Re: [dns-privacy] Datatracker State Update Notice: <draft-ietf-dprive-rfc7626-bis-04.txt>

Eric Rescorla <ekr@rtfm.com> Fri, 06 March 2020 13:33 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C9693A0F8E for <dns-privacy@ietfa.amsl.com>; Fri, 6 Mar 2020 05:33:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ThM2KFX48C89 for <dns-privacy@ietfa.amsl.com>; Fri, 6 Mar 2020 05:32:56 -0800 (PST)
Received: from mail-lf1-x143.google.com (mail-lf1-x143.google.com [IPv6:2a00:1450:4864:20::143]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A40783A0EB2 for <dns-privacy@ietf.org>; Fri, 6 Mar 2020 05:32:55 -0800 (PST)
Received: by mail-lf1-x143.google.com with SMTP id b13so1888607lfb.12 for <dns-privacy@ietf.org>; Fri, 06 Mar 2020 05:32:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M3wahY7Sm4w06uy6/yJtkr3Tw59y+fhndrJwu39C0Sc=; b=Uevezx3pJVyNhWSdz/osWfbrazenBYoLtkTrQGo/2egQ0X0BjEC/g4o3wIamXPrqiP shENxu4UgEJVEoxwV3tnM9HnQH5v2xkM129aHKrPevWdfzeCdE+/mZwAPWQhgX+yzpKv k+1loCxxDJ005uh2mueR1BTFnq27wMPB8qLeUyRDTAMdEKf4URxphHiQ+fKhbJzhkPA/ H1SJ1Oe7sbXz7g2Bo8dUDIDWLG89FTn/S3sbKM4pu6yP3PUyhqKRasqdzfDw0GS0/thi R3USV9p/28Zyj2FGewwLjIcDfbhVHFekioD9Z3Eraw0am9WrnGrQL18hO1MsCjXjUNvc H91w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M3wahY7Sm4w06uy6/yJtkr3Tw59y+fhndrJwu39C0Sc=; b=VOSe8AtdO6rXEoIcGI41+exhdIWVYI2LzUJEuzgxjJ5qpZMaI6Zu8/NIyZ3xNyNiJl qR/7SSgWGS3plN/xxeFR91qDiMI1a58nv+Z8D0UcJwZbxt+Nnsjx58z2swU4yLSdoSbA fTak6z/MjuMXHvomSUm8Zif2G2qb6H9EDK8Ngnf8dV1KJHaUWMCpmH3x4NiKow5uDQaC Quje59fMzbQ6+Dlw5PH0w8vqNX2oY61PBlC1Mjr0PPw98NDDEPUk84vcfCCEq1FLjjfF PxsMYiJvUiRKQWGzgEoEdCAA9Un9YFKwiXkE7hGd2Q9GGIAz8SRe2kjs95weQrZPz3TE pYQQ==
X-Gm-Message-State: ANhLgQ2QSYpEI7mKdhSM8AZ2CdoJ68pgohSKBoNTxWnrQp+YR3frQtgS GeTpvKdYFFL0Yek2eSMSSHBC9Gmneooot2D4K2u2RA==
X-Google-Smtp-Source: ADFU+vtvUOe9AN3gqTu2YQayui4F5ti8HHefvCe/Upq03pjzPK1eHNRbc9JwZmS7o0K187UW11dvmCdDgtLwa17KO9U=
X-Received: by 2002:a19:2247:: with SMTP id i68mr148721lfi.168.1583501573730; Fri, 06 Mar 2020 05:32:53 -0800 (PST)
MIME-Version: 1.0
References: <157955609351.1744.15099511006231348523.idtracker@ietfa.amsl.com> <417BE033-4DE5-452A-BE93-0657C83051BC@cisco.com> <CABcZeBPK3yAaoai4ccd=hSffk5cAhoSC7gnBNqs36x-xJf=R-Q@mail.gmail.com> <503E2696-AB4A-4020-90CC-802D312D23AF@sinodun.com> <CABcZeBOiEu8qO_VHtHc7Fs47Wh0tGDn3ywM5LDZtWoxuHZ_isw@mail.gmail.com> <721AD54C-0324-4400-8492-4AA19A64699D@sinodun.com> <CABcZeBP4CknS=9Y96CqgykChg4H_jrgkaWmHPN4319+nXe=10w@mail.gmail.com> <CAH1iCiobuYitR26Hh0pbYpA_JZoB1a1iMyHJs1FAgW9GtOk56g@mail.gmail.com> <CABcZeBNa-OTEYjnL=+-F=WK3hZiOWmty1S=FC43Fr3CxuCPE_g@mail.gmail.com> <32D26638-2464-4E7B-8869-C65F773EF5F2@sinodun.com>
In-Reply-To: <32D26638-2464-4E7B-8869-C65F773EF5F2@sinodun.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 6 Mar 2020 05:32:17 -0800
Message-ID: <CABcZeBNnAZ1ttKHdtZMwWZGvWAYn3jZBps+hXOBMHQXgaKPUEA@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: Brian Dickson <brian.peter.dickson@gmail.com>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "dprive-chairs@ietf.org" <dprive-chairs@ietf.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>, "draft-ietf-dprive-rfc7626-bis@ietf.org" <draft-ietf-dprive-rfc7626-bis@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cdc09f05a02fb047"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Qssklq7cM3SbLxiflB-13aLl5Dg>
Subject: Re: [dns-privacy] Datatracker State Update Notice: <draft-ietf-dprive-rfc7626-bis-04.txt>
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2020 13:33:06 -0000

