Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

Andrew Campling <andrew.campling@419.consulting> Wed, 31 March 2021 22:12 UTC

Return-Path: <andrew.campling@419.consulting>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAE6C3A3926 for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 15:12:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CVRjB96vzQhT for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 15:12:55 -0700 (PDT)
Received: from GBR01-LO2-obe.outbound.protection.outlook.com (mail-eopbgr100057.outbound.protection.outlook.com [40.107.10.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27EF83A3923 for <dprive@ietf.org>; Wed, 31 Mar 2021 15:12:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FzlBnwR7X4fNm9ZB4+3PwMjIjiPjlsG+TCwYLCTFBQ0yEVtoTIUa4IPIwJcgi0to1Ypx1zwCYwoOeHczhu377/4KxP1iLxXT/IKivKBgteEETFuY90Fkk1zsVT2pcevafcR+8hUc7pALOaCRpidh91NDkvWOlEMGYfEXk/AX2mteoed3eHZ7oA3iH8LkBguSQHb5z9Gcyy+3yjkZpAv4dPV+2uDUgARSqPDk6a4vQ7exA0BNBUIHpWGymNxPvg5olL4IOzaE8GQuGC4mZLhCeWxJLXX7BdNbRPd2K2kBXEHL9esQ9dZzYfNybueH0MRFtdsGGBiauLuJuB0yRAezrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IYWgvmh18O02b3RzbuW0aF4EqKh66Nb4yf3XoCmiqWI=; b=Xijb4Lk+TKr75tIwP2GfRqLi/viC/RPNbM2L3zOWj+AnzpaozC/Q15TUK1W59EXdxjr/InfTmZV7CtsR/9k/7ht6bpk/tL8AxCYYS0TsoV+CJb2YcCAhoLrw0TlUPEq+3QIfpOEkyZZT3r1dpNEJVLWCiVdviymueoF3Ymkx0DMhYmUz8TcSHhKgo8d7Z2QYCm85y40II+dYCdEYWoq7fkEZB4oilwTUgUFfCrQID/DZfWGYWw5zc+4ZAyNpH1ZC1RdcrqbdfZrDS+JBUZRO/T7QuL8kQIdLD/zsMQjwQIg+PeP3hHV7WAqowHBgPn7GC54s/HvVfRvxx0kAUirltw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IYWgvmh18O02b3RzbuW0aF4EqKh66Nb4yf3XoCmiqWI=; b=VFX+AuTa/JuVW5CI1x0VxjZD2ckzkC0VpW3VA3v5x3/uHwIkcDOTIpilJzgimk7i1ccFxjxxFGMUg/I5ftnw1orMmQw4K0cPoi0KseHNAiLQSDcJniL5yPCUlJXLL20M9V9hBcWAh7XiTs5PTjmY3v+TNHtR+4eRk23quV5MVa0=
Received: from LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:67::18) by LNXP265MB0010.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:1d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.24; Wed, 31 Mar 2021 22:12:52 +0000
Received: from LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM ([fe80::1107:ec3d:f5b3:7520]) by LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM ([fe80::1107:ec3d:f5b3:7520%5]) with mapi id 15.20.3977.033; Wed, 31 Mar 2021 22:12:52 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Bill Woodcock <woody@pch.net>, Rob Sayre <sayrer@gmail.com>
CC: "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: [dns-privacy] Root Server Operators Statement on DNS Encryption
Thread-Index: AQHXJnfIIZuyXUL5zEe/osPw5oPuS6qepXTA
Date: Wed, 31 Mar 2021 22:12:52 +0000
Message-ID: <LO2P265MB039907E624A01148C9032A9AC27C9@LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM>
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com> <20210331091238.GA10597@nic.fr> <CAChr6SxPNVAZMYfZqF+K6Xf8FPGa9ZgHkL-uUvtKMEiJSPmp8Q@mail.gmail.com> <2607D274-936F-4A31-9E4D-EEBCF45BE838@pch.net> <CAChr6Szg+EbFqSpFPco8Gyb9pzNNnrSoQJcXTDVeg40_EXiPDg@mail.gmail.com> <4B1CCB51-C777-4434-B28E-76C22C12E4DA@pch.net> <CAChr6Sym=tm-vj-3FB-GbOG6U=U4CFsRE6yyWJk14waZQLbRiQ@mail.gmail.com> <ABD711DE-80CE-4B15-9153-82DA25E4F000@pch.net> <CAChr6Swfnc_s_-3TS6NuCzuqWduA-E6270x4uSLNGnTF+sLnmQ@mail.gmail.com> <981FF900-A7ED-46DF-9DDB-056E76822017@pch.net> <13460b9e-a7d4-1bad-b48c-64941fb4739f@cs.tcd.ie>
