Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
Andrew Campling <andrew.campling@419.consulting> Wed, 31 March 2021 22:12 UTC
Return-Path: <andrew.campling@419.consulting>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAE6C3A3926 for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 15:12:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVRjB96vzQhT for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 15:12:55 -0700 (PDT)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100057.outbound.protection.outlook.com [40.107.10.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27EF83A3923 for <dprive@ietf.org>; Wed, 31 Mar 2021 15:12:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FzlBnwR7X4fNm9ZB4+3PwMjIjiPjlsG+TCwYLCTFBQ0yEVtoTIUa4IPIwJcgi0to1Ypx1zwCYwoOeHczhu377/4KxP1iLxXT/IKivKBgteEETFuY90Fkk1zsVT2pcevafcR+8hUc7pALOaCRpidh91NDkvWOlEMGYfEXk/AX2mteoed3eHZ7oA3iH8LkBguSQHb5z9Gcyy+3yjkZpAv4dPV+2uDUgARSqPDk6a4vQ7exA0BNBUIHpWGymNxPvg5olL4IOzaE8GQuGC4mZLhCeWxJLXX7BdNbRPd2K2kBXEHL9esQ9dZzYfNybueH0MRFtdsGGBiauLuJuB0yRAezrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IYWgvmh18O02b3RzbuW0aF4EqKh66Nb4yf3XoCmiqWI=; b=Xijb4Lk+TKr75tIwP2GfRqLi/viC/RPNbM2L3zOWj+AnzpaozC/Q15TUK1W59EXdxjr/InfTmZV7CtsR/9k/7ht6bpk/tL8AxCYYS0TsoV+CJb2YcCAhoLrw0TlUPEq+3QIfpOEkyZZT3r1dpNEJVLWCiVdviymueoF3Ymkx0DMhYmUz8TcSHhKgo8d7Z2QYCm85y40II+dYCdEYWoq7fkEZB4oilwTUgUFfCrQID/DZfWGYWw5zc+4ZAyNpH1ZC1RdcrqbdfZrDS+JBUZRO/T7QuL8kQIdLD/zsMQjwQIg+PeP3hHV7WAqowHBgPn7GC54s/HvVfRvxx0kAUirltw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IYWgvmh18O02b3RzbuW0aF4EqKh66Nb4yf3XoCmiqWI=; b=VFX+AuTa/JuVW5CI1x0VxjZD2ckzkC0VpW3VA3v5x3/uHwIkcDOTIpilJzgimk7i1ccFxjxxFGMUg/I5ftnw1orMmQw4K0cPoi0KseHNAiLQSDcJniL5yPCUlJXLL20M9V9hBcWAh7XiTs5PTjmY3v+TNHtR+4eRk23quV5MVa0=
Received: from LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:67::18) by LNXP265MB0010.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:1d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.24; Wed, 31 Mar 2021 22:12:52 +0000
Received: from LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM ([fe80::1107:ec3d:f5b3:7520]) by LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM ([fe80::1107:ec3d:f5b3:7520%5]) with mapi id 15.20.3977.033; Wed, 31 Mar 2021 22:12:52 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Bill Woodcock <woody@pch.net>, Rob Sayre <sayrer@gmail.com>
CC: "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: [dns-privacy] Root Server Operators Statement on DNS Encryption
Thread-Index: AQHXJnfIIZuyXUL5zEe/osPw5oPuS6qepXTA
Date: Wed, 31 Mar 2021 22:12:52 +0000
Message-ID: <LO2P265MB039907E624A01148C9032A9AC27C9@LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM>
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com> <20210331091238.GA10597@nic.fr> <CAChr6SxPNVAZMYfZqF+K6Xf8FPGa9ZgHkL-uUvtKMEiJSPmp8Q@mail.gmail.com> <2607D274-936F-4A31-9E4D-EEBCF45BE838@pch.net> <CAChr6Szg+EbFqSpFPco8Gyb9pzNNnrSoQJcXTDVeg40_EXiPDg@mail.gmail.com> <4B1CCB51-C777-4434-B28E-76C22C12E4DA@pch.net> <CAChr6Sym=tm-vj-3FB-GbOG6U=U4CFsRE6yyWJk14waZQLbRiQ@mail.gmail.com> <ABD711DE-80CE-4B15-9153-82DA25E4F000@pch.net> <CAChr6Swfnc_s_-3TS6NuCzuqWduA-E6270x4uSLNGnTF+sLnmQ@mail.gmail.com> <981FF900-A7ED-46DF-9DDB-056E76822017@pch.net> <13460b9e-a7d4-1bad-b48c-64941fb4739f@cs.tcd.ie>
In-Reply-To: <13460b9e-a7d4-1bad-b48c-64941fb4739f@cs.tcd.ie>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=419.consulting;