On Mon, Mar 2, 2020 at 7:16 AM Sara Dickinson <sara@sinodun.com> wrote:

>
>
> On 29 Feb 2020, at 02:03, Eric Rescorla <ekr@rtfm.com> wrote:
>
>
>
> On Fri, Feb 28, 2020 at 4:50 PM Brian Dickson <
> brian.peter.dickson@gmail.com> wrote:
>
>>
>>
>> On Fri, Feb 28, 2020 at 3:15 PM Eric Rescorla <ekr@rtfm.com> wrote:
>>
>>>
>>>
>>> On Wed, Feb 26, 2020 at 6:19 AM Sara Dickinson <sara@sinodun.com> wrote:
>>>
>>>>
>>>>
>>>> On 23 Jan 2020, at 13:53, Eric Rescorla <ekr@rtfm.com> wrote:
>>>>
>>>> On Thu, Jan 23, 2020 at 5:08 AM Sara Dickinson <sara@sinodun.com>
>>>> wrote:
>>>>
>>>>
>>>>
>>>> On 20 Jan 2020, at 22:37, Eric Rescorla <ekr@rtfm.com> wrote:
>>>>
>>>> Review comments attached:
>>>>
>>>>
>>>> COMMENTS
>>>>> S 3.1.
>>>>> >      described above, and may not have any confidentiality
>>>>> requirements.
>>>>> >      However, the same is not true of a single transaction or a
>>>>> sequence
>>>>> >      of transactions; that transaction is not / should not be
>>>>> public.  A
>>>>> >      typical example from outside the DNS world is: the web site of
>>>>> >      Alcoholics Anonymous is public; the fact that you visit it
>>>>> should not
>>>>> >      be.
>>>>>
>>>>> Well, technically what you want to conceal is the origin of the
>>>>> transaction or its linkage to other transactions. The existence of the
>>>>> query for that A record isn't secret.
>>>>>
>>>>>
>>>>> Suggest:
>>>>>
>>>>> “that transaction (and specifically the origin of that transaction) is
>>>>> not / should not be public."
>>>>>
>>>>
>>>> The parenthetical swallows the main sentence. The accurate thing to say
>>>> is:
>>>>
>>>> In general, the existence of a single query is not sensitive -- though
>>>> there may be exceptions
>>>> for some very low use domains. However, the origin of a given query may
>>>> leak information
>>>> about specific users and the ability to link queries reveals
>>>> information about individual use
>>>> patterns.
>>>>
>>>>
>>>> To fit with existing text suggest:
>>>>
>>>>  However, the same is not true of a single transaction or a sequence
>>>>  of transactions; those transaction are not / should not be public. A
>>>> single
>>>>  transactions reveals both the originator of the query and the query
>>>>  contents which potentially leaks sensitive information about a
>>>> specific user. A
>>>>  typical example from outside the DNS world is: the web site of
>>>>  Alcoholics Anonymous is public; the fact that you visit it should not
>>>>  be.
>>>>
>>>
>>> I find this text a bit clumsy, but OK.
>>>
>>>
>>> Furthermore, the ability to link queries reveals information about
>>>> individual use patterns.
>>>>
>>>
>>> The key thing is "link queries as being from the same user”
>>>
>>
> OK - will include that.
>
>
>
>>>
>>>> <snip>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> S 3.4.2.
>>>>> >      services available.  Given this, the choice of a user to
>>>>> configure a
>>>>> >      single resolver (or a fixed set of resolvers) and an encrypted
>>>>> >      transport to use in all network environments can actually serve
>>>>> to
>>>>> >      identify the user as one that desires privacy and can provide an