In-Reply-To: <13460b9e-a7d4-1bad-b48c-64941fb4739f@cs.tcd.ie>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=419.consulting;
x-originating-ip: [86.144.96.155]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f152f4ec-3714-4cd5-15e2-08d8f49220e6
x-ms-traffictypediagnostic: LNXP265MB0010:
x-microsoft-antispam-prvs: <LNXP265MB001023A665ADB759CE17618CC27C9@LNXP265MB0010.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ExsAkBAM7JCagb8hNtVwneuyqHO3JHzhVoOxHEFV4x+DubnUsWavKXk69AIuz9whxJVCHNTbPJPdmH2dAAS2+JadRWkn38CQa2dqDb58Ijq+mZYbOnX/DVhSBtzPctbQLh7VbmQdYPPr/XBXK5o4o2iwMHypjA7xsOVLQLnZrPH5FpG5AH/SwZyt6//l2T4Jo5gGF0J40Se/C2G2m+xHIr7igM3F2i+XUXF6kJputP5r70r2N9CWmC/sHTPLbS/M6BvxFZav/APsTr9Sln4gh1+xBJWy2B45527RWOfLpZvTSMWkBDjTl7a7AwjrBayTg+dSLlHdu7wvYjLwrupGqqhIApdCV+NPZVgQu6uZZIx2a/hzxPyJpHqyySdDG3o8LnPhTF07l8XtdTbMQqB2yVhBxtUsZBYvFJgQGBYi0EvS/ZgiTEAygWpfo472EG1QNxBB89hqC5AMBh7dmkvx5pg2136nSPrXrzwfpMb6qO0t7VdLoQNupm/M88PGH7z3uqdMCKSlXjLnfd7J4x2UHINe3+FQlPNOTyOn0KB169seeSk2lvY8My9odfJGHraBx/ETRoyXxuGiEKnsmbPO2Ryn1aQGsnh7+MRTd4gSdl7TjWbd5ceiZcsqMyOnODTRS3RYWUWkukhfrJsJjFRG9IzxH+3A7MW2K9wGdlAI7K+HRJup+xoaGmXlWPEVZ7H+
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(136003)(366004)(376002)(396003)(39830400003)(346002)(52536014)(26005)(7696005)(478600001)(6506007)(53546011)(66476007)(4326008)(110136005)(38100700001)(9686003)(5660300002)(66446008)(86362001)(8676002)(64756008)(2906002)(71200400001)(186003)(316002)(66946007)(44832011)(66556008)(55016002)(76116006)(33656002)(8936002)(296002)(46492009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?cG5aN1Q0VUxWZXpXMDNZTTJFUTNNZk9oZVZLaXI3d0pjNllOMHQwMkdNVVgy?= =?utf-8?B?SXVkK1pRK0RZL1RZb0FQdGY5NUROU1h2M2dUZjZWNlZudlhCYXVMamxNUXRK?= =?utf-8?B?TVduRFNJTGR1Z2MvTXZNaFlGcEVJUlZxZWdrMTVFNG4wYnlmczMzemF4c29x?= =?utf-8?B?YXlYVWE1NnE4bHIwQ29TQkNCS2h3YjZMR2daTTcydTFDUHRWODIvQnVKMC9P?= =?utf-8?B?bVN0RTJKVHlDZDFSWTJ0SG5LMGh3SjkxcjR1OVBRS2ZFV2pqU3ZBQWVtaGRX?= =?utf-8?B?eEQ2ZExQeDRNYUNKUkR5U2hhS0ovRzgzdDVWd05GaklXeG96T0xHTzlMYzNw?= =?utf-8?B?T2xyamszQVF0Y3lnZHcrS0JLVVcrZ1YzR3FQZHNoZ0VBRUZtQi9TRFVrbzF1?= =?utf-8?B?QUl5RUdMTzZHRVNnTjNVbkwraEhOYmZMSGxxYTViZUFDR1h5SnVkTUdsR2NI?= =?utf-8?B?UzRjKzlXSEpGbXAxcUZ2MHN6bHVnWGhtUW15WHAzL1ZFRVF0bFVta09taWZw?= =?utf-8?B?RnB2UGU4KzlxdTVpWmVyNUZwVHhjUUJvSGd1a3VqVkdnT3h2R3J1UkloOFNx?= =?utf-8?B?QWo4L0IxaXcvdHdWY1lLQkFSNkh1L2VaLzdldFhtbEdUSlRUUGlzcGlBTEJa?= =?utf-8?B?cjJRMXJzekNyZE5EZjhVNDVlenI1QmNYMlM0Wk5lS1RaeUlOREdUZEYwQkk0?= =?utf-8?B?bjRad0pBay9UV0ZGV200cWUwbFJTcGRTQURmK1FoaVRwcXc1UUwxVUlzc3FZ?= =?utf-8?B?MWhxL1RwS1p2cnNGaDVPem5ZcWE5UWYxMElLa2NWNktUZWFmbS85VC9qWnhX?= =?utf-8?B?NG00L24wRUUvTzhDSmdoTFFJSzR5M2RER3JOVEdPazRvYzNZTkJYd24vMjdw?= =?utf-8?B?a1k5ekZvY1VtemNvOUkwOTgwSjFKLzR6L2Fta29vZjZNc3ZkaEdZeFBPeTR2?= =?utf-8?B?NlYwQ3dOQXlmRUVCdUZRK1RlL0JZQTFWbFQ4L2pXZU12VldsczhXRHg4amJy?