Re: [dns-privacy] [Step 2] More discussion needed: state your opinion
John Heidemann <johnh@isi.edu> Fri, 16 December 2016 01:04 UTC
Return-Path: <johnh@isi.edu>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 741FC129BEB for <dns-privacy@ietfa.amsl.com>; Thu, 15 Dec 2016 17:04:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.796
X-Spam-Level:
X-Spam-Status: No, score=-9.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-2.896] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u0BMVGELwnak for <dns-privacy@ietfa.amsl.com>; Thu, 15 Dec 2016 17:04:14 -0800 (PST)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10E0C129BC3 for <dns-privacy@ietf.org>; Thu, 15 Dec 2016 17:04:14 -0800 (PST)
Received: from dash.isi.edu (vir.isi.edu [128.9.160.91]) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id uBG13cVT016840; Thu, 15 Dec 2016 17:03:38 -0800 (PST)
Received: from dash.isi.edu (localhost6.localdomain6 [IPv6:::1]) by dash.isi.edu (Postfix) with ESMTP id 66FE8280545; Thu, 15 Dec 2016 17:03:37 -0800 (PST)
From: John Heidemann <johnh@isi.edu>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
In-reply-to: <20161215090916.GC4348@sources.org>
References: <20161213105936.opaqw6hwwkx3txk2@nic.fr> <20161213154625.6b314fe6@pallas.home.time-travellers.org> <11704.1481652111@dash.isi.edu> <20161214124025.4031172a@pallas.home.time-travellers.org> <5872.1481734676@dash.isi.edu> <20161215090916.GC4348@sources.org>
X-url: http://www.isi.edu/~johnh/
MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
Date: Thu, 15 Dec 2016 17:03:37 -0800
Message-ID: <27857.1481850217@dash.isi.edu>
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: johnh@isi.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/HRteEeuw5Zjccck3uWxX__z8snk>
Cc: Shane Kerr <shane@time-travellers.org>, dns-privacy@ietf.org
Subject: Re: [dns-privacy] [Step 2] More discussion needed: state your opinion
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2016 01:04:15 -0000
On Thu, 15 Dec 2016 10:09:16 +0100, Stephane Bortzmeyer wrote: >On Wed, Dec 14, 2016 at 08:57:56AM -0800, > John Heidemann <johnh@isi.edu> wrote > a message of 49 lines which said: > >> There's a bunch of possible trade-offs: client latency, server >> memory, client memory, novelty vs. maturity of design, maturity of >> libraries, support by other groups, design complexity, ... > >Added to the future next version of the draft ><https://github.com/bortzmeyer/ietf-dprive-step-2/commit/5779cbf94605fbcd174bd5d57544150fc636e620> If you're updating, you might also add out protocol agility, something else that has come up in this thread and before. >> You suggested earlier in the thread that rfc7858 was weaker than >> some alternatives for recurisive-to-auth traffic, so I was trying to >> figure out for which metrics you think it is weaker. > >The point was raised by Mukund Sivaraman at the Seoul meeting. If I >remember correctly, his main concern was the state to keep in the >client, because a resolver will talk to hundreds, even thousands of >authoritative name servers. Thank you---state for outgoing connections on a recursive resolver could be an issue, and to my knowledge it has not been studied yet. My initial guess is it's not much different from state for incoming connections on a large authoritative, and that resource limits can be handled the same way (start closing when you're low on resources). But a careful study here would be useful. And of course, there is still state on the recursive resolver if queries are sent over DTLS or IPsec, it's just different state in a slightly different place in the stack. -John Heidemann
- [dns-privacy] [Step 2] More discussion needed: st… Stephane Bortzmeyer
- Re: [dns-privacy] [Step 2] More discussion needed… Shane Kerr
- Re: [dns-privacy] [Step 2] More discussion needed… Stephane Bortzmeyer
- Re: [dns-privacy] [Step 2] More discussion needed… Paul Wouters
- Re: [dns-privacy] [Step 2] More discussion needed… John Heidemann
- Re: [dns-privacy] [Step 2] More discussion needed… Paul Wouters
- Re: [dns-privacy] [Step 2] More discussion needed… Paul Hoffman
- Re: [dns-privacy] [Step 2] More discussion needed… Christian Huitema
- Re: [dns-privacy] [Step 2] More discussion needed… Paul Hoffman
- Re: [dns-privacy] [Step 2] More discussion needed… Ilari Liusvaara
- Re: [dns-privacy] [Step 2] More discussion needed… Stephen Farrell
- Re: [dns-privacy] [Step 2] More discussion needed… Shane Kerr
- Re: [dns-privacy] [Step 2] More discussion needed… Stephane Bortzmeyer
- Re: [dns-privacy] [Step 2] More discussion needed… Stephane Bortzmeyer
- Re: [dns-privacy] [Step 2] More discussion needed… Shane Kerr
- Re: [dns-privacy] [Step 2] More discussion needed… Shane Kerr
- Re: [dns-privacy] [Step 2] More discussion needed… Shane Kerr
- Re: [dns-privacy] [Step 2] More discussion needed… Shane Kerr
- Re: [dns-privacy] [Step 2] More discussion needed… Shane Kerr
- Re: [dns-privacy] [Step 2] More discussion needed… Stephane Bortzmeyer
- Re: [dns-privacy] [Step 2] More discussion needed… Paul Hoffman
- Re: [dns-privacy] [Step 2] More discussion needed… Paul Wouters
- Re: [dns-privacy] [Step 2] More discussion needed… John Heidemann
- Re: [dns-privacy] [Step 2] More discussion needed… Shane Kerr
- Re: [dns-privacy] [Step 2] More discussion needed… Stephane Bortzmeyer
- Re: [dns-privacy] [Step 2] More discussion needed… Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] [Step 2] More discussion needed… Stephane Bortzmeyer
- Re: [dns-privacy] [Step 2] More discussion needed… John Heidemann
- Re: [dns-privacy] [Step 2] More discussion needed… Christian Huitema