IETF Logo Mail Archive

Re: [dns-privacy] ADoX experiments (was: Re: Intermediate proposal (what I was saying at the mic))

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 17 August 2021 12:47 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9ADA3A21E9 for <dns-privacy@ietfa.amsl.com>; Tue, 17 Aug 2021 05:47:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4uXtkxwEPr4 for <dns-privacy@ietfa.amsl.com>; Tue, 17 Aug 2021 05:47:26 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150130.outbound.protection.outlook.com [40.107.15.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 683163A21DA for <dns-privacy@ietf.org>; Tue, 17 Aug 2021 05:47:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eU2UkTNAfJxnBiuf4m5n7pVtinP5pgUfWIdDeBSMb4lAmTIEMmKv+Lvk3zNQVXLxtc2rpZkvHWkNyDYxWz5xVyKZaz3WwWmnDni9wSGv9DUULMOTClwonf4Dp10NvrfOPICwUpSRFNojwSUHWOeGj9J8y/Ol0kkyBLZD3/8brj2sE59IP9ZRuUWAkitD0jg2jothV5jRfSv9QzGpUnX2UuX4yva4V6KMYxwc/mO41ivL/nPWLRiz5k1f1Kr+g24/NA85bc6z+E7O8idS2MiBDMJMtEllP6PUqv4P3ECr2jL4Rf4fGUqFULrHg5l0TdynBKWjQQaLkEF9ahzUq2326w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FsMyn8KzfHRjSRdWjmUlsmf8pSbV4/PC/DqgyRRRMuM=; b=A9622Cxeg2+pPQbOv+ASojE+DpUZC3J6PbtLq/tjKnzRu+KAz7WMldoMRZBZ6d/btpZo88/GYCfS3ggUCFtDXOrC2dx2XhdiGhcHQbqIdCxcW/xL6+urFsOZ61OswAAMNliMWRbhrppakZ5I8uLMOnq6jUVS+2qHe47gt3kNkoDfSJQvhLfaXEe3oyAl2vjAu+O//oksW+vNPlL8Vz4lZD3hfnoTE117/SgKAbugfjTtL8mWl74kRxkxNt6Fn/0dQkynStS3Rc4e0ma/2Qn8nv2rXNFmguaZ+jmZ2y2T1z6WhCGTd8luOaktrqmdUzN599aPWw5ZRf63+jd2Hc7S9A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FsMyn8KzfHRjSRdWjmUlsmf8pSbV4/PC/DqgyRRRMuM=; b=GclAW/y0V/0nylfwm6pbTo/AzORQ+e5Vby3jp0z87x/hfxB3mIJMSq0SBBZtbrknTe6eb/9xH7MirjS3Pk7GGdM+II15qwpfJslVma/oiDgGF+Fe2afueQ3QaNmZbuyR/sYZr6SBrFXzvZ+YnlTXV8gLj9sLLT1rAXHQGraMqk9SXGwyuIgOvtyspjRA50qlhGELOYkzaNtvlTGcTQTjHlQfO2RD/zbKwgptj1IIYCLvfd+wOOd7A4IF3D4g9AjXZqxnKy+R0Q4hYyFBOy8q2lPF2onTtllfQRD6flQalvUhFos+ISFtu67L21fwIl23bUn7ZZirhKnR0zDyjzV5jw==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB7PR02MB5292.eurprd02.prod.outlook.com (2603:10a6:10:7b::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4415.18; Tue, 17 Aug 2021 12:47:22 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4198:a9d1:7246:8272]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::4198:a9d1:7246:8272%3]) with mapi id 15.20.4415.024; Tue, 17 Aug 2021 12:47:22 +0000
To: Brian Haberman <brian@innovationslab.net>, dns-privacy@ietf.org
References: <CABcZeBNRZsyjd-M_hKOwxdqY=Y7oZs5-d4waqPHb9gO-GJNV+Q@mail.gmail.com> <8b2ac283-614e-40d2-b6bf-5e67d5324aaa@www.fastmail.com> <9f184e77-056a-3a49-8832-249d36bbab82@cs.tcd.ie> <4cdc1d2f-47cb-9c23-f049-cf1ebf6717a5@innovationslab.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <c4ec9a50-01bd-d1f7-5c0a-f16981ca46ba@cs.tcd.ie>
Date: Tue, 17 Aug 2021 13:47:20 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
In-Reply-To: <4cdc1d2f-47cb-9c23-f049-cf1ebf6717a5@innovationslab.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="1Y76SaHf9KRVnyXdSr0MuHkeBBhvT1lmQ"
X-ClientProxiedBy: DB8PR04CA0004.eurprd04.prod.outlook.com (2603:10a6:10:110::14) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [10.244.2.124] (95.45.153.252) by DB8PR04CA0004.eurprd04.prod.outlook.com (2603:10a6:10:110::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.18 via Frontend Transport; Tue, 17 Aug 2021 12:47:21 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 0b0b3633-d2f4-451b-c021-08d9617d279c
