IETF Logo Mail Archive

Re: [dns-privacy] what's good enough, or Threat Model

Eric Rescorla <ekr@rtfm.com> Sun, 03 November 2019 00:03 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56CFD120071 for <dns-privacy@ietfa.amsl.com>; Sat, 2 Nov 2019 17:03:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTENhAxIpDGs for <dns-privacy@ietfa.amsl.com>; Sat, 2 Nov 2019 17:03:02 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B25A120020 for <dns-privacy@ietf.org>; Sat, 2 Nov 2019 17:03:02 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id y23so2912522ljh.10 for <dns-privacy@ietf.org>; Sat, 02 Nov 2019 17:03:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=I+BXXEdHztpBFIHHoxWdhAoZ5MZ2AB6DQ0b1JXfiltg=; b=I7OprNxxD3DrYZAVhaI9kCiTaQchi9ufR+kpWemyApXhf4kKOuGcYwBrEcdNqVXbT0 VZ7kqOF3DnL94EVzVx7UT6N6EjU7kXvsNGGSq9ZF2EyqayMi4gpNH2tWENxZ6iKSXMfI zHgks7FI6pUTKFOlOOkUreuINhKcgSXdW/CyCDcCA+Gv+4VQ/jNA5a/GlmeIKgIepBZh ED5VfRBMZjbxkTrt4IjgEHK8jG8BYLRVSio18NRoMzthXw/X1c0Qb/lfr7Ay6bvt5JjX LyhoE0LUlWspnocEKHiA0p66d9yCQie+k1Mw0g3UTNIHbpYOHU8nqa4qeFBCrLwL4pTU ms3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=I+BXXEdHztpBFIHHoxWdhAoZ5MZ2AB6DQ0b1JXfiltg=; b=eT0pkSZl2UeX0oRiLw9T+xgzh4EHpBlFg842mknpxI9/zbVLuoDrEQhOP5CKjTOsnc IYDgZzxccKQFuJR8KEoEzVbaPl8pXBKqQhMOS4Dt4DRWGMxkn4rkebOMrWff3w/KO+O+ 0A2ej3Sha1j6ecLhVRGjWf/Gvdbd87nm2ahmhWXWCMoXUbL5lyy452UmjlFoCBJCOPBi W+LnWm6AIDe1+OiUZn5KTMmiD9lA8Vp/BboeeoLzT+sO7dyH+pRYTfH8LgG9rbW7/5JO 70cXb987jYBi1nQg9m6AxZvGQvLPOQdJGNtiK6CnJitOHW1zJuyZWPVz4R0MyseR06DX cz+Q==
X-Gm-Message-State: APjAAAUy9LkQnRk9X+hm6LOF74Q8bsrLR0WCz5kpP2q1x50xHJNvQJhL UBDAp3IEuHPb8QjuSbswAlIC1GY0CvrAr9TEVbIBA2N3
X-Google-Smtp-Source: APXvYqzli/BD7For9EeGqcpKhrBYt2BMNdAwI3d+9FvOFzHnCGyVS+kbQtspjqB7DpT7ilqCFpAwQvkdmFaQoMW2v7k=
X-Received: by 2002:a2e:420a:: with SMTP id p10mr14091057lja.16.1572739380695; Sat, 02 Nov 2019 17:03:00 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBOBFFi=dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com> <20191102234708.647F6E473E5@ary.local>
In-Reply-To: <20191102234708.647F6E473E5@ary.local>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 02 Nov 2019 17:02:24 -0700
Message-ID: <CABcZeBNwOpYQTQr7hhGYXtTZagSq6QgxNYHra79NnYQkjuWQfg@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: dns-privacy@ietf.org
Content-Type: multipart/alternative; boundary="0000000000001c6c2e059665eca4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Lm6LdPx9--osSqu5MrJN1z0b5gM>
Subject: Re: [dns-privacy] what's good enough, or Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Nov 2019 00:03:07 -0000

On Sat, Nov 2, 2019 at 4:47 PM John Levine <johnl@taugh.com> wrote:

> In article <CABcZeBOBFFi=
> dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com> you write:
> >Conversely, what made opportunistic style approaches viable for
> >SMTP was that there was an existing protocol handshake that
> >could be conveniently adopted to have upward negotiation (STARTTLS). ...
>
> >In this case, I think the relevant question is whether there is some
> >viable mechanism (by which I mean one that people might actually
> >use) by which recursive resolvers would, in talking to an authoritative
> >resolver, detect that that resolver supported secure transport and
> >upgrade.
>
> It's easy enough to imagine an EDNS option that asks whether a server
> supports ADoT, that the client can use as a signal to try again on
> port 853.


Sure. One reason you might be sad about this is that it has an extra round
trip.



> PS: there's always dnscurve
>

Sure. Dnscurve is a variant of the "have a secure reference" approach.

-Ekr

v2.23.0 | Report a Bug | By Email