IETF Logo Mail Archive

Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

Rob Sayre <sayrer@gmail.com> Wed, 31 March 2021 19:55 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AB433A350F for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 12:55:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9k-kBgiOA9K for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 12:55:32 -0700 (PDT)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A95B53A3518 for <dprive@ietf.org>; Wed, 31 Mar 2021 12:55:26 -0700 (PDT)
Received: by mail-il1-x130.google.com with SMTP id f5so80910ilr.9 for <dprive@ietf.org>; Wed, 31 Mar 2021 12:55:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=etYnzVBeN7zQdMJsj/8LsTEYOuptJLSrF5T+OpiOSnE=; b=f3K2IaDVGZsLS6A7e3umJ5guesudK4lATm8zrKKmg1a+CIRBF6nrTuIlQBHylPL+0+ q7Z7MOdax9u1pazqY5Q8Vc7oT/5AB1QWpxghlmmrjs3gxix68lk3BZLHEIAkoKv46VEa DtLc7IaTY6ZYsjOqY9IqzaGTCzEy0TorsnkxJiFXavoHLv7dCn01+y0XrIo8UZh95rJO IggvsHg6cpfa3YwgDEih7ZV13bn1IDDhZlHx3C2Hm7JkuFrMPx15XV91vpsoZeVG/teB QWp9Kx4balCbl5p9quB7/4+9vq71ZCam7T0IAlH84YWg/iv4QzvVuAph8PtoWVk09nZL pO5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=etYnzVBeN7zQdMJsj/8LsTEYOuptJLSrF5T+OpiOSnE=; b=el5zqR11hvq3i4Z8Q73cT8QOdpnfOEA3DDWzHCxInYkHsXSxJnaflfEeWLIHv9j5+W rdxngd88kGQ1DCuKmJix08ZoniPQtgnjEYLF3hhKoScVjML5U6RNE4w280ZtRIbmtukj xB1nJWy8YE/oH2tzjBeJuzZUYCkMlXpFgy0jeSZg2AMeLcgA3GskFsIvPXuILyypyIWY oJ9HHfzgpENcauqsCSZefcU4O6oGaUyFaW9Ks7aNSW7fKcbRJey1DApfn1KoOvYDYbp7 LtZOwmuZgnGdf7JHvWDnye3UOTkMCLcbKdLog7p6U1atbfLzoCUtfv8A1qc9H9kgt7X4 QVYQ==
X-Gm-Message-State: AOAM530vNzY/k6PJowMJrL16i+nHUImyhWgxiEaU9VY/W8R0X5f1ysrZ fCOBCgwa0y8ZpVc3FJrPDFeyQaVqXDGqoYJjEyQ=
X-Google-Smtp-Source: ABdhPJznWFMl3dPSCKQ+gjLAIoG8nrcfXzcrdStiog693kD8RSkNsZL3q/f6uiR7jLBe1zQzLTOfKWPfsa7UDjffRCc=
X-Received: by 2002:a05:6e02:1561:: with SMTP id k1mr3849507ilu.254.1617220525169; Wed, 31 Mar 2021 12:55:25 -0700 (PDT)
MIME-Version: 1.0
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com> <20210331091238.GA10597@nic.fr>
In-Reply-To: <20210331091238.GA10597@nic.fr>
From: Rob Sayre <sayrer@gmail.com>
Date: Wed, 31 Mar 2021 12:55:14 -0700
Message-ID: <CAChr6SxPNVAZMYfZqF+K6Xf8FPGa9ZgHkL-uUvtKMEiJSPmp8Q@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>, "dprive@ietf.org" <dprive@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ed21a405beda7e6e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/TiHkSx34Myq3fWp0dJJ7T2jC1-A>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 19:55:36 -0000

On Wed, Mar 31, 2021 at 2:13 AM Stephane Bortzmeyer <bortzmeyer@nic.fr>
wrote:

> On Tue, Mar 30, 2021 at 05:00:29PM -0700,
>  Rob Sayre <sayrer@gmail.com> wrote
>  a message of 56 lines which said:
>
> > Why can't "The Root Server Operators" run QUIC etc as well as their
> > existing UDP methods?
>
> Just a note that DNS-over-QUIC is far from standard
> currently. <https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/>
> Unlike Dot and DoH.
>

Probably telling that I meant DoH over QUIC. Sorry to be unclear. :)

I still don't understand the resistance here. Some data on what the impact
would be still seems like the most helpful thing to move the conversation
forward. The query volumes in question look big, but not that big, so I
think using existing TLS technologies seems like the best path unless that
can be shown to be impractical. The linked PDF basically says "we don't
want to", without providing much in the way of justification.

thanks,
Rob

v2.23.0 | Report a Bug | By Email