IETF Logo Mail Archive

Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

Erik Kline <ek.ietf@gmail.com> Wed, 31 March 2021 00:54 UTC

Return-Path: <ek.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 258C23A0CED for <dns-privacy@ietfa.amsl.com>; Tue, 30 Mar 2021 17:54:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2yzBAOwTh6ZT for <dns-privacy@ietfa.amsl.com>; Tue, 30 Mar 2021 17:54:11 -0700 (PDT)
Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com [IPv6:2607:f8b0:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAB3B3A0CEA for <dprive@ietf.org>; Tue, 30 Mar 2021 17:54:11 -0700 (PDT)
Received: by mail-ot1-x330.google.com with SMTP id v24-20020a9d69d80000b02901b9aec33371so17389431oto.2 for <dprive@ietf.org>; Tue, 30 Mar 2021 17:54:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=PcBUtJ6oQWnndRUnLpOnvugL1O5hqpySJnKvYgw+cjY=; b=e7nKmewcWK/kBqtzfBh+45AVXcOwmQ9wHfrZ0Pj3nqjDLXpb/90z3bPvVRQqlgGrMp 16rrA0egTz0SykRNWXdTG3DuJj0qNNoSmosUPK+xZjXN10HKB/8IfAdoQYUD79KwlQdD eAEugxQ6pBvqFoosu7YZPN2rPJO4uSYFARwjt1OOjE7K1QzJODVrPhXWYiJVstswqPwM +CgDomJIJS9FOki/7RySdpx/s0prwsSI9mrqkyTqvKbWc329dWTezh2Us0zeAi/bRWPm o1gsOVKAxsLxB4MOW1O8E2VcvfQXUxNzmCUdzkV2jMRlTfiJRayMl2pCqZOpQmrSx2d5 XtdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PcBUtJ6oQWnndRUnLpOnvugL1O5hqpySJnKvYgw+cjY=; b=OVosgRFWg1nfeN+1sjIXJS34ZaUoXq4m8ebr9V+MC8wFJAVLiBxoL7Esr4kTXDbhVz XyXtR7ZkYb74BhpUqE9YmR6lJrOEW0U6tAOOXV13+ya9Dnln6FKl2g5/NQXMlgkMPszn TncNhaQF1HSVKzbe2wE2ZGlzTRrh6zuSh9rwi75VXU9kH/O113ymsiJ+FAVD9RcVbcN2 vUIXfEOmysyJhzoW5dlszjddJA5l/lNe0IqHn6fNOOijQIWvraTFDVCk9iy8WWb/yL4k hqoDxGNXBOT8KvD0PAwKiWiAZa37wT/oOo+jXDGH47SYQ3W7gXg7Y68OpE2+S8UYyO6R 83nQ==
X-Gm-Message-State: AOAM531XHwTY4LYeVMv41xgb/GfMPPlngg9O4Cuno/nZ+0BOsmj/LRlj uajcLKvdedsQ6+V42Gw8aHkj7zmz9r6C4T2bJ68=
X-Google-Smtp-Source: ABdhPJwOoTtS9CzAjWjUNyYPEbB/s3e4jvtv6Ses3AZsFR7EHlFyk8V3yvX2iE62j0FVzPXGZjNnJmSZvIuDVDaHTWs=
X-Received: by 2002:a9d:4816:: with SMTP id c22mr469859otf.144.1617152050286; Tue, 30 Mar 2021 17:54:10 -0700 (PDT)
MIME-Version: 1.0
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com> <CAMGpriX5rbswMQnjh4gZqsLjh2xUJxjJVxe2rEAVu=RdLAbGFw@mail.gmail.com> <CABcZeBOntrAqq_bVL-y-BP0DZLvYmVMkvKqi8K0D_SFqAfCVXg@mail.gmail.com> <96c2475d-ad93-a442-2003-db6f8782e450@cs.tcd.ie>
In-Reply-To: <96c2475d-ad93-a442-2003-db6f8782e450@cs.tcd.ie>
From: Erik Kline <ek.ietf@gmail.com>
Date: Tue, 30 Mar 2021 17:53:59 -0700
Message-ID: <CAMGpriXdU7_mJh8CQvSiZGQaDUD9aZF=0iYu0yKBS06khAHgng@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Eric Rescorla <ekr@rtfm.com>, "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>, "dprive@ietf.org" <dprive@ietf.org>, Rob Sayre <sayrer@gmail.com>
Content-Type: multipart/alternative; boundary="00000000000081547b05beca8d00"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/ReCaoVX3xVLJsqDtvsZ-tUCUCMM>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 00:54:16 -0000

On Tue, Mar 30, 2021 at 5:33 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> Hiya,
>
> On 31/03/2021 01:24, Eric Rescorla wrote:
> > As I said earlier, this seems overly conservative given our experience
> with
> > large scale TLS-based services.
>
> For the root servers, I don't get why QNAME minimisation
> isn't enough? If it is enough, that'd imply to me that the
> root server operators statement is fine, so long as it
> is only read to apply to root servers and not TLDs.
>

I had to think about this for a bit, because I didn't properly appreciate
that before.

I think, "IN NS com." doesn't reveal much information.  But perhaps "IN NS
sensitive-tld." could have privacy implications for some folks?

>
> > With that said, this doesn't seem to me to present a severe problem:
> there
> > are a relatively small number of TLD servers, so we could probably
> create a
> > lookaside list of which ones support TLS as suggested in
> > draft-rescorla-dprive-adox-latest-00 Section 3,
>
> I agree that the privacy issues with TLD servers are more
> worthy of attention and I guess require encryption if we are
> to improve things. I'm not saying the above draft is a good
> way to handle that, but the problem in querying TLDs is real,
> whereas for root servers it seems to me way less of a deal.
>
> Or... am I confused? (That happens often:-)
>
> Cheers,
> S.
>

v2.23.0 | Report a Bug | By Email