Re: [dns-privacy] Next steps for draft-rescorla-dprive-adox

Paul Wouters <paul@nohats.ca> Wed, 12 May 2021 23:40 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5E503A1A63 for <dns-privacy@ietfa.amsl.com>; Wed, 12 May 2021 16:40:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZEJMBcnHqmMG for <dns-privacy@ietfa.amsl.com>; Wed, 12 May 2021 16:40:32 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF0013A1A44 for <dprive@ietf.org>; Wed, 12 May 2021 16:40:31 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4FgWW11QbszKM6; Thu, 13 May 2021 01:40:29 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1620862829; bh=7fvt258isdR0HjmhCXF2ztfh6j/DtUK1oo7Ov6XnnJ8=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=SoI4vOl1CixOfboxfHAwrTUQ8nycNBgtJU8YFakW1En3jj6WdCL9tYCA9sIa90dfx qum3dEgKEIxE5l1RKEs6benFQ+N8CCoYGJDLOZ1l5jxq2E8Jw1oB5SoQlM9s0kuBu/ nEwDlh7eOpRXJygYx3h9/dQiK3D1aJuymG9L7m6A=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id K46h9oCxpN4R; Thu, 13 May 2021 01:40:27 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 13 May 2021 01:40:27 +0200 (CEST)
Received: from smtpclient.apple (unknown [193.110.157.209]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id 01F7B585C5; Wed, 12 May 2021 19:40:26 -0400 (EDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-321AD70A-DD7B-4E83-B3EB-AAAA583ED6D6
Content-Transfer-Encoding: 7bit
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Wed, 12 May 2021 19:40:24 -0400
Message-Id: <39000723-2624-4770-8C54-B96357F24844@nohats.ca>
References: <CAHbrMsB=q-zgEbBB6cM3dimx8hsue93ego7JG8PY=WMPQeYp2w@mail.gmail.com>
Cc: Eric Rescorla <ekr@rtfm.com>, dprive@ietf.org
In-Reply-To: <CAHbrMsB=q-zgEbBB6cM3dimx8hsue93ego7JG8PY=WMPQeYp2w@mail.gmail.com>
To: Ben Schwartz <bemasc@google.com>
X-Mailer: iPhone Mail (18E212)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/RZOqta6gurkJrwJgKn3oeHyaXIE>
Subject: Re: [dns-privacy] Next steps for draft-rescorla-dprive-adox
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2021 23:40:41 -0000

On May 12, 2021, at 18:56, Ben Schwartz <bemasc@google.com> wrote:
> 
> 
>> On Tue, May 11, 2021 at 7:28 PM Paul Wouters <paul@nohats.ca> wrote:
> 
>> You won't be able to rely on these updated for many years to come.
> 
> I agree, but I still think this draft represents a good approach, and we should adopt it.
> 
> In my view, the WG has been stuck trying to choose between principled long-term solutions that will take many years to implement, and ugly hacks that can be deployed quickly.  In fact, I think we should develop both.  This draft is the former, and if we adopt it, we can and should follow with interim solutions that can "upgrade gracefully" over time.

The draft is proposing a fundamental change in the processing of the new proposed RR. It is a major protocol change, as opposed to simply adding a new RR TYPE that works under RFC 3597

That work should not be done in this WG. Any fundamental change in how DNS operates belongs on dnsop (well, dnsext but that role was taken on by dnsop)

Paul