X-MS-TrafficTypeDiagnostic: DB7PR02MB5292:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB7PR02MB529290B00CFDDAD0A278F5C2A8FE9@DB7PR02MB5292.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:1468;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: LB0OUibQSqUoLHnnV/KTdywFT/zagWA8uJop4OuefKcCdaKAhHjPvamBwPy7xPWIxqJIU1tws6KQs1rDVpA4iAF3UDWveDm2p5ZLtC98rUxm+vbHDdEoeGWAOUDTExeE3r35S7x1e4s+lMNg2b2Jvf+8Ls0NoW/nfDRYWCELVqF8fRZsaAHf05BnQEZ5YO1LP2rLOH6jjvufju+AyBjxuMpVXpz7X5bbYmcXsKounU0doJ3usBXbWRLz0KxR3vXgJyF8V8SYQoPrJTKU57Wx29eeUVPRbgdQhfEhz0RfWgCJsXBXZUeTcginL3abvV2sWo/QL0dWRKj8suKv3dElvBjAvDu7OD1CpGiwiLxsK7dz5ahDyRXUtKlbIG1XXZvpq7OwMO/Zlid2PfwxJoO5JantCxC5mphQyk1AkXXom2PyZjsQJhN710w9oGqpBMETT0ccD9lYNiIaQhHr3XmpjvgeHBu1jqZN9oCBSRh+jG5b4MJidSZLK9/uyp7M5pVtnStJplgGE8plh/Qtb0Jzckao8Fi8jNESxpRSz2xenJh6UpSS430OQU5wa5MaIiCT+37oJp84V4JX69BJOH9M6wHmLfG6DsJNqa7Lexyzp0U4IZSqJ6yCZCMjnu6F8DN/SehVsCj+b5/pWv1DBWjJWXlTCyofaFo0Bj8BbzLhOeEs232SCh54BrSA9JogwFsxcw1x+qrApZU4qsP430Z+HhRU8ZOSTijfdydxGAjqdBcNTB7dpqCXvxS5CjNDjW0HvpgAIqfGUfmahTDf8ndKrIeYnfi5C2zSYDf7EEzMJPpNnJ8MnqX6PXbdstjihRpc
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(376002)(136003)(396003)(39840400004)(966005)(2906002)(786003)(16576012)(316002)(66476007)(21480400003)(66616009)(66556008)(66946007)(5660300002)(478600001)(8936002)(8676002)(83380400001)(2616005)(6486002)(26005)(31696002)(44832011)(38100700002)(956004)(235185007)(31686004)(33964004)(36756003)(186003)(53546011)(86362001)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: ta+fivGe9yP69nBDg6DtmKosbo0VTPMwUL908hjMDzGgmXv7CtFBBk8fWTkbrkLTKKtR8/X4l0/Vs493KTfa6vGDy9aPdMCbRudvXkJ9dbWwy05hVjNBWRkYX9MemWW4CsevuOndHNeGqY2LjnM/EW5sJF9ikZmjki38PqT6cWZJmyO2Svi4cjYyZ4A+NfnHZ5zav0O4rL1luIkgKIIOCH22L5VB63TNnW6cQ5GJ37u+3xDUTD+WHCQN4mwVb5Xk54g6R6nwM0u1F/KOloBQmY+XZrZsX6R5fhLz1XUbZWaqB4gLGXU62TWEUyvL/L2B8K2NYBrSMpTuw3jCXLN0SqdDjZ/oCCFNFXnOfhKViEc+lWXypWmKhjG7LEaeJm+K7iWKrh1vk/ibJFaLJKOXPXjWKm2m8q73aGfVWMKnvoqvrFrdway0y+JB5LNoELkEukPCIlg/DOfaXfR4cI/KfC5zU8GoxMfsDFlwGKFkH+TPDUfaskmnkVPTTX5ffleJe8nnujI4seJUBeABQfT0Jp1lL6F2HI6hPSoiWsbA8g2ET7bMKB8zGm5PbNj42JQENVS6QU1BwNRKcmHMR58K2ObxKvDKoVYyGRhEesGnUOxMHFTq5sWi4voI7Quy4itIfVCesaoag17VZq+hkrkepUXLmDZbIvpUyFfZd32hQyoDYBj+XSllySYBeRV4W+/bKvMHBRbDx87WUoF8Ty5zIHgbW9y/opjMBy828s9QFDVo9kbKoNnH9ZWIiPMAKxk3nKLO5x51UJh3XXL0PxqzgV5jg69pN63KFqvEreTYRxTnutGMmAGrdzSASMJkM05hRbFZLWwDc2OWe7TvoiIK+JO+ReJgKnqlklL/1SKUdpziPuxQ9+/m3uiJyks8csknpwWqVyQsUSXWNbNdOaRw7/cJJxi4aePnFIKfYIg5xJr1fgfsEI4I/SsECbur4HEfbx7K6Z94Xht7r24033oOJ9EygS/PIKU0AR9ms809Kgtjx5bWTge8qwAVxQ3g0/Zjzl3x+XqRnbu0vC9Gw2JBmLNQ44o3NKl28pvtnNtdMd5UhNvq5n3LfePXRVpPNdVA5/xzUUlPTxlyXnwwkaWbJcdyEHdZV1KwEm+IHzFmQBYcQi4Gb61D6M5F1gzc1ftzal90xtLqV8MwWxCL8vAE/mBEicuyzfw6M5Zj0MtKoXJw3wdmkNHIbrKl2f34Yx2GnkhmXAIDFI8+uLIxDY/g6ThT8XkCcJNCUjGnDgB7/Ard16nk0F/7Q8GQ29if6DGtsLyq0CpjvxIj1JTkoCiFc8scoz2WwtJNbrVDHkDcBaag4mW4ab+7EHdGw11q0Xtk
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b0b3633-d2f4-451b-c021-08d9617d279c
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2021 12:47:21.9862 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: wWi6+HvPgYvOkd/pnOIg+XUMGgHouh8fcPWJvMNoeT9Ln5naq93nQj292W4iuJ3R
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR02MB5292
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/b1_Pv5r3xJTMigCpKsc-z1VbV3Q>
Subject: Re: [dns-privacy] ADoX experiments (was: Re: Intermediate proposal (what I was saying at the mic))
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2021 12:47:33 -0000