>>>>> >      added mechanism to track them as they move across network
>>>>> >      environments.
>>>>>
>>>>> I don't understand this paragraph. It's not the choice of specific
>>>>> resolvers that leaks data, but the choice to turn on encryption, In
>>>>> fact, from an identification purpose, the more resolvers that support
>>>>> encrypted transport, the better signal this is.
>>>>>
>>>>>
>>>>> This was driven by an observation that many early adopters set up
>>>>> their own DoT server and used that from all their devices, which could act
>>>>> as a way to identify that user.
>>>>>
>>>>
>>>> 1. This seems like an edge case.
>>>> 2. We already have plenty of people running their own unencrypted
>>>> resolvers for other reasons.
>>>>
>>>>
>>>> I can live with removing this text, but it does seem there is something
>>>> to say about the fact configuring a single resolver for a device could
>>>> differentiate a user….
>>>>
>>>
>>> Sure, but this has nothing to do with DoH or DoT.
>>>
>>>
>> I think the text might be clearer if the bit "as one that desires privacy
>> and" were removed.
>> The issue isn't whether a specific user desires privacy, it is whether a
>> specific user can be identified and tracked.
>>
>> This RFC update, is about privacy.
>> This particular section is on encrypted transport.
>> This paragraph is highlighting that configuring a static list of
>> resolvers, even if those use encrypted transport, may expose the user to
>> privacy risks due to that constant set of resolvers, as the user moves
>> between networks.
>> And this risk is inversely proportional to the number of users of the
>> resolver.
>> Maybe this last bit needs to be added to emphasis why this is a risk?
>>
>> It's about the fact that DoH/DoT don't protect against this or mitigate
>> it, even if the payload is encrypted. I.e. it doesn't not have anything to
>> do with DoH/DoT; it's bigger than DoH/DoT, and DoH/DoT don't fix the
>> problem.
>>
>
> Yes, I agree with that, but this risk is generic to DNS even if you use
> your own resolver (e.g., pihole) which we know people do. Therefore it does
> not belong in this section as a risk of DoH/DoT..
>
>
> I think the more general case is alluded to in the forth bullet point of
> section 3.4.1 without being called out specifically….
>
> One option would be update the first sentence of that bullet point to say
> “The recursive resolver can be a public DNS service (or a privately run DNS
> resolver hosted on the public internet).” and to add the following sentence
> to the end of the bullet point
>
> “It can be noted that the choice of a user to configure a single resolver
> (even when using an encrypted transport) can actually serve to aid tracking
> of that user as they move across network  environments."
>
> Then remove the fifth paragraph from section 3.4.2?
>

This seems close.

"It can be noted that if the user selects a single infrequently used
resolver (even when using an encrypted transport) it can actually serve to
aid tracking of that user as they move across network  environment"

I think we can agree that using Google Public DNS probably doesn't have
this property.


