Re: [dns-privacy] [DNSOP] DNS stamps
Vladimír Čunát <vladimir.cunat+ietf@nic.cz> Thu, 09 January 2020 17:19 UTC
Return-Path: <vladimir.cunat+ietf@nic.cz>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 666CC1200A4; Thu, 9 Jan 2020 09:19:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.977
X-Spam-Level:
X-Spam-Status: No, score=-0.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X-Djdl-g5diK; Thu, 9 Jan 2020 09:19:37 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE9B012001A; Thu, 9 Jan 2020 09:19:36 -0800 (PST)
Received: from [IPv6:2001:1488:fffe:6:7147:1edd:e3ca:8bd2] (unknown [IPv6:2001:1488:fffe:6:7147:1edd:e3ca:8bd2]) by mail.nic.cz (Postfix) with ESMTPSA id 44803140CC4; Thu, 9 Jan 2020 18:19:33 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1578590373; bh=zLVtQdWS9EfEQkQRxl5As5ePgezB6c7rmW2tcKZHYeI=; h=From:Date; b=xl0vaWIV/NabOEfhaofGYuAKeA8KWhL9/xN14INoiHj9ufN9ZgSW/ggbrn6Us+bin olgp9FW0v0yO/hjLbi1opJduGPQ+kXd6RZbRrL0D0nKfOj4jKJsQVcPW7a+KsCsWvp FTXIEPy59VePJU0DYQYtIAJzOy+zFYUmSYzmfjZo=
Cc: dns-privacy@ietf.org, dnsop@ietf.org
References: <20200109143554.GA24757@nic.fr> <B0E87CB4-7CD4-4A12-A58C-1A3BEF104540@fugue.com>
From: Vladimír Čunát <vladimir.cunat+ietf@nic.cz>
Message-ID: <c5e55d18-26b5-6103-7f86-031d2699ff42@nic.cz>
Date: Thu, 09 Jan 2020 18:21:15 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0
MIME-Version: 1.0
In-Reply-To: <B0E87CB4-7CD4-4A12-A58C-1A3BEF104540@fugue.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Virus-Scanned: clamav-milter 0.101.4 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/MDgu3OgW-tuxvXDAdBo49sDtHto>
Subject: Re: [dns-privacy] [DNSOP] DNS stamps
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2020 17:19:40 -0000
These stamps do contain interesting ideas, I believe. On 1/9/20 5:13 PM, Ted Lemon wrote: > In order for this to actually be useful, two things would be required. > > 1. The assertions about resolver behavior (e.g., logging, etc) would > have to be signed > [...] Depends what you'd want from the stamps. If the main point is to configure by an URI that's easy to copy&paste, I don't think you really need these details. I imagine you'd copy it from an https site of the operator or got through another trusted (chain of) means. And I'd certainly not expect binding such format to some legal mechanisms, etc... perhaps you could just add policy and some "small print" legalese to that site as well. Someone would need to "author" it here. I don't expect DNSCrypt people to push it forward within IETF. I'm not sure what would happen if WG decides to change the format in an incompatible way, but perhaps that could be avoided. BTW, do we want to keep this (whole) thread in *both* mailing-lists at once? --Vladimir
- [dns-privacy] DNS stamps Stephane Bortzmeyer
- Re: [dns-privacy] [DNSOP] DNS stamps Ted Lemon
- Re: [dns-privacy] [DNSOP] DNS stamps Vladimír Čunát
- Re: [dns-privacy] [DNSOP] DNS stamps Ted Lemon
- Re: [dns-privacy] [DNSOP] DNS stamps Vladimír Čunát
- Re: [dns-privacy] [DNSOP] DNS stamps Dan Wing
- Re: [dns-privacy] [DNSOP] DNS stamps Ted Lemon