IETF Logo Mail Archive

Re: [dns-privacy] More WGLC reviews for TLS Profiles draft?

"Christian Huitema" <huitema@huitema.net> Fri, 09 December 2016 01:18 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D4CE128BA2 for <dns-privacy@ietfa.amsl.com>; Thu, 8 Dec 2016 17:18:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S99AUpWqAlc2 for <dns-privacy@ietfa.amsl.com>; Thu, 8 Dec 2016 17:18:53 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 444F3129FE8 for <dns-privacy@ietf.org>; Thu, 8 Dec 2016 17:18:53 -0800 (PST)
Received: from xsmtp31.mail2web.com ([168.144.250.234] helo=xsmtp11.mail2web.com) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1cF9pq-0002KX-0t for dns-privacy@ietf.org; Fri, 09 Dec 2016 02:18:51 +0100
Received: from [10.5.2.17] (helo=xmail07.myhosting.com) by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1cF9pk-0003l0-0D for dns-privacy@ietf.org; Thu, 08 Dec 2016 20:18:48 -0500
Received: (qmail 23507 invoked from network); 9 Dec 2016 01:18:37 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[172.56.39.108]) (envelope-sender <huitema@huitema.net>) by xmail07.myhosting.com (qmail-ldap-1.03) with ESMTPA for <dns-privacy@ietf.org>; 9 Dec 2016 01:18:37 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Sara Dickinson' <sara@sinodun.com>, dns-privacy@ietf.org
References: <6cdc7899-f0f4-e735-a844-1a40bf1314fb@gmail.com> <EF0487AF-5D73-417F-A4C3-F3D42CCA3E05@sinodun.com>
In-Reply-To: <EF0487AF-5D73-417F-A4C3-F3D42CCA3E05@sinodun.com>
Date: Thu, 08 Dec 2016 17:18:34 -0800
Message-ID: <029001d251ba$2a7eddd0$7f7c9970$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHcXcaIu1YsUYrtEYM+tqNQDFngvgL00VhMoNMMVFA=
Content-Language: en-us
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlUcW8ntawmIBRrYFzUH2lbvx1wTMkEUUoeb KIhkyzl2dMD84CdlHJbZpXfVpH2iQWPKjWpemvjPPnLWAUAtrJw6wnPxZ9F4epQ52HWf889wXFaT jNDzW0SiaYixfw9uqJj0G8y66lLj3UN16OVSdLouXPWlFdaGOH191uXjgjQN/WjoOXRxlleb2yyi uWGTNRqBIDCaXw3uhLzfE0ymrGcErHs1L6/GXXx6fSGPiEpmWGz49PzUWhdE3zEeQF2k5bcYAwDu lsY4Ho3v0OGVvN0R647lNwN4qOsSZg+fYhVZG9YXGL1Gb4UCEgv9VNLgVr/92Jp30KsZ3LA9tVtN jTlSrOjsBxSo3OuQ7WRDUhbxp86GSW79hhEvX0UxFMLWhgk5YB7NmDpY7XDRFc8RZREOX0OBqlFr 4Ke6YZEqr9GbKpnckpWaLvahyBjmQxBKOzsjHTG/W4waT9lPnwdKa+XTE0SqVfmoEAQghaDm3pPh rei7XklS7Y3XP2AQol4mrqb7TBihfx8aX0IpUOmQfl7pnqPm8wbr8UvsrcnKzOSgDnSOjCd5tjJG tAG9qTyK2sp1+ElK1t2M7/X/U1x2/WPyE3rf0QZ6TYN3N4sUE3VmxweYUOp7A73HI6oJg7w/VocV xfbqT7CxaZ31R/MxV5DzpaC0nbzRbOK8NyqjyMxhww==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
X-Originating-IP: 168.144.250.234
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.26)
X-Classification: unsure/combined
X-Recommended-Action: accept
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/f5D7ykyGkhK5rQkCbpaI4_u7uWA>
Subject: Re: [dns-privacy] More WGLC reviews for TLS Profiles draft?
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2016 01:18:55 -0000

On Thursday, December 8, 2016 1:52 AM, Sara Dickinson wrote:
> 
> Just to follow up on Tim’s mail. Any reviews of https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ would be much appreciated to try to wind up the WGLC asap. 

I just reviewed this draft. I think it is ready, and I would be happy if it was published as is. 

My only wish is for a bit more description of the interaction between policy and configuration. The selection of the strict or opportunistic profile is only one element in the configuration of the DNS client for privacy, the other element being obviously the choice of the DNS server. The strict mode, in particular, ought to depend on configuring a set of servers that the client will accept to trust -- but even the opportunistic mode depends on that to a degree. This is quite different from the current practice, in which DNS servers are configured by untrusted processes. It would be nice if we had a blow-by-blow example of how that's supposed to work. 

-- Christian Huitema

v2.23.0 | Report a Bug | By Email