[dns-privacy] next steps for draft-opportunistic-adotq
Peter van Dijk <peter.van.dijk@powerdns.com> Mon, 22 March 2021 20:27 UTC
Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E38213A0E8E for <dns-privacy@ietfa.amsl.com>; Mon, 22 Mar 2021 13:27:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.4
X-Spam-Level: ***
X-Spam-Status: No, score=3.4 tagged_above=-999 required=5 tests=[AC_FROM_MANY_DOTS=2.999, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7X4eK6-IZZxe for <dns-privacy@ietfa.amsl.com>; Mon, 22 Mar 2021 13:26:58 -0700 (PDT)
Received: from mx3.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 371983A0E8A for <dprive@ietf.org>; Mon, 22 Mar 2021 13:26:58 -0700 (PDT)
Received: from imap.open-xchange.com (imap.open-xchange.com [84.81.54.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx3.open-xchange.com (Postfix) with ESMTPSA id E24166A28D; Mon, 22 Mar 2021 21:26:55 +0100 (CET)
Received: from plato ([84.81.54.175]) by imap.open-xchange.com with ESMTPSA id xLTGNY/9WGCfQQAA3c6Kzw (envelope-from <peter.van.dijk@powerdns.com>); Mon, 22 Mar 2021 21:26:55 +0100
Message-ID: <2ba5ac12c24eaee4c51de2cd2c1693e9bd1fd8b2.camel@powerdns.com>
From: Peter van Dijk <peter.van.dijk@powerdns.com>
To: dprive@ietf.org
Date: Mon, 22 Mar 2021 21:26:55 +0100
Organization: PowerDNS.COM B.V.
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5-1.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/bb-usM6Vhv9o4mO732HdNAHz6TU>
Subject: [dns-privacy] next steps for draft-opportunistic-adotq
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2021 20:27:01 -0000
Hello DPRIVE, First, a recap of my IETF110 presentation for those who missed it. I explained that the recent version of our opportunistic/unauthenticated draft (draft-ietf-dprive-opportunistic-adotq-01) included a rough skeleton of support for an authenticated use case, because no other proposal for that was alive at the time. Shortly after, another draft (draft-rescorla-dprive-adox-latest-00) describing an authenticated approach appeared. I suggested in my presentation that we take authentication out of our draft so that the two use cases (being 'unauthenticated' and 'authenticated') can progress side by side. draft-rescorla-dprive-adox-latest-00 proposes SVCB as a discovery mechanism instead of our TLSA, and this sounds good to us. The unauthenticated use case only needs discovery, so SVCB appears to be an even better fit than TLSA. SVCB also provides more protocol flexibility. Our proposal for a way forward: * We take authentication out of draft-ietf-dprive-opportunistic-adotq again. * We give the draft a somewhat more accurate name, as the switch to SVCB stops us being limited to DoT and DoQ (although I really do wonder if there is any appetite for DoH on the recursive<>auth path). * We let the drafts develop side by side, making sure they use similar wording where appropriate, and don't get in each other's way. Cheers, Paul&Peter
- [dns-privacy] next steps for draft-opportunistic-… Peter van Dijk
- Re: [dns-privacy] next steps for draft-opportunis… Stephen Farrell
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Paul Hoffman
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Brian Haberman
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Jim Reid
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Bill Woodcock
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Paul Wouters
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Paul Hoffman
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Jim Reid
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Jim Reid
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Ben Schwartz
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Ben Schwartz
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Jim Reid
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Paul Hoffman
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Rob Sayre
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Paul Wouters
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Jim Reid
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Rob Sayre
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Paul Wouters
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Ilari Liusvaara
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Bill Woodcock
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Jim Reid
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Bill Woodcock
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Jim Reid
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Bill Woodcock
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Eric Rescorla
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Stephen Farrell
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Rob Sayre
- Re: [dns-privacy] [Ext] next steps for draft-oppo… Hollenbeck, Scott