7ZuD+Ad2HkTehcIyMsJhrgWoS/Dn+5bnWATp0RFZMNWVjnIjYBj+4bmu3oG7OVybJmoh8ERsJHWvjH0Ls2IMEbU9UugMrs1CG1TjpIlgL/4obApbEuU4dle/LctkTsPdjJaXzxQ9du8LQVj1n9gRWJ7Wzvbjj8gaK/BJ6AtWLZ5b5MD6RTmcT8i2BM0uLDSx5UisabgEvgSJEHBs7ubYdzHBpGgf9/+sf7GRa8OzY+SCJLQbJp2KHlze796eEf3QCGO/0n/QcB6Dk=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bruWi4mvVtox04SIh+5ti5ijtCtZVOm/L5aw90wqzby9NsJyLrWi9p+uvkE1MCEZwWxLm8WGXT9dgrpi0r9j59srz+UmoRA1Dayg9yN/DqOy8AKDgIsA5+cRbEMJNRBRKlRanNL3AyH/XsCM1WEbbw7frNicuna64IsZbvt3Ef3wUbpfmFkttYUCtC06pOsI+hCpXxGl69qSGgfg8YQEAtTqEX7LwS1BzovER7CVRGAf5UWzuyb4Q64JONDCk6t+2EDaIMDfis6TxYRYAEwBUhF593aMza3gYUsh390NSy+Y+yRxGQwfWWz12BFo9dNUA+F9YvLsZe5PxcfZG0t2rQ==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xftzTgE+7RmzixsN0vmgO7GkTNW/iO0bfmQ09lL20WM=; b=ZfcsqtL0f1Gsbod1COKhpo8Bb8GVeNp6yXXKryxXQqKsis07ZMZzDWyQfvrNtwsKORDsAgSmohSATW1Lx0sCq5hyO9ygD4dHf0eLUTnOZz+zQjW5CU7EeKoeuSxbmxcBoMEIlwZq/+JXedRY+ItWy/gq/V69vZyyfxKJ2BSHr/HaGPqY9D4xqB/4TJeLhc8H7/OpUeOnGWmebZ6LGWWjGtT5w5THP7rL7H4KDRwWbkUKV6lXk60+AcNZMwLv9aUYtQrR3TXKCOtgRZTy8OjIs0rbCugU6DiFljuLaw+z0EJd7COq+jKLjT1MmIjR9JACVds9F/FEjE//PpctHucwqA==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cable.comcast.com; dmarc=pass action=none header.from=cable.comcast.com; dkim=pass header.d=cable.comcast.com; arc=none
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector2-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xftzTgE+7RmzixsN0vmgO7GkTNW/iO0bfmQ09lL20WM=; b=wu+BmQf8PVcnRc5Xo0ZaR9ZkQcrBRgz/seKz9m6fjNXsFzrIgg/Uk9OrYRELbSSBQjdl5785l9MC78Izdtob9Yxu76R5pLBDYnaS85acYD4eqR3tXEpc6t1EC2QnEEIfwflMZN62h7jbNgcTmKtmDGJXta7CmIMjCsHT02HOv+k=
x-ms-exchange-crosstenant-network-message-id: 71601443-806f-4ac4-bd44-08d762082307
x-ms-exchange-crosstenant-originalarrivaltime: 05 Nov 2019 15:52:18.1175 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: U5fy8pA5sodyixjcO03kmjNhrFZY9FwfqjYmOui/mi4q96FLUnbeXcOMAv/1cR9MxHGSZL8wK7/N5zP5vHV+zH0qCd0lAlXLg/gbRxJpZtM=
x-ms-exchange-transport-crosstenantheadersstamped: BY5PR11MB4289
x-originatororg: cable.comcast.com
Content-Type: text/plain; charset="utf-8"
Content-ID: <DA1BA9400D3E774089CBC5952D90D09B@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrLKsWRmVeSWpSXmKPExsWSUDRnsu7hWQdjDc70ylhsaN3BanG6Zw2T A5PHkiU/mTzubQkNYIpqYLQpyShKTSxxSU1LzStOteNSwAA2Salp+UWprolFOZVBqTmpidiV gVSmpOZklqUW6WM1Rh+rOQldTBlbmhcwFRzgrzjxfQVrA2MPfxcjJ4eEgIlE14FZ7F2MXBxC AkeYJBbfb4NympgkTr+6yAJSJSRwm1Fi22ZNiMRxRok3l78yQzgTmSReHu6Ach4yShw4P5MN pIVNwEzi7sIrzCC2iECIxPkfx8BGCQtoSUx42scIEdeWmLG6lwnCtpI4MnEfWA2LgIrEhrfL wOK8Ai4SN3efYIU4I09i2stj7CA2p4CbxLUjp8DijAJiEt9PrQGrZxYQl7j1ZD4TxHMCEkv2 nGeGsEUlXj7+B1TPwSEqoC9x8K8vRGuKxOKuRVDl6hLNTa/ZIWxZiUvzuxkhbF+Jre/62CBs LYmdU4+xQthSEu9urGOBsLMlZn/8DmWrSWy/dh5qpozElfkHoOZcZ5WYuzQO5AQhgSyJt1ft JjCazkJy9CygDLOApsT6XfoQYQ+JnmeHWCFsRYkp3Q/ZZ4HDRFDi5MwnLAsYWVcx8lma6Rka mugZmlroGRkabWIEJ8p5V3YwXp7ucYhRgINRiYc3afrBWCHWxLLiytxDjBIczEoivDF9QCHe lMTKqtSi/Pii0pzU4kOM0hwsSuK8fGsXxAoJpCeWpGanphakFsFkmTg4pRoYU/dsevCp0kGz f+bmfaziKrOOO83mys+Ntp9gJn899Kay/wu1sqva3sKG/TqzDOfmucycdJ3b6Zrqq8DD6bk/ j4uosp7xcHvdv2JvTaiH388cNQuT3tLLFvFK5mUiJooJq3V2Ryoe1zWr06h54OR6POl0krKd wY/TbyNOi+4us7vXe4BNd44SS3FGoqEWc1FxIgDUAceRkAMAAA==
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-11-02_03:2019-11-01,2019-11-02 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/F9Emk8uQJu6uViuD5IU3_mfNKBk>
Subject: Re: [dns-privacy] ADoT signalling
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 15:52:43 -0000

Very helpful! Some very minor feedback for any potential next version:

- Add reference to draft-bretelle-dprive-dot-for-insecure-delegations-00
- Section 3, 1st para is about auth with secure delegation in conflict with the section title. Perhaps s/Authenticating an insecure delegation/Authentication and describe auth w/secure delegation briefly in a new 3.1. Alternatively, the auth w/secure delegation bit is a tiny section of it's own and what is now S3 becomes S4 with the current section title.

In preparation for IETF-106, we are tracking open Qs for WG discussion at https://github.com/alex-nicat/ietf-dprive-phase2-requirements/issues/20. Feel free to add to that.

Jason

On 11/4/19, 2:56 PM, "dns-privacy on behalf of John R Levine" <dns-privacy-bounces@ietf.org on behalf of johnl@taugh.com> wrote:

    On Sun, 3 Nov 2019, John Levine wrote:
    > I thought it might be useful to make a list of possible ways to signal
    > that a server offers ADoT:
    >
    > https://datatracker.ietf.org/doc/draft-levine-dprive-signal/

    Did another version with more possibilities.

    Regards,
    John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
    Please consider the environment before reading this e-mail. https://jl.ly

    _______________________________________________
    dns-privacy mailing list
    dns-privacy@ietf.org
    https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email