IETF Logo Mail Archive

Re: [dns-privacy] ADoX experiments (was: Re: Intermediate proposal (what I was saying at the mic))

Brian Haberman <brian@innovationslab.net> Tue, 31 August 2021 12:12 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D824B3A117F for <dns-privacy@ietfa.amsl.com>; Tue, 31 Aug 2021 05:12:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=innovationslab-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1uErsb9eKaB2 for <dns-privacy@ietfa.amsl.com>; Tue, 31 Aug 2021 05:11:57 -0700 (PDT)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D9113A1177 for <dns-privacy@ietf.org>; Tue, 31 Aug 2021 05:11:57 -0700 (PDT)
Received: by mail-qk1-x730.google.com with SMTP id 14so19220115qkc.4 for <dns-privacy@ietf.org>; Tue, 31 Aug 2021 05:11:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=innovationslab-net.20150623.gappssmtp.com; s=20150623; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to; bh=7V6JoK0AHd4rgW1zTap/mlFTtprBiuALVje395KzK3M=; b=OSKoKUotAHL1Xbrxh1FKYlQUsekodZrweR1vs1dyx2uR7VkiVzzZdWqXwVl1yQJRt1 JCsSaQvJRiDNZ9QOIChlk2ktX9ONPTGn/tEZNVchVVv6U+jvEym+GozluG8AmO5S1/7e 8oNRD0TKUNIRYwlpvqs3T7QHBvnWoyX1PNKzmXUTxzOf7NxOvqlhTH7pf050bU6aRkbf NI2hpQtFToDaLjaKlunwWgFo22HtkiOuKR2vYbtj+AKE4VfT13aUrIAWLmucq9D9o6HK rl+n3F52dYbIQoaWWffbUoa1ZnhYe1oVmh98jmy/eiq3/1vtYtEstHJ9lnAYlnkI/Wzi snKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to; bh=7V6JoK0AHd4rgW1zTap/mlFTtprBiuALVje395KzK3M=; b=TQGFwg5KwJh0w8j0ay2E2esKEXfxkxIsgZ9PmyPAiuuo7px2BycfxonWoxCwX8CMTM qfz8WEve30YCN9HGbamqx0GV+9PzDVZtwe1lMfVhYaMQGGye6oi6/+KSpL+qQErbp2Cw BdtCPmPKfPOJRBRJ6Frj8/Ypva4fBzi5WGrqy9mZtTUtmMWM9gtK5eaFbNG0F3QYReXs E6VcW6U74JDEMwxjU1ya5cdpYMiFZZhOfWowFIg0CK1HkMOklE6kfVH4x+dZ8gSBcbWu 0RIAy/d+n7EJ75LX+zsHb2RLG8eCRDqerrNqLQUGjz/HUHcm7Ssvcrxw0aDng6YMd7PE ervg==
X-Gm-Message-State: AOAM533UmIhfyhb4yBkJSIYfOoe6SAFshR/mNKuak6HbUDJ82g/v6Luf vB/Od7qPaut8y+YC2Kvnpm7OSWQZoJ72Lg==
X-Google-Smtp-Source: ABdhPJxKSj4DWzlG0tGHUvhMBADCzXkZwdsRxZ2Y6LCIvuEo3DjXwiwRJXKUYz/lm01phfMPaMYWYQ==
X-Received: by 2002:ae9:ef4c:: with SMTP id d73mr2721400qkg.494.1630411915398; Tue, 31 Aug 2021 05:11:55 -0700 (PDT)
Received: from clemson.local ([2601:5ce:300:84e:486b:8417:5f79:22e6]) by smtp.gmail.com with ESMTPSA id j184sm13956580qkd.74.2021.08.31.05.11.54 for <dns-privacy@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 31 Aug 2021 05:11:54 -0700 (PDT)
From: Brian Haberman <brian@innovationslab.net>
To: dns-privacy@ietf.org
References: <CABcZeBNRZsyjd-M_hKOwxdqY=Y7oZs5-d4waqPHb9gO-GJNV+Q@mail.gmail.com> <8b2ac283-614e-40d2-b6bf-5e67d5324aaa@www.fastmail.com> <9f184e77-056a-3a49-8832-249d36bbab82@cs.tcd.ie> <4cdc1d2f-47cb-9c23-f049-cf1ebf6717a5@innovationslab.net>
Message-ID: <1a6d0690-3d03-b265-ac8d-ad5017e2aedf@innovationslab.net>
Date: Tue, 31 Aug 2021 08:11:53 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <4cdc1d2f-47cb-9c23-f049-cf1ebf6717a5@innovationslab.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="mjzsgdmLhMvR1ac5GoBD5gmjpb8TpSedt"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/K9FKME9W2UYsbqj3NDgGe-FWLf4>
Subject: Re: [dns-privacy] ADoX experiments (was: Re: Intermediate proposal (what I was saying at the mic))
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Aug 2021 12:12:02 -0000

Any other volunteers?

On 8/17/21 8:16 AM, Brian Haberman wrote:
> All,
>      I want to start working through the details of what Stephen is
> proposing below; beginning to do operational experiments to determine
> which approach, or approaches, may be viable in the long term. To carry
> out such experiments, I believe we need the following:
> 
> 1. A stable I-D for an approach to providing privacy between recursive
> resolvers and authoritative servers,
> 
> 2. An implementation of the stable I-D in a recursive resolver and in an
> authoritative server implementation,
> 
> 3. At least one authoritative server operator willing to deploy the
> experimental implementation,
> 
> 4. At least one recursive resolver operator willing to deploy the
> experimental implementation,
> 
> 5. An agreed upon set of metrics to assess the operational behavior of
> the approach,
> 
> Is there a major item missing from the list above? Other aspects of
> carrying out such an experiment?
> 
> Are there any volunteers to start working on details of such an experiment?
> 
> Regards,
> Brian
> 
> On 8/2/21 9:22 AM, Stephen Farrell wrote:
>>
>> Hiya,
>>
>> On 02/08/2021 05:21, Martin Thomson wrote:
>>> If we decided on a single answer for the first and in the negative
>>> for the second, would that make authentication viable? 
>>
>> IMO we ought not just "decide" on most of the tricky ADoX
>> issues but we should rather document the options sufficient
>> to allow people to do experiments and then wait and see how
>> those experiments go. I'd say a stable I-D is probably
>> enough documentation to allow for experiments and I'd hope
>> such experiments could be done in 6-12 months. I'd expect
>> we might still be left with a few tricky issues, but that
>> a number of those (where we might make wrong choices now)
>> would be resolved once people try 'em out.
>>
>> So my suggestion is to review the I-Ds we have with a view
>> to figuring out what's missing that's needed to allow such
>> experiments, fix that and then "park" those I-Ds 'till we
>> get results. That could be similar to how drafts are declared
>> to be "interop drafts" in other WGs or could be a WGLC-like
>> process.
>>
>> If we decided to try go that way, I'd be happy to try help
>> get some such experiment going.
>>
>> Cheers,
>> S.
>>
>> _______________________________________________
>> dns-privacy mailing list
>> dns-privacy@ietf.org
>> https://www.ietf.org/mailman/listinfo/dns-privacy
>>
>

v2.23.0 | Report a Bug | By Email