Re: [dns-privacy] Working Group Last Call draft-ietf-dprive-dtls-and-tls-profile

Sara Dickinson <sara@sinodun.com> Thu, 27 October 2016 12:35 UTC

Return-Path: <sara@sinodun.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B84C912711D for <dns-privacy@ietfa.amsl.com>; Thu, 27 Oct 2016 05:35:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JLQzjq5EKFSr for <dns-privacy@ietfa.amsl.com>; Thu, 27 Oct 2016 05:35:38 -0700 (PDT)
Received: from shcp01.hosting.zen.net.uk (shcp01.hosting.zen.net.uk [88.98.24.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54CF7129446 for <dns-privacy@ietf.org>; Thu, 27 Oct 2016 05:35:38 -0700 (PDT)
Received: from [62.232.251.194] (port=20837 helo=virgo.sinodun.com) by shcp01.hosting.zen.net.uk with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.87) (envelope-from <sara@sinodun.com>) id 1bzju2-0004My-4U; Thu, 27 Oct 2016 13:35:34 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Sara Dickinson <sara@sinodun.com>
In-Reply-To: <64813B2D-063A-49B2-8A82-7C248681B641@vpnc.org>
Date: Thu, 27 Oct 2016 13:35:27 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <46BE40A7-402E-4C69-9A43-4CE500D47853@sinodun.com>
References: <5dc29c0c-9f34-dcac-8d94-f2722ee6a4ba@gmail.com> <03AC11BC-BE33-47B8-B1A2-1BDC26280B2C@vpnc.org> <7BAA0258-E476-4940-8430-80BC8ED4FD94@sinodun.com> <64813B2D-063A-49B2-8A82-7C248681B641@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.3226)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - shcp01.hosting.zen.net.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - sinodun.com
X-Get-Message-Sender-Via: shcp01.hosting.zen.net.uk: authenticated_id: sara+sinodun.com/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: shcp01.hosting.zen.net.uk: sara@sinodun.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/f0nlzAy8bVaL6jr5E1TkpVP7jXE>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Working Group Last Call draft-ietf-dprive-dtls-and-tls-profile
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 12:35:43 -0000

> On 26 Oct 2016, at 15:59, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> 
> Saying "The proposals here might be adapted or extended in future to be used for recursive clients and authoritative servers" should be sufficient to say "it's not like we didn't think about it". If people really want to have the charter discussion in this long-lived RFC, at least change the second clause to "but this application was out of scope for the Working Group charter at the time this document was finished”.

I’m fine with this re-wording. 

> 
>>> Section 1: "How a DNS client can verify that any given credential matches the domain name obtained for a DNS server." "obtained" is somewhat difficult here because there are many ways that the name is determined. Proposal: "matches the domain name of the DNS server”.
<snip>
> 
> That would be good, yes. But "obtained" still sounds like it might come from the DNS itself, not from configuration or DHCP.

Well it could come from DNS via a SRV lookup. Do you prefer acquired/determine/derive?

> 
>>> Section 4.3.1: "Bootstrapping" is not a widely-understood term.
>> 
>> Really? A quick Google finds RFC4173 from 2005 which has Bootstrapping in the title.
> 
> "Pulling yourself up by your own bootstraps" is a difficult idiom for people even if English is their first language.
> 
>> It would be nice to keep it unless there are general objections as it more accurately describes the specific issue addressed in that section.
> 
> In this specific case, it's more "chicken or egg" than "bootstrap" because you actually do first use the unsecured DNS. Maybe just "Startup" for the title and leave bootstrap in the body text (which does describe the problem quite well).

OK - will change the title. 

Sara.