Re: [dns-privacy] [Ext] Intermediate proposal (what I was saying at the mic)

Paul Hoffman <paul.hoffman@icann.org> Fri, 30 July 2021 20:45 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B4D13A101D; Fri, 30 Jul 2021 13:45:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6fkeJBko0ey; Fri, 30 Jul 2021 13:45:29 -0700 (PDT)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B8C33A0FDE; Fri, 30 Jul 2021 13:45:29 -0700 (PDT)
Received: from MBX112-W2-CO-2.pexch112.icann.org (out.mail.icann.org [64.78.33.6]) by ppa3.lax.icann.org (8.16.0.43/8.16.0.43) with ESMTPS id 16UKjSvQ028378 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 30 Jul 2021 20:45:28 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.858.12; Fri, 30 Jul 2021 13:45:27 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0858.012; Fri, 30 Jul 2021 13:45:27 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Robert Evans <evansr=40google.com@dmarc.ietf.org>
CC: Eric Rescorla <ekr@rtfm.com>, "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: [dns-privacy] [Ext] Intermediate proposal (what I was saying at the mic)
Thread-Index: AQHXhXLHsWD2FqJo30eoNTvKfbRb4qtcchkA
Date: Fri, 30 Jul 2021 20:45:27 +0000
Message-ID: <E9298FA0-3236-4BAA-BB7E-D29A36A8B080@icann.org>
References: <CABcZeBNRZsyjd-M_hKOwxdqY=Y7oZs5-d4waqPHb9gO-GJNV+Q@mail.gmail.com> <7514B406-2907-4059-AB59-6F3BAC05B839@icann.org> <CAPp9mx+5YagTBnZsvqtAGUvu+si29WQ15ENePNgD6N-SQ15PuA@mail.gmail.com>
In-Reply-To: <CAPp9mx+5YagTBnZsvqtAGUvu+si29WQ15ENePNgD6N-SQ15PuA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_51CE612E-320A-4FCE-9009-46832EF495A8"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-30_11:2021-07-30, 2021-07-30 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/UN6OsT_r0vnewZx8hpThZwnzoXk>
Subject: Re: [dns-privacy] [Ext] Intermediate proposal (what I was saying at the mic)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jul 2021 20:45:41 -0000

On Jul 30, 2021, at 11:42 AM, Robert Evans <evansr=40google.com@dmarc.ietf.org> wrote:
> 
> On Thu, Jul 29, 2021 at 6:43 PM Paul Hoffman <paul.hoffman@icann.org> wrote:
>> Having a differentiated signal for "I don't expect to be authenticated" would be good for draft-ietf-dprive-unauth-to-authoritative. I also agree with the reasoning of the recursive and auth operators who spoke at the mic.
>> 
> Suppose ADoX specifies that SVCB with alpn=dot but without any authentication params implies the same thing. Would that be good enough?
> 

It would be OK. I prefer explicit statements in either direction versus a default that has to be understood because then later possible additional states will be clearer. Also, as others said at this meeting and earlier meetings, the less likely that it is that an authoritative who is just testing can screw this up, the better.

--Paul Hoffman