IETF Logo Mail Archive

Re: [dns-privacy] Registry framework for draft-ietf-dprive-early-data

Benjamin Kaduk <bkaduk@akamai.com> Fri, 31 July 2020 20:42 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 102623A0B96 for <dns-privacy@ietfa.amsl.com>; Fri, 31 Jul 2020 13:42:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L__7Z-AdCjz2 for <dns-privacy@ietfa.amsl.com>; Fri, 31 Jul 2020 13:41:58 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B603D3A0B93 for <dns-privacy@ietf.org>; Fri, 31 Jul 2020 13:41:58 -0700 (PDT)
Received: from pps.filterd (m0122331.ppops.net [127.0.0.1]) by mx0b-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06VKdbBB006520; Fri, 31 Jul 2020 21:41:57 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=jan2016.eng; bh=hplfIfvYjPoXR4/MDK13JdL4hlc6J/mMfGysMVnnNPY=; b=GgqcX41NH2W5AxuciPPXq1mUpEam0QiaLEBtnelFTTBu3WdsLvwtXkr4hjpm9ixxhh5M 6Lt7EhzTwSOfhPR8I925m/bVhwPBS2EaTeSV3Uxi/mEpdqv3po7ZHhUSSR/Dbr/aRZBb hmjUTWG0m2YuVhVrm0Lbb2MxKvmJJWZ4+f3epTZbB3IBVUFutJGviXWuHszuHadr2nFS u6z2bzXX7qh4/6cx9t2UUUYP1biszQT1OrexlWXv6kjoeNRhxdnEfIV1VFsc6FI0dctA upIkXOJyXEFECN9FtxOuChDWX3IRrhFAUUcqGVOVNH69RlCBcavRq33gHmlWoU4bOD+X Cg==
Received: from prod-mail-ppoint8 (a72-247-45-34.deploy.static.akamaitechnologies.com [72.247.45.34] (may be forged)) by mx0b-00190b01.pphosted.com with ESMTP id 32m65ansty-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 31 Jul 2020 21:41:57 +0100
Received: from pps.filterd (prod-mail-ppoint8.akamai.com [127.0.0.1]) by prod-mail-ppoint8.akamai.com (8.16.0.42/8.16.0.42) with SMTP id 06VKK83n010549; Fri, 31 Jul 2020 16:41:56 -0400
Received: from prod-mail-relay19.dfw02.corp.akamai.com ([172.27.165.173]) by prod-mail-ppoint8.akamai.com with ESMTP id 32kfr6d1w9-1; Fri, 31 Jul 2020 16:41:56 -0400
Received: from akamai.com (sea-lp9yo.kendall.corp.akamai.com [172.19.16.134]) by prod-mail-relay19.dfw02.corp.akamai.com (Postfix) with ESMTP id 78749601FC; Fri, 31 Jul 2020 20:41:55 +0000 (GMT)
Date: Fri, 31 Jul 2020 13:41:54 -0700
From: Benjamin Kaduk <bkaduk@akamai.com>
To: Peter van Dijk <peter.van.dijk@powerdns.com>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Message-ID: <20200731204153.GW20623@akamai.com>
References: <d812edb8-b3b3-d1db-13e8-8da9a945516d@innovationslab.net> <20200722192652.GA486629@LK-Perkele-VII> <20200723115702.GA5505@wakko.flat11.house> <fd84b1c5929f27f43c363c9fe4e5a95c6b9bedab.camel@powerdns.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <fd84b1c5929f27f43c363c9fe4e5a95c6b9bedab.camel@powerdns.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-31_08:2020-07-31, 2020-07-31 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 phishscore=0 mlxlogscore=884 malwarescore=0 bulkscore=0 spamscore=0 suspectscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007310145
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-31_08:2020-07-31, 2020-07-31 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 impostorscore=0 malwarescore=0 priorityscore=1501 mlxscore=0 bulkscore=0 adultscore=0 suspectscore=0 spamscore=0 phishscore=0 clxscore=1011 mlxlogscore=813 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007310146
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/NSuScG5eh1VeuBLyj49jEXa6b-Q>
Subject: Re: [dns-privacy] Registry framework for draft-ietf-dprive-early-data
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 20:42:00 -0000

On Fri, Jul 31, 2020 at 10:32:17PM +0200, Peter van Dijk wrote:
> On Thu, 2020-07-23 at 12:57 +0100, alessandro@ghedini.me wrote:
> > Are you saying we shouldn't have a list of allowed RR types at all and just
> > limiting to QUERY messages is enough? I asked this question at the last meeting
> > and the responses were mixed.
> 
> Looking at the list of types, I can't even guess why these types would
> be safe and others would not be. If you're going to have a list, it
> would be good to explain why those types are on it and the rest is not.

You still need an explanation even if there's not a specific list
(vs. just "all types are allowed").  An application profile allowing the
use of TLS 0-RTT data needs to identify which messages are safe to use
with 0-RTT and I'm quite willing to put up a Discuss point if such guidance
is not backed by compelling reasoning.

-Ben

v2.23.0 | Report a Bug | By Email