Re: [dns-privacy] Working Group Last Call for draft-ietf-dprive-rfc7626-bis

"Hollenbeck, Scott" <shollenbeck@verisign.com> Wed, 21 August 2019 18:22 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE1E3120CE0 for <dns-privacy@ietfa.amsl.com>; Wed, 21 Aug 2019 11:22:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWuv-A00w2oK for <dns-privacy@ietfa.amsl.com>; Wed, 21 Aug 2019 11:22:03 -0700 (PDT)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFAF4120E1A for <dns-privacy@ietf.org>; Wed, 21 Aug 2019 11:22:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2428; q=dns/txt; s=VRSN; t=1566411722; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=iXJZ8yjknwEhrrMJ/QFfMixAvMAT3QIkS4p3yawxdrk=; b=LwWSlXyStaAW0dAS8fsGa2Tyh6aYKVczU8oxM/+5ExTOIkBWEQlkIVPz 6qV4thV8WEPi2V4tKw8LybgRJ6z10u829k2JDAbPZBKD/WbcvoVXgGjcK +96YP6dVSX1TM0MVw/doH70RjDGfIA23j89HdQPEXKLdBBoPphnfZYK7G YgNO3w/zZrbtacdj50Ws5YVIlyfcrU6xWFsj65MnyEfqwXAPrckO4Enc2 e2Ae+bRrUb27W8G3SgZhp0Fd+dlTrS5bX1W11DUvXnF40E1CZPx7QCiyD KOayMhsp6zeJvXW04tqoGJCv1zI9R/03drzmZm8PJ7IASppbvbDBTO6z2 A==;
X-IronPort-AV: E=Sophos;i="5.64,412,1559534400"; d="scan'208";a="8218460"
IronPort-PHdr: =?us-ascii?q?9a23=3AUUyQVxICSGQy9/uiOtmcpTZWNBhigK39O0sv0r?= =?us-ascii?q?FitYgXKvnzrarrMEGX3/hxlliBBdydt6sezbOK6Ou5AzBIyK3CmUhKSIZLWR?= =?us-ascii?q?4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBx?= =?us-ascii?q?rwKxd+KPjrFY7OlcS30P2594HObwlSizexfK1+IA+roQjeuMQajpZuJrg+xx?= =?us-ascii?q?DUvnZGZuNayH9yK1mOhRj8/MCw/JBi8yRUpf0s8tNLXLv5caolU7FWFSwqPG?= =?us-ascii?q?8p6sLlsxnDVhaP6WAHUmoKiBpIAhPK4w/8U5zsryb1rOt92C2dPc3rUbA5XC?= =?us-ascii?q?mp4ql3RBP0jioMKjg0+3zVhMNtlqJWuBKvqQJizY7Ibo+bN/R+caHcfdwGSm?= =?us-ascii?q?ROUd1cVzBaDYO+c4cDE/YNMOReooLgp1UOtxy+BQy0Ce/hyDFIgXv23akk3O?= =?us-ascii?q?QnCg7JwhAvH9EWvH/Jsdv6KKASUfypzKXG0D7OaOhW2Tf66IjMdhAuv/eMUq?= =?us-ascii?q?lufsXNykkiDB3FgUuKqYzkJDOV1+sNs26B4+V8UuKvjncqpgdsqTahwccsj5?= =?us-ascii?q?PGhoMTyl3c6yp4z5w6JdigSE5/f9GoCodftyafN4ZwX8gsQHlotT4nxrEao5?= =?us-ascii?q?K3YSoHxZo9yxLCa/GKfZKE7x3gWeqJPDt0mGhpdK+9ihqu60Ss1+LxW8qu3F?= =?us-ascii?q?pXrSdJitfMuW4O2hDP78WKT/lw8Vu91TmV0g3f9/1LLlwxmKfbNpEu3LAwm5?= =?us-ascii?q?8XvEveAyD5hkP7h7KMeEo+4Oin8eHnb63jpp+bKoB7lBnzMr8rmsyjGeQ4NR?= =?us-ascii?q?UOX3SD9eS8yrLj+Ur5Ta1Xg/MqiqfVrZDVK9wUqKG4HwNZz5wv6wijADehyt?= =?us-ascii?q?QYhWMLI0hYdx6dkYjpIUrOIPbiAfijhFSslS9nx/HAPrL/HpXANmXPnKv7cb?= =?us-ascii?q?pg6UNRxhA/wc1f6p9aEL0ML/H+Vlf0tNPCDx85NwK0w/zgCNV4zo4eQmKPAq?= =?us-ascii?q?idMKPWr1CI4PkgLPeQa48Wozv9NeYq5+TvjX8imF8dcq+p0YELZ3C/G/RqO1?= =?us-ascii?q?+Zbmb0gtcdDWcKuRIzTPLuiFKYTDFTZnOyX6Mm5j0hFI2mEIHDSZqxgLCG3S?= =?us-ascii?q?e0AIFWZm5dB1CKEHfna5+IVOsNaSiKOM9ujiQEVaS9S48mzRyhqQn6y6F+Iu?= =?us-ascii?q?rM4C0YtIzj28Jp6OzTjhwy9CJ7D9iT022XSGF0hGwIFHcK2/U1v0h0xlaG0L?= =?us-ascii?q?I+iOFeHMAQ5v5VXC88NJWaxP4wQ4TsXgvNf9KIUhCtX9OvHXIwQ84/69kPaA?= =?us-ascii?q?B2CYPmxlrP2THvG6UUibWAFbQ1/77SmX/rKIw1n3rAz+w5lVg4S8BeHWyrmq?= =?us-ascii?q?A58BLcUd3niUKcwuyKcqAY0SjH+WyAiSK1t0ZETEQ4Bb7FWnQba03coN/6zl?= =?us-ascii?q?3PVb61CLshdABGzJjReeNxdtT1gAAeF7/YM9PEbjfplg=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2FRAABci11d/zCZrQpkHAEBAQQBAQcEAQGBVQUBAQsBg?= =?us-ascii?q?wSBLgqEFZENmROBPzwJAQEBAQEBAQEBBwEbFAEBAoQ9AheCaTYHDgIFAQEBB?= =?us-ascii?q?AEBAQEBBgMBAQEChhAMgjoiHE07MAEBAQEBAQEBAQEfAkAwAQEBAQMdBhEVP?= =?us-ascii?q?AQCAQgRBAEBAwImAgICMBUICAIEARIIgxutF4EyilCBDCgBhHiHDYFBPoERg?= =?us-ascii?q?xI+hC6DIYJYBI8ThTKXEAMGAoIdiyKJDyOCMYtIik2NW5gOAgQCBAUCFYFXA?= =?us-ascii?q?oIIcIM8CYJxgzqKU3KMJYEhAQE?=
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 21 Aug 2019 14:21:57 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.1713.004; Wed, 21 Aug 2019 14:21:56 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "vladimir.cunat+ietf@nic.cz" <vladimir.cunat+ietf@nic.cz>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [EXTERNAL] Re: [dns-privacy] Working Group Last Call for draft-ietf-dprive-rfc7626-bis
Thread-Index: AQHVVo3OAq2kVjP6pkGU3WoDIXzDGKcF7DwQ
Date: Wed, 21 Aug 2019 18:21:56 +0000
Message-ID: <c3736082a5b64aafbf00cb6f75f21470@verisign.com>
References: <CADyWQ+EY14GdvEv7f0X6d=GNp6Kbdrkr6rNchszOgs_mf0zUXA@mail.gmail.com> <e43beb93-2c1d-13a2-38d1-f8b41cfb559e@nic.cz>
In-Reply-To: <e43beb93-2c1d-13a2-38d1-f8b41cfb559e@nic.cz>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/ZjND7i-f7lDjMHSufuedV_thZ3w>
Subject: Re: [dns-privacy] Working Group Last Call for draft-ietf-dprive-rfc7626-bis
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2019 18:22:05 -0000