>
>>
>>>
>>>
>>>>
>>>>
>>>>>
>>>>> S 3.5.1..1.2.
>>>>> >
>>>>> >      o  communicate clearly the change in default to users
>>>>> >
>>>>> >      o  provide configuration options to change the default
>>>>> >
>>>>> >      o  provide configuration options to always use the system
>>>>> resolver
>>>>>
>>>>> I get that you think this is neutral, but all of this is equally true
>>>>> about dynamic discovery via DHCP, it's just that that's the status
>>>>> quo, so you don't notice it. In this context, this text is tendentious.
>>>>>
>>>>>
>>>>> The first paragraph of section 3.5.1.1 talks about the variability of
>>>>> DNS resolution privacy with network (assuming DHCP). I can add some text
>>>>> there to better explain the status quo if you think it is needed. Suggest:
>>>>>
>>>>> “Typically joining a new network requires some form of user action
>>>>> (e.g physically plugging in a cable or selecting a network in a OS
>>>>> dialogue) and so a user is also implicitly choosing to use the
>>>>> DHCP-provided resolver via this action too."
>>>>>
>>>>
>>>> The user has no idea that such a DHCP resolver even exists. And you
>>>> could say the same thing about the user's choice to install an application
>>>> with its own resolver selection logic.
>>>>
>>>>
>>>>
>>>>> I can’t think of a mobile or desktop OS that doesn’t allow users to
>>>>> override the DHCP provided DNS settings…. but I could text about that in
>>>>> section 5.1.1. if you really think it is needed?
>>>>>
>>>>
>>>> This isn't about that. AFAICT most major applications also allow you to
>>>> use the system resolver choices. Rather, the issue here is the repeated
>>>> arguments in this discussion (which you implicitly accept above) that the
>>>> current status quo somehow represents user choice whereas an application
>>>> choosing its own resolver does not. And both this text and your proposed
>>>> text implicitly takes a position on that.
>>>>
>>>>
>>>> I think that is reading quite a bit into the text however, to reduce
>>>> any implicit misinterpretation I propose trying to further align the two
>>>> sections…
>>>>
>>>> 1) Replace the first paragraph in section 3.5.1.1 with the following:
>>>>
>>>> "Given all the above considerations, the choice of recursive resolver
>>>> has direct privacy considerations for end users.  Historically, end user
>>>> devices have used the DHCP-provided local network recursive resolver.
>>>> Because of this, the choice by a user to join a particular network  (e.g.
>>>> by physically plugging in a cable or selecting a network in a OS dialogue)
>>>> also determines the default system DNS resolver selection; the two are
>>>> directly coupled in this model.
>>>>
>>>> The vast majority of users do not change their default system DNS
>>>> settings and so implicitly accept the network settings for DNS. The network
>>>> resolvers have therefore historically been the sole destination for all of
>>>> the DNS queries from a device. These resolvers may have strong, medium, or
>>>> weak privacy policies depending on the network.  Privacy policies for these
>>>> servers may or may not be available and users need to be aware that privacy
>>>> guarantees will vary with network.
>>>>
>>>> All major OS’s expose the system DNS settings and allow users to
>>>> manually override them if desired.”
>>>>
>>>>
>>>> 2) And replace the second paragraph of 3.5.1.1.2  with this:
>>>>
>>>> "Such application-specific settings introduce new control points on end
>>>> user devices for DNS resolution settings in addition to the historically
>>>> used system settings discussed in Section 3.5.1.1. They therefore alter the
>>>> DNS privacy considerations for the device by introducing additional
>>>> destinations for DNS queries.
>>>>
>>>> Users will only be aware that a new control point (with new defaults)
>>>> exists if an application clearly communicates this to the user on install
>>>> or upgrade.
>>>>
>>>
>>> This reflects status quo bias. If you want to say this, then you need to
>>> point out that essentially no OS clearly communicates that it is selecting
>>> the DHCP resolver.
>>>
>>
>> IMHO, this is fair, and probably adds a bit of clarity; perhaps some
>> wordsmithing on the start of 3.5.1.1 would benefit both this and other
>> subsections of 3.5.1.1.
>> Suggestion:
>>
>> Old: "Historically, end user devices have used the DHCP-provided local
>> network recursive resolver, which may have strong, medium, or weak
>> privacy policies depending on the network."
>>
>> New: "Historically, end user devices have used the OS-selected recursive resolver,
>> whose identity is not exposed or discoverable. The OS may have been
>> configured with a static set of resolvers, or may use a DHCP-provided local
>> network resolver. This OS-selected resolver may have strong, medium, or
>> weak privacy policies, which for DHCP provided resolvers may depend on
>> the network."
>>
>> The gist of this is, over-riding the default has effects that the
>> application cannot know, because the OS resolver choice is generally not
>> known, and by extension, the privacy policies cannot be known.
>>
>
> I don't believe this is accurate. In general there are (not that portable)
> mechanisms for determining the DNS configuration, as is done in Chromium:
>
> https://cs.chromium.org/chromium/src/net/dns/?sq=package:chromium&dr=CSs&g=0
>
>
> I’m fine with Ekr’s original suggestion by replacing the last sentence in
> the first paragraph with the following:
>
> "The choice by a user to join a particular network  (e.g. by physically
> plugging in a cable or selecting a network in a OS dialogue) typically
> updates a number of system resources - these can include IP addresses,
> availability of IPv4/IPv6,  DHCP server, and DNS resolver. These individual
> changes, including the change in DNS resolver, are not normally
> communicated directly to the user by the OS when the network is joined. The
> choice of network has historically determined the default system
> DNS resolver selection; the two are directly coupled in this model.
>

