Re: [dns-privacy] [Ext] Re: ADoT requirements for authentication?

"John Levine" <johnl@taugh.com> Wed, 30 October 2019 02:36 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C93A1200A3 for <dns-privacy@ietfa.amsl.com>; Tue, 29 Oct 2019 19:36:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=d0xyLuGM; dkim=pass (1536-bit key) header.d=taugh.com header.b=oaqG2RXF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJ449BjYIl_e for <dns-privacy@ietfa.amsl.com>; Tue, 29 Oct 2019 19:36:58 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A1D812009E for <dns-privacy@ietf.org>; Tue, 29 Oct 2019 19:36:58 -0700 (PDT)
Received: (qmail 96186 invoked from network); 30 Oct 2019 02:36:55 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=177b7.5db8f747.k1910; i=printer-iecc.com@submit.iecc.com; bh=RE72gRZ5XKn1i+SlgiLLGHAhZuOegj+ucrbhx23JrHA=; b=d0xyLuGMDrFBiEx5SYwCMU5wucdTL+8cp83s8fd/68PIFmuLXEtpC2evEBb3kR2GUgSOuATEXlvJ21DWhC7Yr8Xx/NQPx6Pm54qApzsNP0wgDMloC2fZIQXmxIx2KvUSfDZGVjxXTYvAyTiC4BOggaq8Ajs/YHA+Y8Aa3E1VvJ4+EGeQGPLqp84FmQQe7vERBCATqc5C0kcxjXIhAkC8kVdN0ZR8pg1KGp002F/7DMbaNXMl8L6vSMtEeuknsECN
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=177b7.5db8f747.k1910; olt=printer-iecc.com@submit.iecc.com; bh=RE72gRZ5XKn1i+SlgiLLGHAhZuOegj+ucrbhx23JrHA=; b=oaqG2RXFSiIBaXsyYgWHflQ6lUBzE528yFLeyHEUw2MI4jC0HXQ7oGGHBpu4XbooMgnd+xbi9asJ4BLpqD9pZmI4E7DsMccH845tKDm4Cu87yrQf3Q7x0DrSZ2jjDyzluB+mbPs/lHgmnZBqqajoKqPisarLnMfmKRAqgRLt+PPMtEM4aZEaUya0QG8BgoSJuZ+8G2PVw+FaDIPkvyW9AJazsXO1U2nDDW7bVjyi4VkSvvFf6dahMJvGnnHyUZ1z
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 30 Oct 2019 02:36:55 -0000
Received: by ary.qy (Postfix, from userid 501) id E8E0FDA518F; Tue, 29 Oct 2019 22:36:54 -0400 (EDT)
Date: Tue, 29 Oct 2019 22:36:54 -0400
Message-Id: <20191030023654.E8E0FDA518F@ary.qy>
From: John Levine <johnl@taugh.com>
To: dns-privacy@ietf.org
Cc: ekr@rtfm.com
In-Reply-To: <CABcZeBP64qr81ccw+cbYy6FuQkgArS=G9_itEt8A_UfN8SO7GA@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Rtjr5plCuncZC07YgJSTwtwv0zA>
Subject: Re: [dns-privacy] [Ext] Re: ADoT requirements for authentication?
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 02:36:59 -0000

In article <CABcZeBP64qr81ccw+cbYy6FuQkgArS=G9_itEt8A_UfN8SO7GA@mail.gmail.com> you write:
>> Yes, it's hard, but I think it's worthwhile, because the prospect of
>> getting the root to offer ADoT seems very distant to me.
>
>Why? Do we have estimates of the load level here as compared to (say) Quad9
>or 1.1.1.1?

The load has nothing to do with it.  Surely you're aware of the morass
of root server administrative politics with acronyms like RSSAC and
RZERC.

On the other hand, running your own root mirror is easy.  Knock
yourself out.

R's,
John