> -----Original Message-----
> From: dns-privacy <dns-privacy-bounces@ietf.org>; On Behalf Of Vladimír
> Cunát
> Sent: Monday, August 19, 2019 8:58 AM
> To: dns-privacy@ietf.org
> Subject: [EXTERNAL] Re: [dns-privacy] Working Group Last Call for draft-ietf-
> dprive-rfc7626-bis
>
> Hello,
>
> I now read through the whole document, and I see one thing that might be a
> little bit confusing - the beginning of page three reads like QNAME
> minimization is not possible or at least never done, and contrary to
> rfc7626 itself it isn't even mentioned in the whole document.  I would
> suggest to at least reduce the strength of the wording ("always"), and/or
> mention rfc7816.  I don't have much data at hand, but I believe that some
> reduction of QNAMEs isn't as exotic as it used to be.

Agreed, and I'll suggest a sentence (enclosed by **) for the end of the third paragraph of the Introduction:

"It is important, when analyzing the privacy issues, to remember that the question asked to all these name servers is always the original question, not a derived question.  The question sent to the root name servers is "What are the AAAA records for www.example.com?";, not "What are the name servers of .com?".  By repeating the full question, instead of just the relevant part of the question to the next in line, the DNS provides more information than necessary to the name server. **In this simplified description, recursive resolvers do not implement QNAME minimization as described in RFC 7816 [RFC7816], which will only send the relevant part of the question to the upstream name server.**"

It may be more desirable to reference 7816bis, but that would add an Internet-Draft reference dependency that folks might not want to add.

Scott