Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
Rob Sayre <sayrer@gmail.com> Wed, 31 March 2021 00:19 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D45AE3A0B8D for <dns-privacy@ietfa.amsl.com>; Tue, 30 Mar 2021 17:19:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWlgou0BVEwH for <dns-privacy@ietfa.amsl.com>; Tue, 30 Mar 2021 17:19:42 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A03333A0B70 for <dprive@ietf.org>; Tue, 30 Mar 2021 17:19:42 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id k8so18279915iop.12 for <dprive@ietf.org>; Tue, 30 Mar 2021 17:19:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XO29N5H/M6D6Vo1ghgoug4pf6OnVUHYlM0hMlj4bmcg=; b=FK5VAsGnj2gigly9DyZ5MZqeNQ9lml9fm3SNVAi98w8tnwFyYHJaHFxAprdF3QhtJ8 pMILSn8fK8zwpMusRK+MeAmZYTio6C/ebmkzEmT/Dqca4wlQzzIxnBckc+RkA+znFzwd kfnrH3Fv2psCU4n2iY2D0ZSCOuR1IIx+B0xm6QOp0qZf852DsKJTW2MswhCjWtlGPtHE u5IBPjEEv9mDC/meTCIs2rhhF4IpdkKf8nhWKuQCxVy2ZEvRb/ENJk7LBd4ByN9yhorM 07uh/fEPqhy3XA5CImX0v10TULMbvY8H1qQbjqNh3HEUMopE6XWupw5pTw+dw2AV4MQ0 0bDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XO29N5H/M6D6Vo1ghgoug4pf6OnVUHYlM0hMlj4bmcg=; b=KVpLnkhgXUSsYo/lCV85vHPuV9Q25ZpdEkYTZmX2QtI0RNDzI8H+GDRXvmfC6Z+p40 IX6TFTuvG0Q/ulGavQTEOY80Hhv8Uopr2RdbQ1/flk4L+Ad+YE8x+lt/mq7jTaQsSucQ JBxnOQ1Jx07H/UzEq60s0n76m/90xnMfKkiHJAHAbeNh752pXQyEUbUnhWsayZyqIKts 4QWp5A4YaXN6d40NzFacbrF6O4N53DrmaAhcQKruylZCEnyvohiZYOPHQG71e1j5NUqM nBPvBLyuLpzo6jTOgeWG0oVnQIM/aYHI384Fc9q5yR2S52u3/9ZlXPZ3wDE7+p3srmO5 lq+w==
X-Gm-Message-State: AOAM53256hSnjFBXx7oX0EgD6zpwCosFPJTFVBwELVEhzQhRTSsHOfRq fO7ZZHR/7XZtzkUwwBtOcQYJf/MQXm6PE45VsK4=
X-Google-Smtp-Source: ABdhPJzEzZXh2ktkiWZmD7/vja6erhAy/QrYOeXpr0FiR4ei8W/F4gNW2MJY2ekOhYXDItZNOn2YvXUT9V1rKe5yWaE=
X-Received: by 2002:a5e:c809:: with SMTP id y9mr358248iol.192.1617149980854; Tue, 30 Mar 2021 17:19:40 -0700 (PDT)
MIME-Version: 1.0
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com> <CAMGpriX5rbswMQnjh4gZqsLjh2xUJxjJVxe2rEAVu=RdLAbGFw@mail.gmail.com>
In-Reply-To: <CAMGpriX5rbswMQnjh4gZqsLjh2xUJxjJVxe2rEAVu=RdLAbGFw@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Tue, 30 Mar 2021 17:19:29 -0700
Message-ID: <CAChr6SxmUf8bb9KZCu8Ytx2uajugPObKpXvgwmBD_rA5km36rQ@mail.gmail.com>
To: Erik Kline <ek.ietf@gmail.com>
Cc: "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>, "dprive@ietf.org" <dprive@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000284ef105beca123a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/UiKXveEeoHtkRO4sULl6G6S9x1o>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 00:19:44 -0000
On Tue, Mar 30, 2021 at 5:08 PM Erik Kline <ek.ietf@gmail.com> wrote: > From my reading the answer, and the whole document, seems to be > summarizable in this one excerpt: > > "Root Server Operators do not feel comfortable being the early > adopters of authoritative DNS encryption and would like to first see > increased deployment in other parts of the DNS hierarchy." > So, as the document says, "attention turns toward providing privacy protection for the next step: recursive resolvers to authoritative servers". Which part of the hierarchy should move next, then? > Seems fair to me, for the time being. > The DNSSEC stuff stood out to me. Why is that even seen as something that would help? thanks, Rob
- [dns-privacy] Root Server Operators Statement on … Hollenbeck, Scott
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Erik Kline
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… Eric Rescorla
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Erik Kline
- Re: [dns-privacy] Root Server Operators Statement… Eric Rescorla
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Vladimír Čunát
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman
- Re: [dns-privacy] Root Server Operators Statement… Frederico A C Neves
- Re: [dns-privacy] Root Server Operators Statement… Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Hollenbeck, Scott
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… Vladimír Čunát
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Andrew Campling
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Andrew Campling
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Christian Huitema
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Tomas Krizek
- Re: [dns-privacy] Root Server Operators Statement… Petr Špaček
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Vittorio Bertola
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- [dns-privacy] DDoS resiliance & DNS-over-TCP (was… Shane Kerr
- Re: [dns-privacy] Root Server Operators Statement… Christian Huitema
- [dns-privacy] RFC7626 and risk/threat analysis Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… John Heidemann
- Re: [dns-privacy] Root Server Operators Statement… Wes Hardaker
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman