Re: [dns-privacy] [Ext] Moving forward on draft-ietf-dprive-unauth-to-authoritative

Bill Woodcock <> Sun, 20 June 2021 12:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1B2503A13A2 for <>; Sun, 20 Jun 2021 05:48:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bcivgbmbr9ib for <>; Sun, 20 Jun 2021 05:48:30 -0700 (PDT)
Received: from ( []) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B03C83A13A3 for <>; Sun, 20 Jun 2021 05:48:30 -0700 (PDT)
X-Footer: cGNoLm5ldA==
Received: from ([]) by (Kerio Connect 9.2.7 patch 3) with ESMTPS (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)); Sun, 20 Jun 2021 05:48:03 -0700
From: Bill Woodcock <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_100825D0-0D09-460D-936E-20B88A17DDFB"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Date: Sun, 20 Jun 2021 14:47:59 +0200
In-Reply-To: <>
Cc: Paul Hoffman <>, "" <>
To: Eric Rescorla <>
References: <> <> <> <>
X-Mailer: Apple Mail (2.3654.
Archived-At: <>
Subject: Re: [dns-privacy] [Ext] Moving forward on draft-ietf-dprive-unauth-to-authoritative
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 20 Jun 2021 12:48:35 -0000

> On Jun 20, 2021, at 3:40 AM, Eric Rescorla <> wrote:
> In any case, to the extent to which the WG is going to work solely on the unauthenticated version, it can do so in the existing draft. Having a draft which purports to contain "common features" between the authenticated and unauthenticated use cases is not helpful when basic questions remain.

My personal opinion is that unauth is a problematic half-measure, so I don’t imagine I’ll be using it.  But that’s my personal opinion, and has no bearing on the question of whether the unauth mode should be formalized.  If others see value in it, then, absolutely, it should be formalized so that a common understanding of how it should be done will exist, and interoperability will be maintained.

Likewise, I REALLY WISH the authenticated mode would get moved forward more quickly.

But tying the two together in any way at all seems bad to me.  I don’t see any value at all to turning two documents into three, with externalities, nor, if only one of these modes becomes popular in the long run (which seems the most probably outcome to me) in having it be expressed in an incomplete document with an externality to another document which references a third document that nobody cares about.

So I think I come to the same conclusion as ekr, albeit for different reasons.