Re: [dns-privacy] [Ext] -02 of draft-ietf-dprive-opportunistic-adotq

Paul Hoffman <paul.hoffman@icann.org> Thu, 08 April 2021 00:46 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F6E53A30CD for <dns-privacy@ietfa.amsl.com>; Wed, 7 Apr 2021 17:46:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0kYv2jRq1eP9 for <dns-privacy@ietfa.amsl.com>; Wed, 7 Apr 2021 17:46:15 -0700 (PDT)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 047D93A30CC for <dprive@ietf.org>; Wed, 7 Apr 2021 17:46:15 -0700 (PDT)
Received: from MBX112-E2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.7]) by ppa3.lax.icann.org (8.16.0.43/8.16.0.43) with ESMTPS id 1380kDie006807 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dprive@ietf.org>; Thu, 8 Apr 2021 00:46:13 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.721.2; Wed, 7 Apr 2021 17:46:12 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0721.013; Wed, 7 Apr 2021 17:46:12 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: [Ext] [dns-privacy] -02 of draft-ietf-dprive-opportunistic-adotq
Thread-Index: AQHXJxv/+z2sk98FPE2qoTbxMJ1XT6qqSEUA
Date: Thu, 8 Apr 2021 00:46:12 +0000
Message-ID: <7E9CC6DC-BCF5-4692-B59B-BB704603C76C@icann.org>
References: <D282F006-0CE8-457B-99AD-84E5A5DCBD1F@icann.org>
In-Reply-To: <D282F006-0CE8-457B-99AD-84E5A5DCBD1F@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_34FDC8FA-3A76-4410-A22C-04D9FE8D465D"; protocol="application/pkcs7-signature"; micalg=sha-256
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-07_11:2021-04-07, 2021-04-07 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/ZtsjiOhh4SDr1y7hXAZbNQK89Kk>
Subject: Re: [dns-privacy] [Ext] -02 of draft-ietf-dprive-opportunistic-adotq
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 00:46:20 -0000

Nudge. Just wondering if anyone had read the -02 and had comments, given the large number of changes (and the proposed change to the filename).

--Paul Hoffman


On Apr 1, 2021, at 10:25 AM, Paul Hoffman <paul.hoffman@icann.org> wrote:
> 
> Greetings again. We have produced draft-ietf-dprive-opportunistic-adotq-02 based on extensive WG feedback before, during, and after the WG meeting. A couple of big changes include:
> 
> - All that fully-authenticated description we added to -01 before the WG meeting because we didn't know that draft-rescorla-dprive-adox-latest was coming? We removed that from our draft and point to draft-rescorla-dprive-adox-latest instead.
> 
> - The WG has not agreed on any reason to do authentication in opportunistic resolver-to-authoritative DNS, so we removed any mention of it, and now just talk about unauthenticated encryption.
> 
> - We changed the signaling mechanism to SVCB to align with draft-rescorla-dprive-adox-latest.
> 
> - Even though -01 stated explicitly that the protocol was optional for all authoritative servers, it seems that people want more. We now say more and point to the new RootOps document.
> 
> - Given that the WG is getting close to finishing DoQ, we put DoQ on the same footing as DoT in the document. We added DoH because it comes for free with using SVCB as a signal.
> 
> Given that the document is no longer about full opportunistic encryption (just about unauthenticated encryption), and that it not just about DoT and DoQ, we propose that we change the file name to draft-ietf-dprive-unauth-to-authoritative after the WG has had some time to comment on this -02.
> 
> --Peter and Paul
> 
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy