Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

Erik Kline <ek.ietf@gmail.com> Wed, 31 March 2021 00:08 UTC

Return-Path: <ek.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A22F3A0B02 for <dns-privacy@ietfa.amsl.com>; Tue, 30 Mar 2021 17:08:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0a5T9c19jh1I for <dns-privacy@ietfa.amsl.com>; Tue, 30 Mar 2021 17:08:27 -0700 (PDT)
Received: from mail-oo1-xc2d.google.com (mail-oo1-xc2d.google.com [IPv6:2607:f8b0:4864:20::c2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBDCF3A0A34 for <dprive@ietf.org>; Tue, 30 Mar 2021 17:08:26 -0700 (PDT)
Received: by mail-oo1-xc2d.google.com with SMTP id p2-20020a4aa8420000b02901bc7a7148c4so4198278oom.11 for <dprive@ietf.org>; Tue, 30 Mar 2021 17:08:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0zEr/4yo/HVUah2kf7CcB0tmOrPUjb90oocstUK88EE=; b=I5HahEbUtCxErUtm+pI6EzPmThS0rB3AkkHD/W6BcvoDlx4/I+foEH5qmgiQNw2SHM 1RPnMju7JNSkQ3M8hQKWgRuGQrLFGsJy4idDTTyuIV3UeotM9S21OZ1bmOeVsHCDt/rq W2X9JOU+77bgXyU19BS2qhWLOV0bwUX7g/O7EYKbNVEUouYWzvMTmw+mM5QWZ33WKNnW EDNLLC1hrrYf1UESZIEPmFMovCZz80lInnPh8KVshXoGCXsyL3zNpGPLeRLAkwg0X89Q 5WfqP0Bz1Oa9U0WQv6dRPB5m6XGGT087d4zxdpfVFdmlf9ABuccSqnEZDLFROex5j+rs axRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0zEr/4yo/HVUah2kf7CcB0tmOrPUjb90oocstUK88EE=; b=hAEI0DdMUPdndvYYFa7xii31GYUu/2Rx4hRv7tq2x/os24eKfwKIJ6KpwYT6OPVBwW sjTIn0OuKfzp6t0740AWX6ZMou8CYn8qDfbvSr9JMJsRiStu2vPNuhQaorS1/o9ic0aj XOFQkEtjwxqoVES8FGORFHaA3LuZK6djmDGg20nz9d4fJiRgacAmqGs2gjDnL6v/eo3C 3YFsy8j1Kr/OHLfy/P97OtRTBR8qtUjwWliib7DkEFs1E9mHeCjD5dkUNfbiQTpvQoFO RCvaGIgncA12L+AZ4k8f9yqdY84DaFF7WTN/J5oA6XeqDR/uYm2xysfcG49s79DKUXGS V+Ww==
X-Gm-Message-State: AOAM533XrWA0ZM/1d/E/Re9uHiy09xmCbJnlaytgG/KHbuH5HuABlWjC dJ1MdN98ILJQL0xuH1EIxLLBw+xX2iP1nh4Qp6U=
X-Google-Smtp-Source: ABdhPJx2ix/UdDwPyG//UJDs9SNOmKasThzBbDegcY9SpMxSe3PU+3MWXqZadU6oWG46vScMtRSgqObGa8HVDpyWa7E=
X-Received: by 2002:a4a:244d:: with SMTP id v13mr456278oov.66.1617149304893; Tue, 30 Mar 2021 17:08:24 -0700 (PDT)
MIME-Version: 1.0
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com>
In-Reply-To: <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Tue, 30 Mar 2021 17:08:14 -0700
Message-ID: <CAMGpriX5rbswMQnjh4gZqsLjh2xUJxjJVxe2rEAVu=RdLAbGFw@mail.gmail.com>
To: Rob Sayre <sayrer@gmail.com>
Cc: "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>, "dprive@ietf.org" <dprive@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ddf30405bec9e954"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/eGkSfZ7cGyyLvSr98IpBceYKMcQ>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 00:08:38 -0000

On Tue, Mar 30, 2021 at 5:01 PM Rob Sayre <sayrer@gmail.com> wrote:

> On Tue, Mar 30, 2021 at 7:49 AM Hollenbeck, Scott <shollenbeck=
> 40verisign.com@dmarc.ietf.org> wrote:
>
>> This is worth reading:
>>
>> https://root-servers.org/media/news/Statement_on_DNS_Encryption.pdf
>
>
> I am not sure I agree it is worth reading.
>
> Why can't "The Root Server Operators" run QUIC etc as well as their
> existing UDP methods?
>
> thanks,
> Rob
>

(no hats)

>From my reading the answer, and the whole document, seems to be
summarizable in this one excerpt:

    "Root Server Operators do not feel comfortable being the early adopters
of authoritative DNS encryption and would like to first see increased
deployment in other parts of the DNS hierarchy."

Seems fair to me, for the time being.