IETF Logo Mail Archive

Re: [dns-privacy] Fw: Fw: New Version Notification for draft-zuo-dprive-encryption-over-udp-00.txt

Hosnieh Rafiee <hosnieh.rafiee@huawei.com> Fri, 10 July 2015 10:48 UTC

Return-Path: <hosnieh.rafiee@huawei.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 025BA1A9009 for <dns-privacy@ietfa.amsl.com>; Fri, 10 Jul 2015 03:48:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f2shPfVnO0J0 for <dns-privacy@ietfa.amsl.com>; Fri, 10 Jul 2015 03:48:05 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D59A91A9006 for <dns-privacy@ietf.org>; Fri, 10 Jul 2015 03:48:04 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml403-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BYP47869; Fri, 10 Jul 2015 10:47:57 +0000 (GMT)
Received: from LHREML504-MBS.china.huawei.com ([10.125.30.107]) by lhreml403-hub.china.huawei.com ([::1]) with mapi id 14.03.0158.001; Fri, 10 Jul 2015 11:47:46 +0100
From: Hosnieh Rafiee <hosnieh.rafiee@huawei.com>
To: Hosnieh Rafiee <hosnieh.rafiee@huawei.com>, "zuopeng@cnnic.cn" <zuopeng@cnnic.cn>, yaojk <yaojk@cnnic.cn>
Thread-Topic: [dns-privacy] Fw: Fw: New Version Notification for draft-zuo-dprive-encryption-over-udp-00.txt
Thread-Index: AQHQuHye4rByse0ryUaMk/g5u/3cvJ3QDlSAgAEegUaAAjS2AIABDgyIgAACSyCAABWsUA==
Date: Fri, 10 Jul 2015 10:47:45 +0000
Message-ID: <814D0BFB77D95844A01CA29B44CBF8A70157FD2B@lhreml504-mbs>
References: <2015070714161016259349@cnnic.cn>, <CA+9kkMAoRAiiLf7uFKP_UFpfvKpT-d=i_KpNxaFQKXcPaxZkMA@mail.gmail.com>, <2015070815195960707175@cnnic.cn>, <CA+9kkMBN70mQ0ZE5NpPmNSsOpWrSsG8hf+ZysAcUoAyUkvndhQ@mail.gmail.com> <2015071016571191624810@cnnic.cn> <814D0BFB77D95844A01CA29B44CBF8A70157FCEE@lhreml504-mbs>
In-Reply-To: <814D0BFB77D95844A01CA29B44CBF8A70157FCEE@lhreml504-mbs>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.221.82.176]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/MNqGG0UsA9lqj3SyLblcn26Dh70>
Cc: dns-privacy <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Fw: Fw: New Version Notification for draft-zuo-dprive-encryption-over-udp-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 10:48:07 -0000

Follow up,

I think I missed a part that look a bit incorrect.
<snip>
a key agreement value encryption (the session key)....
</snip>

Moreover, the use of CA means that all recursive resolvers need to either pay to a public CA to sign their values so that all clients' stub resolver can verify the server or there is a need to manual exchange of this key. I am not sure how much practical is to have a public CA for each single recursive resolvers and what is the cost of this model and if it is manual key exchange then again back to old problem and old story which is trusted anchors 

Best,
Hosnieh

v2.23.0 | Report a Bug | By Email