WFM.



>
>
>
>
>
>>
>>>
>>>
>>> The vast majority of users do not change default application-specific
>>>> settings and so implicitly accept the application-specific settings for
>>>> DNS. As with network resolvers, these resolvers may have strong, medium, or
>>>> weak privacy policies depending on the application.  Privacy policies for
>>>> these servers may or may not be available and users need to be aware that
>>>> privacy guarantees will vary with each application.
>>>>
>>>> For users to have the ability to inspect and control the
>>>> application-specific DNS settings in a similar fashion to the OS DNS
>>>> settings, each application must also:
>>>>
>>>>    o  expose the default settings to the user
>>>>
>>>>    o  provide configuration options to manually override the default
>>>> settings
>>>>
>>>>    o  provide configuration options to always use the system resolver"
>>>>
>>>
>>> This last point is wrong. The parallel here would be to use the *network
>>> provided* resolver, not the system resolver. I would suggest that you be
>>> less prescriptive about this and just say "applications will need to
>>> provide user-visible options to configure the resolver." I would avoid
>>> "must" (even in lower case) because this is a statement of fact, not a
>>> normative one.
>>>
>>
>
>> No, system resolver is accurate. In addition to not knowing what possible
>> resolver is offered by DHCP, the application can't know if DHCP (i.e.
>> network provided) is even being used -- the system could be using a static
>> choice of resolver, or even other non-DNS resolution services (e.g. NIS+).
>>
>
> It turns out that there are at least three options here:
>
> - Select your own resolver
> - Select the resolver *configured into the system* (AIUI this is what
> Chrome does).
> - Use the system resolver via the conventional API calls.
>
>
> Suggest:
>
> "For users to have the ability to inspect and control the
> application-specific DNS settings in a similar fashion to the OS DNS
> settings, each application also needs to:
>
>    o  expose the default settings to the user
>
>    o  provide configuration options to manually override the default
> settings so that resolution is performed via
>           * user specified resolvers
>           * the resolvers configured into the system settings
>           * the system resolver via conventional API calls
>
> If all such applications are updated to use the system resolver, as
> described in the last bullet point, the device reverts to a single point of
> control for all DNS queries."
>

Hmm.... this seems unduly prescriptive. Perhaps.

