IETF Logo Mail Archive

Re: [dns-privacy] what's good enough, or Threat Model

"John Levine" <johnl@taugh.com> Sat, 02 November 2019 23:47 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33586120071 for <dns-privacy@ietfa.amsl.com>; Sat, 2 Nov 2019 16:47:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=G1vWuZ0f; dkim=pass (1536-bit key) header.d=taugh.com header.b=r+62O6BB
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WWR2c7HCkc_h for <dns-privacy@ietfa.amsl.com>; Sat, 2 Nov 2019 16:47:15 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10A7E120020 for <dns-privacy@ietf.org>; Sat, 2 Nov 2019 16:47:14 -0700 (PDT)
Received: (qmail 65993 invoked from network); 2 Nov 2019 23:47:13 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=101c7.5dbe1581.k1911; i=printer-iecc.com@submit.iecc.com; bh=SsyR4FvZhkOm7Zgcwl2rUY1kowbeNE9gBRD/yGpW2Bo=; b=G1vWuZ0fvv8v/Ol83M2g4a+F9oNIhoferdIwYj9QRE/QWcJnEKi6LHEpnq+EdW1E+m/8vYoxmeJPL9p2Zg30faxuI7XCz4RvGoz9S79KUqT2Pnj/PubaJHo354lzaQaZxhOmStiTKY/UXuquPJWDVr/2ml8fFRCDyjnb8vIzfpAt52kqPhg68UR5QDJQ5miaOHqHP+dfzsrIAc+MoQCeHAy0grcMZrtBJOWlqG4nEZR2BlBsiTcjEWvuckLv65Z1
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=101c7.5dbe1581.k1911; olt=printer-iecc.com@submit.iecc.com; bh=SsyR4FvZhkOm7Zgcwl2rUY1kowbeNE9gBRD/yGpW2Bo=; b=r+62O6BBj83oKKfCj8W3sgoH2D/qhMbxMluc2vqiQEmgqAHRZu7EcAJRHe+VIlcqhFZjQ0UMXtcNAwyI45vjUyLmsjER5bBQPH7SXGG0unE4rDlyYPKL7Wsw7n3efuF36yqcqSn+NZ4YATTwx/wC29qw6ABP/keUpINaAUMacS3FAbO5TZTPWlE0UzsSx0RufT9GCL6msuP0Cn82j6F1iGXu7SdHnu/IKA/Sd0bSM4cTj9qJT2a/7vx5CHD4lTwn
Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 02 Nov 2019 23:47:11 -0000
Received: by ary.local (Postfix, from userid 501) id 647F6E473E5; Sat, 2 Nov 2019 19:47:08 -0400 (EDT)
Date: Sat, 02 Nov 2019 19:47:08 -0400
Message-Id: <20191102234708.647F6E473E5@ary.local>
From: John Levine <johnl@taugh.com>
To: dns-privacy@ietf.org
Cc: ekr@rtfm.com
In-Reply-To: <CABcZeBOBFFi=dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/HxIecFOKND4Ii5DZbcIqmcREfB4>
Subject: Re: [dns-privacy] what's good enough, or Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2019 23:47:16 -0000

In article <CABcZeBOBFFi=dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com> you write:
>Conversely, what made opportunistic style approaches viable for
>SMTP was that there was an existing protocol handshake that
>could be conveniently adopted to have upward negotiation (STARTTLS). ...

>In this case, I think the relevant question is whether there is some
>viable mechanism (by which I mean one that people might actually
>use) by which recursive resolvers would, in talking to an authoritative
>resolver, detect that that resolver supported secure transport and
>upgrade.

It's easy enough to imagine an EDNS option that asks whether a server
supports ADoT, that the client can use as a signal to try again on
port 853.  This is roughly the same amount of traffic as using
STARTTLS in SMTP, but I have no idea whether the DNS crowd would think
it's OK, or too horribly slow, or we're not interested because you can
fake it out and force downgrades.  (SMTP also has that last problem,
of course, at least until MTA-STS and/or signed TLSA.)

R's,
John

PS: there's always dnscurve

v2.23.0 | Report a Bug | By Email