Re: [dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-13.txt
Brian Haberman <brian@innovationslab.net> Tue, 24 October 2023 12:27 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FDCDC15153E for <dns-privacy@ietfa.amsl.com>; Tue, 24 Oct 2023 05:27:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=innovationslab-net.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qDvMJprsCW_V for <dns-privacy@ietfa.amsl.com>; Tue, 24 Oct 2023 05:27:22 -0700 (PDT)
Received: from mail-yw1-x1135.google.com (mail-yw1-x1135.google.com [IPv6:2607:f8b0:4864:20::1135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E0A3C15152F for <dns-privacy@ietf.org>; Tue, 24 Oct 2023 05:27:22 -0700 (PDT)
Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-5a7fb84f6ceso42496737b3.1 for <dns-privacy@ietf.org>; Tue, 24 Oct 2023 05:27:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=innovationslab-net.20230601.gappssmtp.com; s=20230601; t=1698150441; x=1698755241; darn=ietf.org; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=GGlhy/01nJjGfPm6nLScHzf2LdWa87c0B8LWMIGRI8c=; b=JnWdyRCplYyvyb4waHTGL1BqE/nraBnx+nvVEHfN/S6qmQRYqwy0VlLtcjM7ayyDiG FSxCPGL5vFNOA5SCQxxsOJiMUnxg+7EmS55liSJFnp/PvWPHsws+Jr0+olRSVWJAbTJT 3I/ctHNnzyR/Uoqxhob0YUH6wTlRuXScfvJmXJpiLmtmIQyx3u+cDlSuAdNqV5N0CVi1 Bl8SSStPaWYutDfzYGL+ctzk6zzJTY+pRCx4DR2HTDx4KY7f917KAR236M4v7T1K6q0g 44stSXtf9sEa1YuXJ59mqNKF87HmrozHStIm9VpSirtPVhWAmLgjqOhoIbWmFsA5mI7w CVgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698150441; x=1698755241; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=GGlhy/01nJjGfPm6nLScHzf2LdWa87c0B8LWMIGRI8c=; b=QbNB6tPlj2u0c39g8OrSA1PdM+QTfWqt05G745Oqh1HLDv8TmeuV/P1IfE57Tw65jZ OnEMmgk9lpE98WDAiRAxn6hWrpiLVgPjoPwwJjXrJHZoqTu2oCAjzIxscn5Q61pPz3+E qdHTSJtD0AV9imK/B0OSv2gux5D5j6SKrN06MQTV3SebflbhWVFNCrmK0oJ42y1xkI0y 3sUF22i2x64cztOmv/fHDszoZ6OG4UyFcG8be+qkLoozIZA0J3bY00fHm5Z6atQ0zzoj Bqg1KrOX1mLh3IDGADNBp4cSqTe6Lf1Qlv//hkA8WviGk6URZ49a9AqopEkxk6RECQmZ 7k2w==
X-Gm-Message-State: AOJu0YznO/nLLgc2z3LJxqUHDTnPFYXerZYbwFLZawVgWB9+mXpLnX28 j08VtVBilIeMGT3q4eFnVoOW++rvuIgIMFRc9+U=
X-Google-Smtp-Source: AGHT+IGu+mRyf5xOZJaTvgP8UBM0z2+qYLrCbmBlSnT+CnfrWzUrsS/u+YbRHNRvP1YipabXtSCEbA==
X-Received: by 2002:a25:400e:0:b0:d9c:cc27:cc4a with SMTP id n14-20020a25400e000000b00d9ccc27cc4amr10599092yba.32.1698150441162; Tue, 24 Oct 2023 05:27:21 -0700 (PDT)
Received: from [192.168.1.10] ([172.59.221.86]) by smtp.gmail.com with ESMTPSA id z10-20020a25868a000000b00d9cc49edae9sm265455ybk.63.2023.10.24.05.27.20 for <dns-privacy@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 24 Oct 2023 05:27:20 -0700 (PDT)
Message-ID: <675452d7-20e0-b1ca-5e94-8e5fd07330a1@innovationslab.net>
Date: Tue, 24 Oct 2023 08:27:19 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.15.1
Content-Language: en-US
To: dns-privacy@ietf.org
References: <169810184107.63228.7023600749316479666@ietfa.amsl.com>
From: Brian Haberman <brian@innovationslab.net>
In-Reply-To: <169810184107.63228.7023600749316479666@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------VBGXz28UDcefcGjEDDvMSxI7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/RdWH_DFj5eWiexhQo45z2JtfKv8>
Subject: Re: [dns-privacy] I-D Action: draft-ietf-dprive-unilateral-probing-13.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 12:27:24 -0000
DPRIVE WG,
This version should address all comments received during IESG
review. If you have any concerns with the content, please communicate
them in the next few days.
Regards,
Brian
On 10/23/23 6:57 PM, internet-drafts@ietf.org wrote:
> Internet-Draft draft-ietf-dprive-unilateral-probing-13.txt is now available.
> It is a work item of the DNS PRIVate Exchange (DPRIVE) WG of the IETF.
>
> Title: Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS
> Authors: Daniel Kahn Gillmor
> Joey Salazar
> Paul Hoffman
> Name: draft-ietf-dprive-unilateral-probing-13.txt
> Pages: 34
> Dates: 2023-10-23
>
> Abstract:
>
> This document sets out steps that DNS servers (recursive resolvers
> and authoritative servers) can take unilaterally (without any
> coordination with other peers) to defend DNS query privacy against a
> passive network monitor. The steps in this document can be defeated
> by an active attacker, but should be simpler and less risky to deploy
> than more powerful defenses.
>
> The goal of this document is to simplify and speed deployment of
> opportunistic encrypted transport in the recursive-to-authoritative
> hop of the DNS ecosystem. Wider easy deployment of the underlying
> encrypted transport on an opportunistic basis may facilitate the
> future specification of stronger cryptographic protections against
> more powerful attacks.
>
> The IETF datatracker status page for this Internet-Draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/
>
> There is also an HTMLized version available at:
> https://datatracker.ietf.org/doc/html/draft-ietf-dprive-unilateral-probing-13
>
> A diff from the previous version is available at:
> https://author-tools.ietf.org/iddiff?url2=draft-ietf-dprive-unilateral-probing-13
>
> Internet-Drafts are also available by rsync at:
> rsync.ietf.org::internet-drafts
>
>
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
- [dns-privacy] I-D Action: draft-ietf-dprive-unila… internet-drafts
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-u… Brian Haberman