x-originating-ip: [86.144.96.155]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f152f4ec-3714-4cd5-15e2-08d8f49220e6
x-ms-traffictypediagnostic: LNXP265MB0010:
x-microsoft-antispam-prvs: <LNXP265MB001023A665ADB759CE17618CC27C9@LNXP265MB0010.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ExsAkBAM7JCagb8hNtVwneuyqHO3JHzhVoOxHEFV4x+DubnUsWavKXk69AIuz9whxJVCHNTbPJPdmH2dAAS2+JadRWkn38CQa2dqDb58Ijq+mZYbOnX/DVhSBtzPctbQLh7VbmQdYPPr/XBXK5o4o2iwMHypjA7xsOVLQLnZrPH5FpG5AH/SwZyt6//l2T4Jo5gGF0J40Se/C2G2m+xHIr7igM3F2i+XUXF6kJputP5r70r2N9CWmC/sHTPLbS/M6BvxFZav/APsTr9Sln4gh1+xBJWy2B45527RWOfLpZvTSMWkBDjTl7a7AwjrBayTg+dSLlHdu7wvYjLwrupGqqhIApdCV+NPZVgQu6uZZIx2a/hzxPyJpHqyySdDG3o8LnPhTF07l8XtdTbMQqB2yVhBxtUsZBYvFJgQGBYi0EvS/ZgiTEAygWpfo472EG1QNxBB89hqC5AMBh7dmkvx5pg2136nSPrXrzwfpMb6qO0t7VdLoQNupm/M88PGH7z3uqdMCKSlXjLnfd7J4x2UHINe3+FQlPNOTyOn0KB169seeSk2lvY8My9odfJGHraBx/ETRoyXxuGiEKnsmbPO2Ryn1aQGsnh7+MRTd4gSdl7TjWbd5ceiZcsqMyOnODTRS3RYWUWkukhfrJsJjFRG9IzxH+3A7MW2K9wGdlAI7K+HRJup+xoaGmXlWPEVZ7H+
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(136003)(366004)(376002)(396003)(39830400003)(346002)(52536014)(26005)(7696005)(478600001)(6506007)(53546011)(66476007)(4326008)(110136005)(38100700001)(9686003)(5660300002)(66446008)(86362001)(8676002)(64756008)(2906002)(71200400001)(186003)(316002)(66946007)(44832011)(66556008)(55016002)(76116006)(33656002)(8936002)(296002)(46492009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: pnZ7T4ULVezW03YM2EQ3MfOheVKir7wJc6YN0t02GMUX2Iud+ZQ+DY/TYoAPtf95DNSXv3gTf6V6VnvXBauLjlMQtJMWnDSILdugc/MvMhYFpEIRVqegk15E4n0byfs33zaxsoqayXUa56q8lr0CoSBCBKhwb6LGgZM72u1CPtV82/BuJ0/OmStE2JTyCd1RY2tHnK0hwJ91r4u9PQKfEWjjSvAAemhdWxD6dLPx4MaCJRDyShaKJ/G83t5VwNFjIWxozOLGO9Lc3pOlrjk3AQtcygdw+KBKUW+gV3GqPdshgEAEFmB/SDUko1uAIyEGLO6GESgN3UnL+hHNbfLHlqa5beACGXyJudMGlGcHS4c+9WHJFmp1qFv0szlugXhmQmyXp3/VEEQtlUmkOmifpFpvPe8+9qu5iZer5FpTxcQBoHgukujVGgOxvGruRIh8SqAj8/B1iw/twVcYKBAR6Hu/eZ/7etXmlGTJTTPispiALBZr2Q1rszCrdNDf8U45ezr5BcX2S4ZNeKTZyINDGTdF0BI4n4ZwJAk/TWFFWm4qe0lRSpdSADf+QhiTpqw5QL1UIssqY1hq/TpKZvrsFh5OznYqa9Qf10IKkcV6KTeafm/9T/jZxW4m4/n0EE/O8CJghLQIK4y3dDGrNTGOk4oc3YNBXwn/27pkY9zFocUmzco9I0980J1J/4z/amkoof6MsvdhGYxPOy4v6V0CwNAyfEEBuFQ+Te/BYA1VlT8/jWeMvVWls8WDx8jbrY9NOEbNGlNnjXzAUuT3d6/PA0hU7KIY59rMZlObf1a6t6Imvl2/WlL2VuZXxSQhxd118jkxrl4dwcdjzrSm5tBhWNmzFzm71Pl854Rmp/dtq4fuk3KmACf4XQ1xSIsSY70UW5vNfz42OLfFeBif99O6XlWvFBnVwTI/XBTNfT+SfWKPu5Z4LCj9WsUq/LTmGRD/cNSadNrlQqXd35Q8ixZtrQYaE+ng6vcq33GVGX359sBXxwmuco2xkgLcQxuHleRoe18Swq75mEOTz7Z8dPAxSNSx+ar/EfxgEe0dW8W0kUY4yB3OCIvH04bJ2GeeOYlwPFWXM2BLbPD02VguS4v4C0WFK6mlrOM0b3Lys/ZZ9qPpAEB/VFK+WOeZSWsz8q+ycCxwDAFvZ5NFeJ5/KOANCEqaeW8taXW8g+erTg9WWnpAMRRPvlErh8JAQY50bFwKk6s0VeSMeABIG+IaN0UnmWol5WIa3C7FBfGRCED9dMomScuwg2sl6elglTV3bNu/clMgC0bD7qUuN94F6+hyJdoOYhULPgAHXDAvGOdnjSQk9v3IjHN6fw6HfaIzgMSQ
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f152f4ec-3714-4cd5-15e2-08d8f49220e6
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Mar 2021 22:12:52.6987 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dzJ4fmgmm6HPCoiM8V4X/FvzId49R05CziTMQ/KHcTayrS9Q9ckbucgbFrQy8yzAnJVjG6G0VI6fxcGc7QV7gOKt6ikEYrwo6Qd7PxOguck=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LNXP265MB0010
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/XzLT4lIIDLRHWmARoyIMSSp6YsI>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 22:13:00 -0000