= =?utf-8?B?WTlOT0ViTkdsTm5qWHpBVXVUM2Q2L1BBMGhVN0tJWTU5ck1abE9iZjFhNnQ2?= =?utf-8?B?SW12bDIvV2xMMlZ1Wlh4U1FoeGQxMThqa3hybDRkd2NkanpyU201dEJoV05t?= =?utf-8?B?ekZ6bTcxUGw4NTRSbXAvZHRxNGZ1azNLbUFDZjRYUTF4U0lzU1k3MFVXNXZO?= =?utf-8?B?Zno0Mk9MZkZlQmlmOTlPNlhsV3ZGQm5Wd1RJL1hCVE5mVCtTZldLUHU1WjRM?= =?utf-8?B?Q2o5V3NVcS9MVG1HUkQvY05TYWROcmxRcVhkMzVROGl4WnRyUVlhRStuZzZ2?= =?utf-8?B?Y3EzM0dWR1gzNTlzQlh4d211Y28yeGtnTGNReHVIbGVSb2UxOFN3cTc1bUVP?= =?utf-8?B?VHo3WjhkUEF4U05TeCthci9FZnhnRWUwZFc4VzBrVVk0eUIzT0NJdkgwNGJK?= =?utf-8?B?MkdlZU9ZbHdQRldYTTJCTGJQRDAyVmd1UzR2NEMwV0ZLNm1sck9NMGIzTHlz?= =?utf-8?B?L1paOXFQcEFFQi9WRksrV09lWlNXc3o4cSt5Y0N4d0RBRnZaNU5GZUo1L0tP?= =?utf-8?B?QU5DRXFhZVc4dGFYVzhnK2VyVGc5V1ducEFNUlJQdmxFcmg4SkFRWTUwYkZ3?= =?utf-8?B?S2s2czBWZVNNZUFCSUcrSWFOMFVubVdvbDVXSWEzQzdGQmZHUkNFRDlkTW9t?= =?utf-8?B?U2N1d2cyc2w2ZWxnbFRWM2JOdS9jbE1nQzBiRDdxVXVOOTRGNitoeUpkb09Z?= =?utf-8?Q?hULPgAHXDAvGOdnjSQk9v3IjHN6fw6HfaIzgMSQ?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P265MB0399.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f152f4ec-3714-4cd5-15e2-08d8f49220e6
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Mar 2021 22:12:52.6987 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dzJ4fmgmm6HPCoiM8V4X/FvzId49R05CziTMQ/KHcTayrS9Q9ckbucgbFrQy8yzAnJVjG6G0VI6fxcGc7QV7gOKt6ikEYrwo6Qd7PxOguck=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LNXP265MB0010
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/XzLT4lIIDLRHWmARoyIMSSp6YsI>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 22:13:00 -0000

On 31/03/2021 22:49, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

> Hiya,
>
> On 31/03/2021 22:43, Bill Woodcock wrote:
>> Then those RFCs should be worded carefully so that they don’t suggest 
>> that the thing they’re proposing is generally applicable.
>> Particularly to the roots.  Which are actual critical infrastructure.
> There was a load of mail earlier today on just that.
>
> The real issue IMO is not querying the root servers but
> the TLDs. There are still performance issues to consider
> of course but the business model and the value to the
> person somewhere behind the recursive are quite different.
> 
> I really wish we could stop all mixing up the roots with
> the TLDs in this discussion.

I thought that the Root Server Operators Statement on DNS Encryption helped clarify a particular lack of interest from that group.  It made me wonder whether there has been any dialogue with TLD operators to establish whether they are interested in adopting encryption, as well as to understand the operational challenges that may need to be overcome to make any proposed solutions deployable?  

My apologies if the stance of TLD operators is well known to most in this group, however some of the recent debate on the list seems to suggest that the position of TLD operators is unclear.  To echo and extend a point made in a different post, what is the problem being solved, do sufficient TLD operators believe that it needs to be solved and is the proposed solution one that they are likely to deploy?  

Andrew