Re: [dns-privacy] [Ext] draft-pp-recursive-authoritative-opportunistic-04
"Livingood, Jason" <Jason_Livingood@comcast.com> Thu, 14 January 2021 18:23 UTC
Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6AA13A1363 for <dns-privacy@ietfa.amsl.com>; Thu, 14 Jan 2021 10:23:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pIRtsX9o8ZgG for <dns-privacy@ietfa.amsl.com>; Thu, 14 Jan 2021 10:23:34 -0800 (PST)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8FB53A1349 for <dprive@ietf.org>; Thu, 14 Jan 2021 10:23:34 -0800 (PST)
Received: from pps.filterd (m0156893.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 10EIGqqQ022157; Thu, 14 Jan 2021 13:23:13 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=20190412; bh=7+MHTiWbGUaJQjmnE08+DswtnjAXTk3agil18GQCrAs=; b=339Ao7L9C0BQ7HLR30FSfh+3KBothML7KSemX/1vLHoFbVz6xrKMFH+1rB2YTu9mGghN 1PsCx7kd0Is9/BrpkyOepO6TXSGDmjdW5h3KNFWUUg0aLqLKF5rPxm/tt2NZwnZz5xt2 oemMUcHZepr6oD4biZr5SuQokYqcidrqi8nQXjMXTab5brumsL+5mDqdr52blYa/XU3/ c/puXA/YWI0siiXq8jvXkVvq7PQhMMhW3UUUgUYz707NgVXTSDAb1znti6Zw21Rfy3rk oFE8DIx0kY2fw+HFImVSB/cXopSghJop23Ae2gArrH7izM7PRh1ZOHTdY4x5EMOx0qaU OA==
Received: from copdcexc37.cable.comcast.com (dlppfpt-po-1p.slb.comcast.com [96.99.226.137]) by mx0a-00143702.pphosted.com with ESMTP id 361g0sxgry-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 14 Jan 2021 13:23:13 -0500
Received: from copdcexc33.cable.comcast.com (147.191.125.132) by COPDCEXC37.cable.comcast.com (147.191.125.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 14 Jan 2021 11:23:10 -0700
Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by copdcexc33.cable.comcast.com (147.191.125.132) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5 via Frontend Transport; Thu, 14 Jan 2021 11:23:10 -0700
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.47) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 14 Jan 2021 13:22:57 -0500
Received: from MN2PR11MB4287.namprd11.prod.outlook.com (2603:10b6:208:189::17) by BL0PR11MB3185.namprd11.prod.outlook.com (2603:10b6:208:63::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6; Thu, 14 Jan 2021 18:22:48 +0000
Received: from MN2PR11MB4287.namprd11.prod.outlook.com ([fe80::d099:c25c:183c:1212]) by MN2PR11MB4287.namprd11.prod.outlook.com ([fe80::d099:c25c:183c:1212%3]) with mapi id 15.20.3742.012; Thu, 14 Jan 2021 18:22:48 +0000
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: Paul Hoffman <paul.hoffman@icann.org>, "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: [dns-privacy] [Ext] draft-pp-recursive-authoritative-opportunistic-04
Thread-Index: AQHW6qDtmVsQQlCJnUWvypuezOsOyqonG3IA
Date: Thu, 14 Jan 2021 18:22:48 +0000
Message-ID: <724A5053-8BCC-45A4-AA01-639073A3E952@cable.comcast.com>
References: <DD73EF4B-1570-405F-A6A0-923E766925DE@cable.comcast.com> <982C69A3-E9D4-4FF6-9F2F-66CB279707C2@icann.org>
In-Reply-To: <982C69A3-E9D4-4FF6-9F2F-66CB279707C2@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: icann.org; dkim=none (message not signed) header.d=none;icann.org; dmarc=none action=none header.from=cable.comcast.com;
x-originating-ip: [2601:41:200:d70:7871:2ebc:fcaa:c66b]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 46441ff8-57be-4a74-03c5-08d8b8b965ad
x-ms-traffictypediagnostic: BL0PR11MB3185:
x-microsoft-antispam-prvs: <BL0PR11MB3185F5859B6426CB39BF08AFC7A80@BL0PR11MB3185.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +jnqcv7wxp8EVV0VhDjifXFxQVCm173Jp1/6phKuQSwC3KMB0Ik5btrkaH195PVGvO729eSczFhpxnHtci/KDqqql9i2UbOhv0e589odUjMy8ec6wCkTVbIcR69/1HEMH3IfH98fZ5NIb6F2U8RKqglADIKWs3jtZppvsK1io+KZzQwGnTkoqGhBA2R32Zm9x4ARWrhrtcMJnA09UWkOq7ur7+XPb06bbQbFyH4CCPM84FokzzMvV98Dvccl4JGQWTQgjjU6n792ngwRaPAojAEVqhHskjvOSk0SaYXm1R/ZKrKh9thpWeI5jrPsYqzwXPruiaZtMQbK34zxethPQIYIpm7n/G967hnZdukHXnylLHbzps9LfcWRmY/YBnB1MYMrgPS5+UsPHPqzxwRGbRjqmE5M/dmB4TFCjpRQBPBtL3K1NaFWZKBTbueXFOZN
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4287.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(366004)(396003)(136003)(346002)(376002)(66476007)(6486002)(83380400001)(33656002)(6506007)(110136005)(6512007)(2616005)(8676002)(71200400001)(5660300002)(66446008)(66556008)(478600001)(76116006)(86362001)(66946007)(8936002)(316002)(64756008)(2906002)(186003)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: EZAV+IAJVpQHf7ijq25rlPCIgV7k73XhaBS+TklqdSLpU0sjaItXGwIk3l6opo1e9OJ3bqbjplc7uo1YaIkBzJ6Ja+G0xELUH4EAUqHAyFcUp8WUpVzMJBWjAw4sG6zOI929v6x3eWiT5Tah2/HDYLxHoSXrw/0SQ+4e1yxkS8tZtqX7Y9iKMGH6z93p2TdCf06Ooyl/tr6VpRooClpHJtFpSBrYSDP1KXOxs61rMiqkcGe+Jc/jt/J5uWyzy4XRnxH183zwRkW0E6S/U7iR4eZWbFdXVaW1AukNjc34YPvCgVxzU7T93F0Lfzr+7baCLt45zaKPimlyKyRr/M6d4ElEylpLL8or9NxYbwFoQ/UAWB6IUA0sTonqYUI7J17xL6mSKZzJ0ZujHCBm75M1qzv7bSM7jtJZ4diB0I0yPY7jeeXIn6GTNpC/4dY0jTY6Gf7SsohD3Pz0IS0XJftwf6wsKZKDGDfYvQA+NeIoragiHxggHhAgUc9NPrTqStcLJcyWqQphd+Y5ukkmcI825Tj24+B0E//t2tT9SL7llcGXnwhtNgF2l8fTEhUaRk/42OMjk3/vOTsuZI62hgo6EBn/9aLq+Gc+m0PR94MMVrlKZjMO9HCivwpYekJsi3hQYyWXIGP0g8WUXqsiY3t5po61LVWY1cludg4Db/mIquV1+W7MpSMxMcG9r3FibuFe7Gu0XcmcTfILz3FSWhIVAW/jkUAaD2w0rI93aYae1tbmy+BBEsLu29RiNe8ouPyXZJnwXpFCReRLDtrBeYlOMrtnjVNMxFbFFM8ozLk+DmQ9CS3nMPl+0tyln89aS8JeVos6nw/np+NbMcJ+HsdqDUDWtrceaeSF29dpkRhYofI11bILopzCOYVSVytcjF+JYLzmIhnRowddnqemRwWuN4NFNB4wuPet17AyQsjq6yDA2RENJnboqfxqNfmG13AhjA99Kl7tsMeIm474AwQzGtIMtuJLB03g4lHGWzRrRnZLaZB+uQAMBnTZ2peonpm655v2yOiXph5R2TnpZDWD2tL93mP4gWW+oQiaU5026KsINGg3lFf2HIECMRR4iM1b
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IQVsCeYtx6xUKcP5WnIZZ8f1vybv00ei5s7gsGAXO0mbjbWfH6fAT9of5w3Xne4ULjTtqu/A1935LXfePdtiJSpbVJ9aYmdTqr4ZkK/RbJjLywFOILYB2nonJxzTxoIWRFbwccM3J/JEF+HPG/XOVNgj7DrBdOsI7nzo+SFBpZrvNWkbdHLzAPZV/yy+V06OeyQSPxtDUeq8BfEmpKAqOIIyWvO9k/mSezi8A/lP2G/RlEUWrD5sSC2wG0R20kB4ku5/JU6QDUTVgJhKlX5T8NThtWnIRvfPFOIzZj/a5RPLdpyJRjTJ+XC10posyuuvXEUc6MjFJPzS8hapKdi+XQ==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W6NZBAXe/GAUwa/c0sHc0GQXte9GYvlSNpJG61JwIaA=; b=PF4XeG7yKId55uoEPXRhXQLCXq+mYH7STbvd2KF5FiBJZfjQXweW5czSBtMXDquNmWsr6ltLsc8ylsZD7/NXqYu+iIp0uwVtq9bWTHXQUGKosDqysIK/PfX+Ea0XAr/TKgwb2b05p3qgZgU4SY/wo89fx2nR79vhxw0ilrVZmpw+TbxLXv2Jao6OXC2Iv0Qla0aZlHDgncUZhhpYZpnyah6DQJUMKmGsru+jL9uefYEfSSMhEp+sJJUhDNWwFKviCLgDExq5NEy4w4PXbK8kNwxQpRrm3DPVkwxh6Z9KMcK/+e7rr2QHcd6XObfxZFbKgDg4rGvl4oMUad1LhD2kFA==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cable.comcast.com; dmarc=pass action=none header.from=cable.comcast.com; dkim=pass header.d=cable.comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4287.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 46441ff8-57be-4a74-03c5-08d8b8b965ad
x-ms-exchange-crosstenant-originalarrivaltime: 14 Jan 2021 18:22:48.6583 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: SmDR/UoPUUxqhsREUxaeuuOMI2h76+VGMnNHUlDFHe/ZvHNdXgOlmIxacqkyQOmC6dEnIe826A5nKIxKdcKpo1piXIsJMg37DQ8IZLVitZw=
x-ms-exchange-transport-crosstenantheadersstamped: BL0PR11MB3185
x-originatororg: cable.comcast.com
Content-Type: text/plain; charset="utf-8"
Content-ID: <58AB4B623EE8DE4AA9AF05F4371DA1A1@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWT
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-14_06:2021-01-14, 2021-01-14 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/cPMmauZkYfet8qoKcYhVmECc0_Y>
Subject: Re: [dns-privacy] [Ext] draft-pp-recursive-authoritative-opportunistic-04
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2021 18:23:37 -0000
> We talked about using IP addresses in certificates being problematic, but so is listing hundreds of names for name servers that have vanity names for each of the names for which it is authoritative. For this draft, it truly doesn't matter what identifier is in the certificate, but the draft is still trying to work with whatever different draft that might eventually come out describing the fully-authenticated use case. [JL] I guess I am thinking mainly of how to implement & manage the certs. The easier this is the better it will be for eventual deployment. >> - Is it necessary to specify the transport cache? If it helps with performance everyone will do it. And the section other than saying there MUST be a cache does not specify anything else. > In earlier discussions, there were questions about what would and would not be in the transport case, so describing the contours seemed more appropriate. If the WG wants to remove it, that's easy. [JL] As it stands now it seems to just say you must have one but not much specificity beyond that. As a result I am just suggesting that a shorter document is a better document and this section could be removed without affecting the objective of the proposed standard or how software implements this. Jason
- [dns-privacy] draft-pp-recursive-authoritative-op… Paul Hoffman
- Re: [dns-privacy] draft-pp-recursive-authoritativ… Livingood, Jason
- Re: [dns-privacy] [Ext] draft-pp-recursive-author… Paul Hoffman
- Re: [dns-privacy] [Ext] draft-pp-recursive-author… Livingood, Jason