Re: [dns-privacy] [Ext] Intermediate proposal (what I was saying at the mic)
Paul Hoffman <paul.hoffman@icann.org> Thu, 29 July 2021 22:42 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D2D03A0C37 for <dns-privacy@ietfa.amsl.com>; Thu, 29 Jul 2021 15:42:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zzENesE9BS3o for <dns-privacy@ietfa.amsl.com>; Thu, 29 Jul 2021 15:42:57 -0700 (PDT)
Received: from ppa2.lax.icann.org (ppa2.lax.icann.org [192.0.33.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 511793A0C35 for <dprive@ietf.org>; Thu, 29 Jul 2021 15:42:57 -0700 (PDT)
Received: from MBX112-W2-CO-2.pexch112.icann.org (out.mail.icann.org [64.78.33.6]) by ppa2.lax.icann.org (8.16.0.43/8.16.0.43) with ESMTPS id 16TMgu1a009895 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Jul 2021 22:42:56 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-2.pexch112.icann.org (10.226.41.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.858.12; Thu, 29 Jul 2021 15:42:55 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) by MBX112-W2-CO-1.pexch112.icann.org ([10.226.41.128]) with mapi id 15.02.0858.012; Thu, 29 Jul 2021 15:42:55 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Eric Rescorla <ekr@rtfm.com>
CC: "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: [Ext] [dns-privacy] Intermediate proposal (what I was saying at the mic)
Thread-Index: AQHXhLWY6vz+ru/Aa0KNZffcmgW5GatbAhAA
Date: Thu, 29 Jul 2021 22:42:55 +0000
Message-ID: <7514B406-2907-4059-AB59-6F3BAC05B839@icann.org>
References: <CABcZeBNRZsyjd-M_hKOwxdqY=Y7oZs5-d4waqPHb9gO-GJNV+Q@mail.gmail.com>
In-Reply-To: <CABcZeBNRZsyjd-M_hKOwxdqY=Y7oZs5-d4waqPHb9gO-GJNV+Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_915E4EEB-E5D0-42BC-87B1-F5BFAA52875B"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-29_17:2021-07-29, 2021-07-29 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/a_4GqXWj5BMPT610d1xDWLABMnU>
Subject: Re: [dns-privacy] [Ext] Intermediate proposal (what I was saying at the mic)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 22:42:58 -0000
Having a differentiated signal for "I don't expect to be authenticated" would be good for draft-ietf-dprive-unauth-to-authoritative. I also agree with the reasoning of the recursive and auth operators who spoke at the mic. PaulW's "Now you are advertising which DNS servers can easilly be MITMed" is silly because any attacker could test that trivially. --Paul Hoffman
- [dns-privacy] Intermediate proposal (what I was s… Eric Rescorla
- Re: [dns-privacy] Intermediate proposal (what I w… Paul Wouters
- Re: [dns-privacy] Intermediate proposal (what I w… Eric Rescorla
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Robert Evans
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] Intermediate proposal (what I w… Martin Thomson
- Re: [dns-privacy] Intermediate proposal (what I w… Christian Huitema
- Re: [dns-privacy] Intermediate proposal (what I w… Eric Rescorla
- [dns-privacy] ADoX experiments (was: Re: Intermed… Stephen Farrell
- Re: [dns-privacy] Intermediate proposal (what I w… Ben Schwartz
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Ben Schwartz
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Ben Schwartz
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… libor.peltan
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Brian Dickson
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Brian Haberman
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Stephen Farrell
- [dns-privacy] scope of authoritative signalling [… Daniel Kahn Gillmor
- Re: [dns-privacy] scope of authoritative signalli… Brian Dickson
- Re: [dns-privacy] scope of authoritative signalli… Peter van Dijk
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Brian Haberman
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Bill Woodcock
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Bill Woodcock
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Christian Huitema
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Bill Woodcock