On 31/03/2021 22:49, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > Hiya, > > On 31/03/2021 22:43, Bill Woodcock wrote: >> Then those RFCs should be worded carefully so that they don’t suggest >> that the thing they’re proposing is generally applicable. >> Particularly to the roots. Which are actual critical infrastructure. > There was a load of mail earlier today on just that. > > The real issue IMO is not querying the root servers but > the TLDs. There are still performance issues to consider > of course but the business model and the value to the > person somewhere behind the recursive are quite different. > > I really wish we could stop all mixing up the roots with > the TLDs in this discussion. I thought that the Root Server Operators Statement on DNS Encryption helped clarify a particular lack of interest from that group. It made me wonder whether there has been any dialogue with TLD operators to establish whether they are interested in adopting encryption, as well as to understand the operational challenges that may need to be overcome to make any proposed solutions deployable? My apologies if the stance of TLD operators is well known to most in this group, however some of the recent debate on the list seems to suggest that the position of TLD operators is unclear. To echo and extend a point made in a different post, what is the problem being solved, do sufficient TLD operators believe that it needs to be solved and is the proposed solution one that they are likely to deploy? Andrew
- [dns-privacy] Root Server Operators Statement on … Hollenbeck, Scott
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Erik Kline
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… Eric Rescorla
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Erik Kline
- Re: [dns-privacy] Root Server Operators Statement… Eric Rescorla
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Vladimír Čunát
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman
- Re: [dns-privacy] Root Server Operators Statement… Frederico A C Neves
- Re: [dns-privacy] Root Server Operators Statement… Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Hollenbeck, Scott
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… Vladimír Čunát
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Stephen Farrell
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Andrew Campling
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Andrew Campling
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Christian Huitema
- Re: [dns-privacy] Root Server Operators Statement… Rob Sayre
- Re: [dns-privacy] Root Server Operators Statement… Tomas Krizek
- Re: [dns-privacy] Root Server Operators Statement… Petr Špaček
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman
- Re: [dns-privacy] Root Server Operators Statement… Bill Woodcock
- Re: [dns-privacy] Root Server Operators Statement… Vittorio Bertola
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- Re: [dns-privacy] Root Server Operators Statement… Stephane Bortzmeyer
- [dns-privacy] DDoS resiliance & DNS-over-TCP (was… Shane Kerr
- Re: [dns-privacy] Root Server Operators Statement… Christian Huitema
- [dns-privacy] RFC7626 and risk/threat analysis Jim Reid
- Re: [dns-privacy] Root Server Operators Statement… John Heidemann
- Re: [dns-privacy] Root Server Operators Statement… Wes Hardaker
- Re: [dns-privacy] Root Server Operators Statement… Brian Haberman