Re: [dns-privacy] what's good enough, or Threat Model
"John R Levine" <johnl@taugh.com> Sun, 03 November 2019 04:25 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54317120098 for <dns-privacy@ietfa.amsl.com>; Sat, 2 Nov 2019 21:25:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=srYZgoxd; dkim=pass (1536-bit key) header.d=taugh.com header.b=fBy5GBaf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sQ2FCTphUf_Q for <dns-privacy@ietfa.amsl.com>; Sat, 2 Nov 2019 21:24:59 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D873A120096 for <dns-privacy@ietf.org>; Sat, 2 Nov 2019 21:24:56 -0700 (PDT)
Received: (qmail 13776 invoked from network); 3 Nov 2019 04:24:54 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=35ca.5dbe5696.k1911; i=johnl-iecc.com@submit.iecc.com; bh=hhTgA9HeuKENGhEikLnwiidmFMtYlkcYBXjfeKnO+Tg=; b=srYZgoxdynQJid8hYtGJK+rHH4olF58TmeJHGfs8sAtxQ3FDf1hIAWzQVHIXLxMwgxqsC/KS8qdA7oWG1moAddeboU+UWMBNF8Td8qad5md6T6v2tYsnc5FYYb+Vxs4QrpK+DlB0RlSq5Vd8zG8bLmm6ESwollGiz/t+dLCx2bweU0gXAeTeT2jxgJtzF5kxFMmOYz0FbrI31HhynWgzphnyO74GSaq8EH8K8A3IJkavGLkuitHaljJ4ypSUlzSW
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=35ca.5dbe5696.k1911; olt=johnl-iecc.com@submit.iecc.com; bh=hhTgA9HeuKENGhEikLnwiidmFMtYlkcYBXjfeKnO+Tg=; b=fBy5GBafm5S/RpWLNHz38GNHayw9ufyQ41COvOW7jStaJIKdeZ5BOhCurdNG6qKpgZgLYAmsLGEbdZnIMFaT7O+PPlD+0+3Ud/xT44rW9vRPYMLoZV3UOM9oxByrw0e+zfaYqdWHno2kZGSi53aYI6ht4G/L1fL4XqOSQtKLYR+WdKUDwALP+Xr+K2e5H8IzZCWPbZlwpevp1iuXLmotOESP8z7lxXxKDuImzuGLyq1vEs0VKmTebMDyJwydWSel
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 03 Nov 2019 04:24:54 -0000
Date: Sun, 03 Nov 2019 00:24:53 -0400
Message-ID: <alpine.OSX.2.21.99999.374.1911030020120.64836@ary.local>
From: John R Levine <johnl@taugh.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: dns-privacy@ietf.org
In-Reply-To: <CABcZeBNwOpYQTQr7hhGYXtTZagSq6QgxNYHra79NnYQkjuWQfg@mail.gmail.com>
References: <CABcZeBOBFFi=dA_XEzhkYvRU6kzvND5CMQcMoyriYusDH0RbKQ@mail.gmail.com> <20191102234708.647F6E473E5@ary.local> <CABcZeBNwOpYQTQr7hhGYXtTZagSq6QgxNYHra79NnYQkjuWQfg@mail.gmail.com>
User-Agent: Alpine 2.21.99999 (OSX 374 2019-10-27)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/bgmtIjcxnRqpBgOBHT81bswBvVc>
Subject: Re: [dns-privacy] what's good enough, or Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Nov 2019 04:25:01 -0000
On Sat, 2 Nov 2019, Eric Rescorla wrote: >> It's easy enough to imagine an EDNS option that asks whether a server >> supports ADoT, that the client can use as a signal to try again on >> port 853. > > Sure. One reason you might be sad about this is that it has an extra round trip. Indeed, but assuming the stub remembers what it's probed recently, the number of extra round trips might not be all that high. This strikes me as an area where some experiments or simulations could be very informative. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [dns-privacy] Threat Model Eric Rescorla
- Re: [dns-privacy] Threat Model Christian Huitema
- Re: [dns-privacy] Threat Model Brian Dickson
- Re: [dns-privacy] Threat Model Ted Hardie
- Re: [dns-privacy] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] what's good enough, or Threat M… John Levine
- Re: [dns-privacy] what's good enough, or Threat M… Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] what's good enough, or Threat M… John R Levine
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model David Conrad
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] Threat Model Livingood, Jason
- Re: [dns-privacy] [Ext] Threat Model Tony Finch
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Eric Rescorla
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model John Levine
- Re: [dns-privacy] [Ext] Threat Model John Levine
- Re: [dns-privacy] [Ext] Threat Model Tony Finch
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Warren Kumari
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Dan Wing
- Re: [dns-privacy] [Ext] Threat Model Mark Andrews
- Re: [dns-privacy] [Ext] Threat Model Ralf Weber
- Re: [dns-privacy] [Ext] Threat Model Hugo Connery
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Paul Hoffman
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Ted Hardie
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Bob Harold
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Stephen Farrell
- Re: [dns-privacy] [Ext] Threat Model Brian Dickson
- Re: [dns-privacy] [Ext] Threat Model Paul Ebersman
- Re: [dns-privacy] [Ext] Threat Model Paul Wouters
- Re: [dns-privacy] [Ext] Threat Model Bob Harold
- Re: [dns-privacy] [Ext] Threat Model sthaug