Re: [dns-privacy] [Ext] Threat Model

Paul Wouters <paul@nohats.ca> Wed, 06 November 2019 14:15 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE7A512010C for <dns-privacy@ietfa.amsl.com>; Wed, 6 Nov 2019 06:15:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bEzCSoZ6CrOk for <dns-privacy@ietfa.amsl.com>; Wed, 6 Nov 2019 06:15:10 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59D9912087E for <dns-privacy@ietf.org>; Wed, 6 Nov 2019 06:15:10 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 477T7v2z0DzF7p; Wed, 6 Nov 2019 15:15:07 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1573049707; bh=Rlo9+k/xYmfYzzPa46S8L0D9NBjSZPhHG05j7ggBCPs=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=s7zojWIxrF30hWsvbi5N7v6k3r6EwAQ4OeGrNZ7fO2XjpN+N88ZVaVTYxW15Kk26X WGXUQyzVIAkmeYcBp0xF87+G6nZNkogDNoAxzsz96XDg0RTR437A8POzHJKsM6xNRm 1AiJO+advM46jGcfX1sdsnwnlfeW+wAvF86Zy47s=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id MXV-E7y8PrFq; Wed, 6 Nov 2019 15:15:05 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 6 Nov 2019 15:15:04 +0100 (CET)
Received: from [10.163.176.131] (unknown [199.119.233.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id C1E756001610; Wed, 6 Nov 2019 09:15:03 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Paul Wouters <paul@nohats.ca>
X-Mailer: iPhone Mail (16G102)
In-Reply-To: <FC51D8EC-5ADC-4415-82EB-C6C6E4E8D84A@fl1ger.de>
Date: Wed, 06 Nov 2019 09:15:01 -0500
Cc: Warren Kumari <warren@kumari.net>, dns-privacy@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <F0DD4028-2404-4232-90F8-E9937877C261@nohats.ca>
References: <CABcZeBMQEJ=LE8ATQYnJj59srsK47hf4HT3BMMg3X2crVfSUXQ@mail.gmail.com> <CABcZeBOhSYvqPyDcm9zbMYRc03DmPcCKYTYE-uC54=Mm9HMcnQ@mail.gmail.com> <99ee8cd4-9418-2d64-57fd-487b4f2c3a1a@cs.tcd.ie> <CABcZeBOBFFi=dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com> <CAHw9_iLz5No-SKa74To03ida3DHfeKY58CrJFJpLph8FsvzNQQ@mail.gmail.com> <CABcZeBMFDbATVRvJvvs5b4giQ=0B82i76ahv-ffDgWJOzqZccw@mail.gmail.com> <CAHw9_i+e8veeAz+KYXjvchmjKJz6OZHX1pEYx_Tvs8n5xnfBnQ@mail.gmail.com> <6D6233DC-4D7C-45BC-9D4E-08E6E882C1A5@nohats.ca> <alpine.DEB.2.20.1911042035571.29247@grey.csi.cam.ac.uk> <CAH1iCioH86q1CX7A+F8ON4uzpGqipUy8m3iczyNqSKirAsYBQg@mail.gmail.com> <alpine.LRH.2.21.1911041652450.5093@bofh.nohats.ca> <CABcZeBOtY3saJe5DWTu=Jqy5guqdoKPKSR+XYddbvxwxKsxmig@mail.gmail.com> <CAHw9_iKaeT0VEjZfoCi9Nddc+VBBj0JHWDHv+=g3xzvb6L+Nvg@mail.gmail.com> <alpine.LRH.2.21.1911050941090.30046@bofh.nohats.ca> <CAHw9_i+MxMCd7dDO7N0-hc1SDjvBeoLoUvbg4JWDzXyjR0u4xQ@mail.gmail.com> <alpine.LRH.2.21.1911051437000.11602 @bofh.nohats.ca> <CAHw9_iKhaA9Nb+eH92YfzdepU90_DgLyS-ZDaMAehKOFO0ksEA@mail.gmail.com> <FC51D8EC-5ADC-4415-82EB-C6C6E4E8D84A@fl1ger.de>
To: Ralf Weber <dns@fl1ger.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Lj_KGm1bblijQGZrolQBk3aSk-A>
Subject: Re: [dns-privacy] [Ext] Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 14:15:12 -0000

> On Nov 6, 2019, at 04:24, Ralf Weber <dns@fl1ger.de> wrote:
> 
> 
>> 4: without expecting everyone to support DNSSEC.
> Really. I can not see how we design something new that does not take DNSSEC into account.

Indeed. The longer we treat DNSSEC as optional, the longer we will be faced with adoption problems, exactly as with IPv6.

We talk a lot about the DNS camel, but the “avoid DNSSEC” camel has quite the number of pages in RFCs now.

Paul