Hiya,

On 17/08/2021 13:16, Brian Haberman wrote:
> All,
>       I want to start working through the details of what Stephen is
> proposing below; beginning to do operational experiments to determine
> which approach, or approaches, may be viable in the long term. To carry
> out such experiments, I believe we need the following:
> 
> 1. A stable I-D for an approach to providing privacy between recursive
> resolvers and authoritative servers,

More than one I-D seems likely and is fine I reckon.

> 
> 2. An implementation of the stable I-D in a recursive resolver and in an
> authoritative server implementation,

IIUC, that exists?

> 
> 3. At least one authoritative server operator willing to deploy the
> experimental implementation,
> 
> 4. At least one recursive resolver operator willing to deploy the
> experimental implementation,
> 
> 5. An agreed upon set of metrics to assess the operational behavior of
> the approach,

Not sure a final/agreed version of that's needed before
someone starts to run an experiment. Nice to have it of
course but I suspect initial experiments will throw up
bits of data we'd not considered (e.g. maybe relating to
the diversity of partnerships that authoritative servers
have and how those affect partial rollout).

> 
> Is there a major item missing from the list above? Other aspects of
> carrying out such an experiment?
> 
> Are there any volunteers to start working on details of such an experiment?

I'm game. (But not this week, taking a few days away:-)

Cheers,
S.

> 
> Regards,
> Brian
> 
> On 8/2/21 9:22 AM, Stephen Farrell wrote:
>>
>> Hiya,
>>
>> On 02/08/2021 05:21, Martin Thomson wrote:
>>> If we decided on a single answer for the first and in the negative
>>> for the second, would that make authentication viable?
>>
>> IMO we ought not just "decide" on most of the tricky ADoX
>> issues but we should rather document the options sufficient
>> to allow people to do experiments and then wait and see how
>> those experiments go. I'd say a stable I-D is probably
>> enough documentation to allow for experiments and I'd hope
>> such experiments could be done in 6-12 months. I'd expect
>> we might still be left with a few tricky issues, but that
>> a number of those (where we might make wrong choices now)
>> would be resolved once people try 'em out.
>>
>> So my suggestion is to review the I-Ds we have with a view
>> to figuring out what's missing that's needed to allow such
>> experiments, fix that and then "park" those I-Ds 'till we
>> get results. That could be similar to how drafts are declared
>> to be "interop drafts" in other WGs or could be a WGLC-like
>> process.
>>
>> If we decided to try go that way, I'd be happy to try help
>> get some such experiment going.
>>
>> Cheers,
>> S.
>>
>> _______________________________________________
>> dns-privacy mailing list
>> dns-privacy@ietf.org
>> https://www.ietf.org/mailman/listinfo/dns-privacy
>>
> 
> 
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
>

v2.23.0 | Report a Bug | By Email