IETF Logo Mail Archive

Re: [dns-privacy] ADoX experiments (was: Re: Intermediate proposal (what I was saying at the mic))

Brian Haberman <brian@innovationslab.net> Tue, 17 August 2021 12:17 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D90E3A0942 for <dns-privacy@ietfa.amsl.com>; Tue, 17 Aug 2021 05:17:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=innovationslab-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id obV9FhABnfTw for <dns-privacy@ietfa.amsl.com>; Tue, 17 Aug 2021 05:16:56 -0700 (PDT)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE1123A0938 for <dns-privacy@ietf.org>; Tue, 17 Aug 2021 05:16:56 -0700 (PDT)
Received: by mail-qt1-x82b.google.com with SMTP id r21so8857907qtw.11 for <dns-privacy@ietf.org>; Tue, 17 Aug 2021 05:16:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=innovationslab-net.20150623.gappssmtp.com; s=20150623; h=to:references:from:subject:message-id:date:user-agent:mime-version :in-reply-to; bh=iYhShMWK0XTqWJ5tnz0ZUe/uhfl+KREAnkSXYfLGb1g=; b=AY5KU71Q+fhpxRQkPgrFsjaZZjJWcta/sUuAmDi9h9GL4zZ0gnSwih0+qGRTWMUBl5 2WI2WH+RWMAoW5PlK8xQmJsYUbu6rmuNRIc7zIFgBMRWRxW8nOVFv3wIfOxYBUQKxZID urSUOWJyGr3NGexbhj2NSfeJT+1hu2ENg4pvFM2zukW6Yg6nBvlqmSDvDUabW4MSq0T6 exNyRRdcSlzKaZc0S0VdTbd60HV10JVdw4Vqt88DBFQ5Q9oT06l48QEGfiyBbfHPVD1J d2ncYJUQl1/3WYb/H1Ok6BLS1NBTQGgwldBo1HwlP6KGnCF6fcRY4y5h7Iv2kiIGX8Ej p4Xg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:from:subject:message-id:date :user-agent:mime-version:in-reply-to; bh=iYhShMWK0XTqWJ5tnz0ZUe/uhfl+KREAnkSXYfLGb1g=; b=OouhH31EO+c657ZZGxFRMFHmWYBT/6l7p73OlYd/+nVnc1yObdz6JznMpab30FzcMo i5aOrVt5/hbK5uahye6MQsrWjBKKMGdIzOIKdThmpk82wKD2lkaI7TcaIILH6ATh6/V2 6AznGo62pp+rslZQ69YAb3xqXVX2K+60x9gIeTX3Z0TXoYQQHtBxcOxj5yEouG4q8RGo bBWTIOtZKBx9sN7D65HyF986WdFS5sKCAfwkLju5/E5Z0yR6Se/LT0AsP0yS5BUAfUv+ yz54wHcoW3aVJnUub+Ru2sQ4HWae8tdhyDg3erO2NO/SQoYi66tzj1h9MCMbiAJHxLNz 0vfA==
X-Gm-Message-State: AOAM532PKK3qH2B8KvrvIo8ipmIyxC+ovEiXN3xpMW3qCFmWS9OGqkds igu0MkUeXPwG3bD3HYfN/Zf3n4UUACVG2P7U
X-Google-Smtp-Source: ABdhPJz+LFvBa8WLyQpWB5UUBd/NKX1V+z1AOPT2HfRt9JP67V5190slQgtauVgV7HlAKn7c589pRA==
X-Received: by 2002:a05:622a:1746:: with SMTP id l6mr2783600qtk.371.1629202614393; Tue, 17 Aug 2021 05:16:54 -0700 (PDT)
Received: from clemson.local ([2601:5ce:300:84e:ed89:931f:5347:60d9]) by smtp.gmail.com with ESMTPSA id j20sm832457qtj.72.2021.08.17.05.16.53 for <dns-privacy@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Aug 2021 05:16:54 -0700 (PDT)
To: dns-privacy@ietf.org
References: <CABcZeBNRZsyjd-M_hKOwxdqY=Y7oZs5-d4waqPHb9gO-GJNV+Q@mail.gmail.com> <8b2ac283-614e-40d2-b6bf-5e67d5324aaa@www.fastmail.com> <9f184e77-056a-3a49-8832-249d36bbab82@cs.tcd.ie>
From: Brian Haberman <brian@innovationslab.net>
Message-ID: <4cdc1d2f-47cb-9c23-f049-cf1ebf6717a5@innovationslab.net>
Date: Tue, 17 Aug 2021 08:16:53 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <9f184e77-056a-3a49-8832-249d36bbab82@cs.tcd.ie>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="ALDI8Ss4JkE7yLguM1Y8nykCDQC4pRnS2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/T6acR09swN2Nly7v8ZiRCUaGw34>
Subject: Re: [dns-privacy] ADoX experiments (was: Re: Intermediate proposal (what I was saying at the mic))
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2021 12:17:02 -0000

All,
     I want to start working through the details of what Stephen is
proposing below; beginning to do operational experiments to determine
which approach, or approaches, may be viable in the long term. To carry
out such experiments, I believe we need the following:

1. A stable I-D for an approach to providing privacy between recursive
resolvers and authoritative servers,

2. An implementation of the stable I-D in a recursive resolver and in an
authoritative server implementation,

3. At least one authoritative server operator willing to deploy the
experimental implementation,

4. At least one recursive resolver operator willing to deploy the
experimental implementation,

5. An agreed upon set of metrics to assess the operational behavior of
the approach,

Is there a major item missing from the list above? Other aspects of
carrying out such an experiment?

Are there any volunteers to start working on details of such an experiment?

Regards,
Brian

On 8/2/21 9:22 AM, Stephen Farrell wrote:
> 
> Hiya,
> 
> On 02/08/2021 05:21, Martin Thomson wrote:
>> If we decided on a single answer for the first and in the negative
>> for the second, would that make authentication viable? 
> 
> IMO we ought not just "decide" on most of the tricky ADoX
> issues but we should rather document the options sufficient
> to allow people to do experiments and then wait and see how
> those experiments go. I'd say a stable I-D is probably
> enough documentation to allow for experiments and I'd hope
> such experiments could be done in 6-12 months. I'd expect
> we might still be left with a few tricky issues, but that
> a number of those (where we might make wrong choices now)
> would be resolved once people try 'em out.
> 
> So my suggestion is to review the I-Ds we have with a view
> to figuring out what's missing that's needed to allow such
> experiments, fix that and then "park" those I-Ds 'till we
> get results. That could be similar to how drafts are declared
> to be "interop drafts" in other WGs or could be a WGLC-like
> process.
> 
> If we decided to try go that way, I'd be happy to try help
> get some such experiment going.
> 
> Cheers,
> S.
> 
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
>

v2.23.0 | Report a Bug | By Email