For users to have the ability to inspect and control the
application-specific DNS settings in a similar fashion to the OS DNS
settings, each application also needs to expose the default settings
to the users and provide a configuration interface to change them.  If
this interface includes a setting to use the system resolver, then the
device can be reverted to a single point of control for all DNS
queries.

I think this removes the status quo bias. That said, I'd like to hear from
people
who implement their own resolver even for Do53. I know Chrome does
this and I believe it's quite common for SIP stacks due to performance
concerns with the system resolver.

-Ekr



> Sara.
>
>
> -Ekr
>
>
>> Brian
>>
>>>
>>>>
>>>>
>>>>
>>>>> The point in section 3.5..1.1.2  terms of privacy considerations is
>>>>> that any application that uses an application specific DNS setting
>>>>> introduces another control point on the device for the DNS resolution
>>>>> setting (which with the current offerings is independent of the network
>>>>> used), and if or how that is exposed is entirely up to the application. I
>>>>> suggest adding this text at the start of the second paragraph:
>>>>>
>>>>> "Such application-specific settings introduce new control points on
>>>>> end user devices for DNS resolution settings in addition to the
>>>>> historically used system settings."
>>>>>
>>>>
>>>> Well, I suppose this is true, but it's also true of (for instance)
>>>> allowing the user to set a proxy, which we've done forever.
>>>>
>>>>
>>>>
>>>>>
>>>>> S 3.5.1.1.2.
>>>>> >
>>>>> >      Application-specific changes to default destinations for users'
>>>>> DNS
>>>>> >      queries might increase or decrease user privacy - it is highly
>>>>> >      dependent on the network context and the application-specific
>>>>> >      default.  This is an area of active debate and the IETF is
>>>>> working on
>>>>> >      a number of issues related to application-specific DNS settings.
>>>>>
>>>>> This, too, could be said about the current situation.
>>>>>
>>>>>
>>>>> See above.
>>>>>
>>>>
>>>> And my response above..
>>>>
>>>> -Ekr
>>>>
>>>>
>>>>> Sara.
>>>>>
>>>>>
>>>>> On Mon, Jan 20, 2020 at 1:47 PM Eric Vyncke (evyncke) <
>>>>> evyncke@cisco.com> wrote:
>>>>>
>>>>>> Thanks to Sara and Stéphane for the -04 revised I-D.
>>>>>>
>>>>>> After reading the -04, I think that most of the IETF Last Call
>>>>>> comments are addressed (and consensus needs to be balanced -- even for
>>>>>> informational document) and that the document sticks to facts.
>>>>>>
>>>>>> But, as section 3.5.1 ("in the recursive resolvers") raised a lot of
>>>>>> discussions during the first IETF Last Call, and as the authors reacted to
>>>>>> those comments by deep changes in the text, let's have a new IETF Last Call
>>>>>> before proceeding with IESG evaluation.
>>>>>>
>>>>>> Again, thank you to the reviewers and the authors
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> -éric
>>>>>>
>>>>>>
>>>>>> On 20/01/2020, 22:34, "IETF Secretariat" <
>>>>>> ietf-secretariat-reply@ietf.org> wrote:
>>>>>>
>>>>>>     IESG state changed:
>>>>>>
>>>>>>     New State: Last Call Requested
>>>>>>
>>>>>>     (The previous state was Waiting for AD Go-Ahead::AD Followup)
>>>>>>
>>>>>>     The previous last call raised several points. The authors have
>>>>>> worked on those points and this new informational IETF draft has
>>>>>> substantive changes; enough to go trigger a new IETF Last Call.
>>>>>>
>>>>>>     -éric
>>>>>>
>>>>>>     Datatracker URL:
>>>>>> https://datatracker.ietf.org/doc/draft-ietf-dprive-rfc7626-bis/
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> dns-privacy mailing list
>>>>>> dns-privacy@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/dns-privacy
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>> dns-privacy mailing list
>>>> dns-privacy@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/dns-privacy
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>> dns-privacy mailing list
>>> dns-privacy@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dns-privacy
>>>
>>
>