[dns-privacy] Common Features for Encrypted Recursive to Authoritative DNS

Peter van Dijk <peter.van.dijk@powerdns.com> Sun, 02 May 2021 16:55 UTC

Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id AD23D3A11EF for <dns-privacy@ietfa.amsl.com>; Sun, 2 May 2021 09:55:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.102
X-Spam-Level: *
X-Spam-Status: No, score=1.102 tagged_above=-999 required=5 tests=[AC_FROM_MANY_DOTS=2.999, BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 4K0Tx8aO496p for <dns-privacy@ietfa.amsl.com>; Sun, 2 May 2021 09:54:59 -0700 (PDT)
Received: from mx3.open-xchange.com (alcatraz.open-xchange.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9AA43A11ED for <dns-privacy@ietf.org>; Sun, 2 May 2021 09:54:58 -0700 (PDT)
Received: from imap.open-xchange.com (imap.open-xchange.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx3.open-xchange.com (Postfix) with ESMTPSA id 28AB26A012; Sun, 2 May 2021 18:54:56 +0200 (CEST)
Received: from plato ([]) by imap.open-xchange.com with ESMTPSA id iTamCGDZjmA8CwAA3c6Kzw (envelope-from <peter.van.dijk@powerdns.com>); Sun, 02 May 2021 18:54:56 +0200
Message-ID: <4490d7382c7efb10bf5689f655bf890d7b76bed8.camel@powerdns.com>
From: Peter van Dijk <peter.van.dijk@powerdns.com>
To: dns-privacy@ietf.org
Date: Sun, 02 May 2021 18:54:55 +0200
References: <161997426960.11261.17005541940248978884@ietfa.amsl.com>
Organization: PowerDNS.COM B.V.
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5-1.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/IWLo04v-oYlF8nNEHQhUR5zJlG4>
Subject: [dns-privacy] Common Features for Encrypted Recursive to Authoritative DNS
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2021 16:55:04 -0000


in the last two draft revisions of our protocol for unauthenticated
encryption from resolvers to authoritatives, we adopted the SVCB
discovery mechanism from draft-rescorla-dprive-adox-latest-00. This
means that the two documents overlap somewhat, and there would be
effort needed to keep the mechanisms in sync.

To avoid that problem, instead we present here a separate document that
contains the parts that the two protocols have in common. Our draft is
adopted; we understand the authors of the authenticated draft intend to
ask for adoption soon, as well. If the WG adopts this separate
document, we will not have to keep the discovery bits in sync between
the two, and we can hammer out the details of discovery once, in a
single place.

We imagine this would be much more efficient.

- Paul & Peter

-------- Forwarded Message --------
From: internet-drafts@ietf.org
To: Paul Hoffman <paul.hoffman@icann.org>rg>, Peter van Dijk <
Subject: [EXT] New Version Notification for draft-pp-dprive-common-
Date: Sun, 02 May 2021 09:51:09 -0700

A new version of I-D, draft-pp-dprive-common-features-00.txt
has been successfully submitted by Peter van Dijk and posted to the
IETF repository.

Name:		draft-pp-dprive-common-features
Revision:	00
Title:		Common Features for Encrypted Recursive to Authoritative DNS
Document date:	2021-05-02
Group:		Individual Submission
Pages:		7
URL:            https://www.ietf.org/archive/id/draft-pp-dprive-common-features-00.txt
Status:         https://datatracker.ietf.org/doc/draft-pp-dprive-common-features/
Htmlized:       https://datatracker.ietf.org/doc/html/draft-pp-dprive-common-features
Htmlized:       https://tools.ietf.org/html/draft-pp-dprive-common-features-00

   Encryption between recursive and authoritative DNS servers is
   currently being defined in two modes: unauthenticated and fully-
   authenticated.  These two modes have some features in common, and
   this document defines those common features so that the documents
   defining the modes do not need to point to each other.


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat