IETF Logo Mail Archive

Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

Rob Sayre <sayrer@gmail.com> Wed, 31 March 2021 20:51 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F8623A36E4 for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 13:51:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cx2nZ28i3A2H for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 13:51:51 -0700 (PDT)
Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 825F53A36E1 for <dprive@ietf.org>; Wed, 31 Mar 2021 13:51:51 -0700 (PDT)
Received: by mail-il1-x136.google.com with SMTP id r17so283413ilt.0 for <dprive@ietf.org>; Wed, 31 Mar 2021 13:51:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RoUHeZLuYp5OJOdtnyeb98OJqfXdeITKQGt8KCE10bU=; b=DiOU6fgXPfPPVdGL3TeD6qNiTnK6NMcrbODh+8Y6RpnsMSEMHR8uyyWwNCJKKLNqOV 0Qz6CkF/E5fM1VszpVYSWoMQvR+hw3mHCRF5ltJmuA7Eliphi7JfOJN/YmvEsuvI120H GZrhezhsO0wlYd7CspgHrLXcWwP92b3sRiX4iDek5W4gfN+00saclvNHaDkrPqCNmZ/b kKAw/Km//xWNuP3fvorFlmqK8R6uMmRsr5PUABjLB7/o6yfRsBZSr0GeuK7mHSKx6lNn zhLgt6OecmnwC+1lVp9nBALMeTqJGkbC1lIl2IPNsEoFVs6xiLTWwjwH8FSZq8PEcKQM SERg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RoUHeZLuYp5OJOdtnyeb98OJqfXdeITKQGt8KCE10bU=; b=JcZLkjqXO/n7z6qeArYgaf+t6EcFOWfxdjcbeTCFk6eht49VqyWOw5ydD1inWguCkk RU5WAbCaDW7N7r378rzCmQ6yvJQJkqCd2FIFiRv5FLq08rwu+gpIQ3HLm4e6WnRtkyy1 Rp2Mn5zGhoWoD73IXS7t2QqQIYP9LyrJQsrBZneE4X1moUIyQyik/xHciP1VC7nADhvu l3DD9CDqGa2hofyKUHFr2U3V465Y8IhXjv46wNXsXqgWa38ouR4cCtT9o8hrZCid7Y9U Ykdak4DLDUgjhgesyqrli1ModgxSsf+FI4JVGiLXOLPyw92Ui7yG3fTjbJPDd4YNAwrm 2Xiw==
X-Gm-Message-State: AOAM531K4jmPyA/0yXJsmFR4iOJJfLwusCimNuuz4QwQaUXHqu8Zm55f xRoceY08Tt7bXYYTbmAcYN0tuDEemjCdtc59zXVdriVQ7G/ejA==
X-Google-Smtp-Source: ABdhPJwDZOvuV26eE5C7czYNOkDi2zwGMjllI27Ot0Q44X9oDcKYaov8giKk5ezOiPPSC/PRCUL3kp2O9mvIOzQr+jo=
X-Received: by 2002:a92:da12:: with SMTP id z18mr3921900ilm.189.1617223909794; Wed, 31 Mar 2021 13:51:49 -0700 (PDT)
MIME-Version: 1.0
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com> <20210331091238.GA10597@nic.fr> <CAChr6SxPNVAZMYfZqF+K6Xf8FPGa9ZgHkL-uUvtKMEiJSPmp8Q@mail.gmail.com> <2607D274-936F-4A31-9E4D-EEBCF45BE838@pch.net>
In-Reply-To: <2607D274-936F-4A31-9E4D-EEBCF45BE838@pch.net>
From: Rob Sayre <sayrer@gmail.com>
Date: Wed, 31 Mar 2021 13:51:38 -0700
Message-ID: <CAChr6Szg+EbFqSpFPco8Gyb9pzNNnrSoQJcXTDVeg40_EXiPDg@mail.gmail.com>
To: Bill Woodcock <woody@pch.net>
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>, "dprive@ietf.org" <dprive@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000aa680205bedb489a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/bmQbZfbSxd3FebI4sXVtHP0QzFs>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 20:51:56 -0000

On Wed, Mar 31, 2021 at 1:29 PM Bill Woodcock <woody@pch.net> wrote:

>
>
> > On Mar 31, 2021, at 9:55 PM, Rob Sayre <sayrer@gmail.com> wrote:
> > I still don't understand the resistance here. Some data on what the
> impact would be still seems like the most helpful thing to move the
> conversation forward.
>
> We have that:
>
> https://vaibhavbajpai.com/documents/papers/proceedings/dot-pam-2021.pdf


That paper is about home measurements, and says:

"Previous work [8,17,26] has studied the support and response times of DoT
(and DoH). However, the studies performed response time measurements from
proxy networks and data centers, which means that results might not
appropriately reflect the latency of regular home users..." and only
measures DoT, rather than the more popular DoH.


> Could you state the problem that’s being solved?
>

Sure, it's in the first sentence of
https://tools.ietf.org/html/draft-ietf-dprive-opportunistic-adotq-00:

"A recursive resolver using traditional DNS over port 53 may wish instead
to use encrypted communication with authoritative servers in order to limit
passive snooping of its DNS traffic."

thanks,
Rob

v2.23.0 | Report a Bug | By Email