[dns-privacy] DS glue
Paul Hoffman <paul.hoffman@icann.org> Fri, 06 August 2021 16:12 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 388363A34C6 for <dns-privacy@ietfa.amsl.com>; Fri, 6 Aug 2021 09:12:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PI7JXtOZWqzP for <dns-privacy@ietfa.amsl.com>; Fri, 6 Aug 2021 09:12:41 -0700 (PDT)
Received: from ppa5.dc.icann.org (ppa5.dc.icann.org [192.0.46.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 585C43A34C5 for <dns-privacy@ietf.org>; Fri, 6 Aug 2021 09:12:41 -0700 (PDT)
Received: from MBX112-E2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.7]) by ppa5.dc.icann.org (8.16.0.43/8.16.0.43) with ESMTPS id 176GCbES004072 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 6 Aug 2021 16:12:37 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.858.15; Fri, 6 Aug 2021 09:12:36 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0858.015; Fri, 6 Aug 2021 09:12:36 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Ben Schwartz <bemasc@google.com>
CC: DNS Privacy Working Group <dns-privacy@ietf.org>
Thread-Topic: DS glue
Thread-Index: AQHXit3e1jesZ09S+E61Zk3LnW0l6A==
Date: Fri, 06 Aug 2021 16:12:36 +0000
Message-ID: <936E4261-D804-43B8-B3BB-9D309F8CFAF4@icann.org>
References: <CAHbrMsAXFiPT_P_hdWXborXnbw3YagjW6aXXvGJnxWbtRofB2g@mail.gmail.com> <5f649d68-94be-579a-31c6-6ad02466cd15@time-travellers.org> <CAHbrMsCj8LzJff7BXwnY4TOcOU2POuZfP4h+fyA6VUKeGpksCQ@mail.gmail.com> <E0430A84-D844-4B79-B71F-A92A21942329@icann.org> <CAHbrMsCPPq-o8U4mhFPZ1U+GE+57yneEGo7AD5uDQ_QDDUO0rw@mail.gmail.com> <03FDA925-2BC3-4830-B27B-5F6E19676678@icann.org> <CAPp9mxJM1b4+OFHX0x6QwhoJpE+8Sz82K_e=DJ9EJFaK691_3Q@mail.gmail.com> <4AE29BBE-9B29-4E89-93CF-14153B25FD5C@icann.org> <CAHbrMsBQ88mKx-FLU0KT8W-AGyi=3HS3f5nuSO93-TOo_HTyNw@mail.gmail.com>
In-Reply-To: <CAHbrMsBQ88mKx-FLU0KT8W-AGyi=3HS3f5nuSO93-TOo_HTyNw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_5DBD1EBF-5685-4E3C-A1C5-0EE75842C037"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-06_05:2021-08-06, 2021-08-06 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/UtJA5C76WMlMQ4a06MazvDdVhVo>
Subject: [dns-privacy] DS glue
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Aug 2021 16:12:47 -0000
(Changing the thread subject because it now feels like much less of a hack) On Aug 6, 2021, at 8:21 AM, Ben Schwartz <bemasc@google.com> wrote: > Hi DPRIVE. I've written this up as a proper I-D at https://datatracker.ietf.org/doc/html/draft-schwartz-ds-glue-00. Please review. > > In addition to the precise description of how to extend "DS" in this way, there's also some text explaining how this interacts with DANE and PKI authentication, making creative use of NSEC for performance. I like this draft a lot. I suspect there will be tweaks, but I hope the WG adopts it as the way to signal in the parent. It works well for the fully-authenticated case, and is also useful for the unauthenticated case to cause more encryption. --Paul Hoffman
- [dns-privacy] DS Hacks Ben Schwartz
- Re: [dns-privacy] DS Hacks Shane Kerr
- Re: [dns-privacy] DS Hacks Ben Schwartz
- Re: [dns-privacy] [Ext] DS Hacks Paul Hoffman
- Re: [dns-privacy] [Ext] DS Hacks Ben Schwartz
- Re: [dns-privacy] [Ext] DS Hacks Paul Hoffman
- Re: [dns-privacy] [Ext] DS Hacks Robert Evans
- Re: [dns-privacy] [Ext] DS Hacks Paul Hoffman
- Re: [dns-privacy] [Ext] DS Hacks Ben Schwartz
- [dns-privacy] DS glue Paul Hoffman
- Re: [dns-privacy] [Ext] DS Hacks Ilari Liusvaara
- Re: [dns-privacy] [Ext] DS Hacks Ben Schwartz
- Re: [dns-privacy] [Ext] DS glue Paul Hoffman
- Re: [dns-privacy] [Ext] DS glue Ben Schwartz
- Re: [dns-privacy] [Ext] DS glue Alexander Mayrhofer
- Re: [dns-privacy] [Ext] DS glue Ben Schwartz
- Re: [dns-privacy] [Ext] DS glue Alexander Mayrhofer
- Re: [dns-privacy] [Ext] DS glue Ben Schwartz