IETF Logo Mail Archive

Re: [dns-privacy] WGLC : draft-ietf-dprive-unilateral-probing

Stephane Bortzmeyer <bortzmeyer@nic.fr> Wed, 29 March 2023 09:00 UTC

Return-Path: <stephane@laperouse.bortzmeyer.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86A47C159A1D for <dns-privacy@ietfa.amsl.com>; Wed, 29 Mar 2023 02:00:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2_ORehE9LU6u for <dns-privacy@ietfa.amsl.com>; Wed, 29 Mar 2023 02:00:12 -0700 (PDT)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fe27:3d3f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6548C1522D7 for <dns-privacy@ietf.org>; Wed, 29 Mar 2023 02:00:11 -0700 (PDT)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id 5331EA00E2; Wed, 29 Mar 2023 11:00:08 +0200 (CEST)
Received: by smoking.sources.org (Postfix, from userid 1000) id B29401BA2071; Wed, 29 Mar 2023 17:57:02 +0900 (JST)
Date: Wed, 29 Mar 2023 17:57:02 +0900
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Ralf Weber <dns@fl1ger.de>
Cc: dns-privacy@ietf.org
Message-ID: <ZCP9XjjMJn/PUm9P@laperouse.bortzmeyer.org>
References: <64e17d73-ea1a-00cb-a8a5-b5cfb39c37ae@innovationslab.net> <00209F39-7B17-483E-AFFF-69084F3FF105@fl1ger.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <00209F39-7B17-483E-AFFF-69084F3FF105@fl1ger.de>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 22.04 (jammy)
X-Charlie: Je suis Charlie
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/X37M14G7Tqt2rmeFjRqaP4l6T1w>
Subject: Re: [dns-privacy] WGLC : draft-ietf-dprive-unilateral-probing
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2023 09:00:13 -0000

On Tue, Mar 28, 2023 at 09:29:46PM +0900,
 Ralf Weber <dns@fl1ger.de> wrote 
 a message of 30 lines which said:

> As I don’t think probing for secure transport is a good idea and
> hope that we will come up with better solutions that follows the DNS
> delegation model.

You mean the parent announcing the zone has ADoT servers? This seems a
good way to have discrepancies between the announce and the reality.

> While I think using IP addresses for authoritative server selection
> is a natural choice there have been cases where an authoritative
> server on the same IP answers differently deepening on the domain
> asked, which will not work well with the detailed implementation of
> that draft.

The point is that this draft is an opportunity to state clearly what
we expect from the authoritative name servers. Requesting that all
instances at the same IP address have DoT does not seem unreasonable
but, indeed, it is not written anywhere yet.

v2.23.0 | Report a Bug | By Email