IETF Logo Mail Archive

Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]

Stephane Bortzmeyer <bortzmeyer@nic.fr> Thu, 20 March 2014 14:48 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBEA81A08ED for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 07:48:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 70MDybk1beVw for <dns-privacy@ietfa.amsl.com>; Thu, 20 Mar 2014 07:48:16 -0700 (PDT)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fece:1902]) by ietfa.amsl.com (Postfix) with ESMTP id ED2251A074E for <dns-privacy@ietf.org>; Thu, 20 Mar 2014 07:48:15 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 4FE9D3A780; Thu, 20 Mar 2014 15:48:06 +0100 (CET)
Received: by mail.sources.org (Postfix, from userid 1000) id C63F9C9B0F; Thu, 20 Mar 2014 15:45:27 +0100 (CET)
Date: Thu, 20 Mar 2014 15:45:27 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Phillip Hallam-Baker <hallam@gmail.com>
Message-ID: <20140320144527.GA14864@sources.org>
References: <20140320103354.GA14856@nic.fr> <alpine.LSU.2.00.1403201044100.31260@hermes-1.csi.cam.ac.uk> <20140320142020.GA12147@sources.org> <CAMm+Lwjc9BDdFLT+dDX9grpmtcX7N_jkAbMNvjUPrTdy0gh2iA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAMm+Lwjc9BDdFLT+dDX9grpmtcX7N_jkAbMNvjUPrTdy0gh2iA@mail.gmail.com>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 7.3
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/IVKt0dVoQxkkips11ljwdr0k7qQ
Cc: dns-privacy@ietf.org
Subject: Re: [dns-privacy] [internet-drafts@ietf.org: I-D Action: draft-bortzmeyer-dns-qname-minimisation-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Mar 2014 14:48:18 -0000

On Thu, Mar 20, 2014 at 10:30:59AM -0400,
 Phillip Hallam-Baker <hallam@gmail.com> wrote 
 a message of 35 lines which said:

> But we probably need to think of it in terms of the proposed DBOUND
> work

No, this is completely unrelated. Dbound is concerned about
_administrative_ boundaries. Qname minimisation needs only to know the
_technical_ boundaries.

Example: fr and gouv.fr are technically in the same zone (so, requests
with qname minimisation On will go to the same set of name servers)
but they are in different admistrative areas (a HTTP server for
gouv.fr certainly cannot set cookies in fr).

> Heuristics are OK as a transition strategy but I don't like them as a
> long term fixture.

It's not heuristics since it will always produce the same result. And,
more important, it is what all validating resolvers already do. (They
need to know the zone cut to know where to send DNSKEY and DS
requests.)

v2.23.0 | Report a Bug | By Email