IETF Logo Mail Archive

Re: [dns-privacy] Complying with draft-grothoff-iesg-special-use-p2p-names

Hugo Maxwell Connery <hmco@env.dtu.dk> Mon, 26 January 2015 10:49 UTC

Return-Path: <hmco@env.dtu.dk>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A85921A88BF; Mon, 26 Jan 2015 02:49:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DK=1.009, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPk6kGa8P3NO; Mon, 26 Jan 2015 02:49:39 -0800 (PST)
Received: from spamfilter2.dtu.dk (spamfilter2.dtu.dk [130.225.73.113]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DFD81A0233; Mon, 26 Jan 2015 02:49:38 -0800 (PST)
Received: from ait-pexedg02.win.dtu.dk (ait-pexedg02.win.dtu.dk [192.38.82.192]) by spamfilter2.dtu.dk with ESMTP id t0QAm29t004056-t0QAm2A6004056 (version=TLSv1.0 cipher=AES128-SHA bits=128 verify=CAFAIL); Mon, 26 Jan 2015 11:49:19 +0100
Received: from ait-pex02mbx04.win.dtu.dk (192.38.82.184) by ait-pexedg02.win.dtu.dk (192.38.82.192) with Microsoft SMTP Server (TLS) id 14.3.224.2; Mon, 26 Jan 2015 11:48:19 +0100
Received: from ait-pex01mbx01.win.dtu.dk ([fe80::49f9:dd7a:cb60:3434]) by ait-pex02mbx04.win.dtu.dk ([fe80::3474:e6e2:2be3:3703%17]) with mapi id 14.03.0224.002; Mon, 26 Jan 2015 11:48:21 +0100
From: Hugo Maxwell Connery <hmco@env.dtu.dk>
To: Paul Vixie <paul@redbarn.org>, Christian Grothoff <christian@grothoff.org>
Thread-Topic: Complying with draft-grothoff-iesg-special-use-p2p-names
Thread-Index: AdA4olWq7jZGs0wEQySyNYTrLCCSBgAMQCWAAAB26YAAB2q1gAAYgB+2
Date: Mon, 26 Jan 2015 10:47:32 +0000
Message-ID: <6CB05D82CE245B4083BBF3B97E2ED470250A53@ait-pex01mbx01.win.dtu.dk>
References: <6CB05D82CE245B4083BBF3B97E2ED47025095F@ait-pex01mbx01.win.dtu.dk> <54C54EF9.1040302@redbarn.org> <54C55217.8000700@grothoff.org>, <54C583DD.2@redbarn.org>
In-Reply-To: <54C583DD.2@redbarn.org>
Accept-Language: en-AU, da-DK, en-US
Content-Language: en-AU
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [130.225.73.250]
Content-Type: multipart/mixed; boundary="_002_6CB05D82CE245B4083BBF3B97E2ED470250A53aitpex01mbx01wind_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/ZoKaX4gDTtQfDJib4Kir_B-TgEU>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Complying with draft-grothoff-iesg-special-use-p2p-names
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jan 2015 10:49:41 -0000

Hi,

"For every complex problem there is a simple, efficient
solution which is wrong".

And that seems to be the case for my suggestion for
compliance.

Persons wiser than me have suggested that the real solution
is that which the overlay community (tor, i2p, gnunet etc.)
have been working on: using the standardisation process
to ask the IANA to reserve these names.

One hopes that the governing body can understand that
these communities are addressing in the DNS privacy  
problems that the DPRIVE WG has been asked to consider,
and that their existence and implementations can
support the WG's efforts.

Thanks to all for their input, especially Mark (ISC)
and Vixie.

Regards,  Hugo Connery
--
Technical University of Denmark

________________________________________
From: Paul Vixie [paul@redbarn.org]
Sent: Monday, 26 January 2015 01:01
To: Christian Grothoff
Cc: Hugo Maxwell Connery; dnsop@ietf.org; dns-privacy@ietf.org
Subject: Re: Complying with draft-grothoff-iesg-special-use-p2p-names

[cid:part1.06030909.07040101@redbarn.org]
Christian Grothoff<mailto:christian@grothoff.org>
Sunday, January 25, 2015 12:29 PM

...

Furthermore, while we expect this to be rare in the first place, people
voiced concern about the additional traffic at the root zone from the
pTLDs, so using this configuration we can make sure that doesn't happen
(even though I personally can't imagine this to be a real issue in
practice).

as marka@ISC pointed out, an RDNS operator with QNAME privacy concerns can also just slave the DNS root, as was done by default in freebsd a few years ago, and as is described in the kumari/hoffman internet draft now circulating. slaving the root zone has its own tradeoffs, but i think equal or higher benefits with obviously lower risks than a widely distributed RPZ-based (static configuration) approach would have. (TL;DR: pretty much everything we ever hard-code comes back to bite us in the a$$.)



Naturally, you are right in that Hugo's configuration is merely a
supporting action, the first and most important thing is getting the
draft adopted and thus ensuring the root servers won't have a
conflicting definition in the future.

well then in spite of how much i like to see RPZ get used, i suggest that you put the horse first, cart second, which means: get the IETF to recommend to IANA that these names be reserved, and then and only then, workshop the various methods of implementing that reservation. you'll be in a world of hurt if somebody does early-adoption on your RPZ-based suggestion, only to find that the IANA reserves a slightly different set of names (or no names at all) compared to what you asked for.

--
Paul Vixie

v2.23.0 | Report a Bug | By Email