IETF Logo Mail Archive

Re: [dns-privacy] [Ext] Roman Danyliw's No Objection on draft-ietf-dprive-unilateral-probing-12: (with COMMENT)

John Levine <johnl@taugh.com> Wed, 20 September 2023 23:29 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A11CAC1519A5 for <dns-privacy@ietfa.amsl.com>; Wed, 20 Sep 2023 16:29:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.857
X-Spam-Level:
X-Spam-Status: No, score=-1.857 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="C/uDVejL"; dkim=pass (2048-bit key) header.d=taugh.com header.b="N6oAlMUN"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMtOXr8Tjdvo for <dns-privacy@ietfa.amsl.com>; Wed, 20 Sep 2023 16:29:43 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0887C1519A3 for <dns-privacy@ietf.org>; Wed, 20 Sep 2023 16:29:42 -0700 (PDT)
Received: (qmail 22252 invoked from network); 20 Sep 2023 23:29:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=56ea.650b8064.k2309; bh=UdLohFV1bSo4e8LjEhpl/neiyzY3rUNdn5nAX4W3//c=; b=C/uDVejLME319Lrm+IstLUBfbGnvP50sWaO6geWdi3uPuWnZTyaYYP0rK9IH/8Hrh7dV8xn2fA/6uFyltloxToFifpuwVTiVpgGPpVGNatdBrfGHITtfpS+SvRcnQsafvfyZifVwzHoErrS0MMmFrHOsIZI8VduSEtKnIjHaiGYZCLQD4AefYAXiglJjJhKadNYJsqBN9N2p+rWatQFJC9UHzbDgeYM9Z/LSioPdSDJw8Vuss3mwwvX9fNO9vhjD14TlOJ4sl+GkirEstRTQML6GgAfCP+4vshs0BWnBYrBnJ+qZdKxE6P2P0TFveKCdL6zakvnO+Xq+SP0DcBKkCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=56ea.650b8064.k2309; bh=UdLohFV1bSo4e8LjEhpl/neiyzY3rUNdn5nAX4W3//c=; b=N6oAlMUN2lKV25dWC8wY7/6wBI1EnGsP93mnrt/CJ6yROHMweyBBIfnwRt58V73d7rs0vUqLSw2aZOyDUqTKw49wt6k2cLwZbAy7Sk6lcxHABuYHq3bSx/Zh4d11Him3Mk0tyZgeLj8ej6Doqmq2y9BRx4SPX0ldZTtO/clPd3GSbR5jp4ZV3Jg+NYhFWhZer50db0Zl8ce1x54FiEA2LEaB2A9YwEmt3G7OAJNK48VbjIXN2kTPGkj/Wqny0UYuNAD3UvS/FjQmJvxIIY1iLNznkdwcQbc6xxHUPh6nG/qtkqq9EIqWqfI0CyzlntLhTweEI8fyne9Pxt6G+4DMUA==
Received: from ary.local ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 20 Sep 2023 23:29:40 -0000
Received: by ary.local (Postfix, from userid 501) id B0EB9199899B; Wed, 20 Sep 2023 16:29:39 -0700 (PDT)
Date: Wed, 20 Sep 2023 16:29:39 -0700
Message-Id: <20230920232939.B0EB9199899B@ary.local>
From: John Levine <johnl@taugh.com>
To: dns-privacy@ietf.org
Cc: paul.hoffman@icann.org
In-Reply-To: <DAB97721-531B-4373-A2E8-869066EC2107@icann.org>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/O3gd_x4uF9z_VSnQNsJGNZaKVLA>
Subject: Re: [dns-privacy] [Ext] Roman Danyliw's No Objection on draft-ietf-dprive-unilateral-probing-12: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2023 23:29:47 -0000

It appears that Paul Hoffman  <paul.hoffman@icann.org> said:
>Is there widespread availability for "ACME certs" for authoritative DNS name servers that have no web server component reasonably available
>now? When I looked a few years ago, they weren't at all.

I have over 300 certs here all using DNS verification. I use the
acme.sh shell script but there are lots of others. You do need to have
some way to stuff the validation key into the DNS zone but they
provide plugins for a lot of popular DNS providers.

R's,
John

v2.23.0 | Report a Bug | By Email