IETF Logo Mail Archive

Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01

"Mankin, Allison" <amankin@verisign.com> Tue, 27 October 2015 16:28 UTC

Return-Path: <amankin@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2D2C1AC39E for <dns-privacy@ietfa.amsl.com>; Tue, 27 Oct 2015 09:28:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MuaDSKp0zqpb for <dns-privacy@ietfa.amsl.com>; Tue, 27 Oct 2015 09:28:37 -0700 (PDT)
Received: from mail-qg0-f99.google.com (mail-qg0-f99.google.com [209.85.192.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8839F1AC39D for <dns-privacy@ietf.org>; Tue, 27 Oct 2015 09:28:37 -0700 (PDT)
Received: by qgem9 with SMTP id m9so10692033qge.0 for <dns-privacy@ietf.org>; Tue, 27 Oct 2015 09:28:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:content-type:mime-version; bh=OdFY4JW8alZziJr95v4+ieNfDXAgGIySxWcq06oOG3g=; b=AIocLcACPPgjTMGasVv+Z/9ALtQLrSaHZpzx/pqefFQOOAzxy85MfHPxElPBjV6Jea xDfx9LuRS3GBt8xnmCTv8tLdkgykEDbCTJ8DkrbmH+HsY7SCmjm31xoLbkV6NphSkwlX aTULUyTLXvH0++bA7mljG/HFhi6rvcfcua2Bqas0jNQtHKbDKOVHBAAcUCzA1Tm+sf+a kwfgO6Jj6CV2sfeJFJpfMHXLqUkOzgevL8MaARy8cS6gZPg6EJWWPFFYjYg82uNTTp7k XWIDwd35kJ4BvuPQb0KwW6Aj2SffOBaCcoawH0NUdwNnPkh4+mbJf0nGnOnxDCt3+OjK Xj4w==
X-Gm-Message-State: ALoCoQnYEIx50e+2eajesMF1F26ZulKQ7dw3bAgJ3owjerRrUxhsLs1yVgjX94+HhBZ1f71fdxho7YiBqlk/IpBQ2e64n7KDsg==
X-Received: by 10.140.93.139 with SMTP id d11mr51623857qge.83.1445963316446; Tue, 27 Oct 2015 09:28:36 -0700 (PDT)
Received: from brn1lxmailout02.verisign.com (brn1lxmailout02.verisign.com. [72.13.63.42]) by smtp-relay.gmail.com with ESMTPS id c138sm1061408qka.10.2015.10.27.09.28.36 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 27 Oct 2015 09:28:36 -0700 (PDT)
X-Relaying-Domain: verisign.com
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout02.verisign.com (8.13.8/8.13.8) with ESMTP id t9RGSZF7002197 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 27 Oct 2015 12:28:35 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0174.001; Tue, 27 Oct 2015 12:28:35 -0400
From: "Mankin, Allison" <amankin@verisign.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>, Sara Dickinson <sara@sinodun.com>
Thread-Topic: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01
Thread-Index: AQHREKoYiTgwojXq0EiHf9wB+YXg555/f6QAgAAI9ACAABnKAIAAEzeAgAAVLQA=
Date: Tue, 27 Oct 2015 16:28:34 +0000
Message-ID: <4FEF4ACE-138C-4298-B102-F43DAB1CA2EF@verisign.com>
References: <CAHw9_i+8Jxs1ZFOUS5DJ46GJugJzQq6NGOMJbDMPgLvT9AZAag@mail.gmail.com> <87fv113gq6.fsf@latte.josefsson.org> <D2500269.1270%paul.hoffman@icann.org> <CAJE_bqf-sEJuq+_oA6stYS=gW2DSuk_ivkpUdo=AEZyX29gcrA@mail.gmail.com> <837F97E2-47E2-4106-B907-DF144EFCF575@sinodun.com> <1f981f52279347f2b0b119a0ac942457@XCH-RCD-017.cisco.com> <9B6EB2BA-35E0-4B2C-8D84-177974D678DF@sinodun.com> <af61d3cb9f0f4d0fbd54b2b4c24d69b6@XCH-RCD-017.cisco.com> <48313B38-AABC-47C1-A236-9C88B3944959@sinodun.com> <4dc5210ebc10401792eafb499d4a13d7@XCH-RCD-017.cisco.com>
In-Reply-To: <4dc5210ebc10401792eafb499d4a13d7@XCH-RCD-017.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.173.152.4]
Content-Type: multipart/signed; boundary="Apple-Mail=_97EE555E-BFA5-4C84-88E4-FC9109A63C31"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/Js2CPMZQaqm9xeP0wODXCQJYloI>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 16:28:40 -0000

My two cents is that the authentication profile for TLS and DTLS should not be the same as a draft with flows. 

I reviewed the flows draft before it was submitted (and thank the authors for responding to initial comments).   Unsurprisingly, the flows draft is almost entirely made up of flows.  I estimate that many will have to change in response to DPRIVE WG review/discussion of the DTLS fragmentation scheme; also, some of them may need to change based on what is finalized for 1.3 in the TLS WG.  In keeping with other precedents at IETF, I’d see the flows draft as an informational document to help implementors/deployers.

The authentication profile for TLS/DTLS is something we can pull together now, with some work by the WG, and I’d expect it to be standards track.  I would not want to delay it for finishing the detailed engineering on the DTLS draft.

Bottom line:  I very much support Sara’s offer to start a stand-alone document for the authentication profile.  Speaking for the TLS authors, we’ll be happy to add language pointing ahead to an authentication profile external to our draft. 

Allison

.


> On Oct 27, 2015, at 11:12 AM, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com> wrote:
> 
>  
>  
> From: Sara Dickinson [mailto:sara@sinodun.com <mailto:sara@sinodun.com>] 
> Sent: Tuesday, October 27, 2015 7:34 PM
> To: Tirumaleswar Reddy (tireddy)
> Cc: dns-privacy@ietf.org <mailto:dns-privacy@ietf.org>
> Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01
>  
>  
> On 27 Oct 2015, at 12:31, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com <mailto:tireddy@cisco.com>> wrote:
> 
> 
> I’m saying I think creating a separate document that specifically covers authentication for both TLS and DTLS makes most sense to me and will be clearer for consumers of the documents.
>  
> [TR] We can move this Section to https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00 <https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00> and that will take care both (D)TLS profile for DNS privacy and authenticating the server.
>  
> I guess this is a decision for the working group since the DTLS draft is adopted, but the above document isn’t.
>  
> [TR] Yes, of course; will do that only after WG feedback and adoption of the draft.
>  
> -Tiru
>  
> Sara. 
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org <mailto:dns-privacy@ietf.org>
> https://www.ietf.org/mailman/listinfo/dns-privacy <https://www.ietf.org/mailman/listinfo/dns-privacy>

v2.23.0 | Report a Bug | By Email