Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29

"Livingood, Jason" <Jason_Livingood@comcast.com> Wed, 30 October 2019 18:19 UTC

Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 990A3120220 for <dns-privacy@ietfa.amsl.com>; Wed, 30 Oct 2019 11:19:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b=FqFomf2K; dkim=pass (2048-bit key) header.d=comcast.com header.b=lUl8fq7b; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=comcastcorp.onmicrosoft.com header.b=MBc1CDt1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UsXBWzJXuqV5 for <dns-privacy@ietfa.amsl.com>; Wed, 30 Oct 2019 11:19:16 -0700 (PDT)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E0BE120013 for <dns-privacy@ietf.org>; Wed, 30 Oct 2019 11:19:16 -0700 (PDT)
Received: from pps.filterd (m0156895.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x9UIBXLB011741 for <dns-privacy@ietf.org>; Wed, 30 Oct 2019 14:19:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=20190412; bh=dR75/tvS/DfMFRc/Hdc4gRw1R44ndfkme/E341fU6E4=; b=FqFomf2KSyWyFizhGoFAnx9ktiJ46v9eFYty30uiyI+W/QAxuKJ3a8gRdbkID3cbEYZy LRGPmQFQnGFl7yfj5P/5SNmFPGnjXwpxHuyh5v4FIu/bbgUzamKdXX/SKClG7MY54qkQ nd2CmkY/EDEGFNrWgnFROHMtJQza3bG6/q5AxjUfB8nVltTgJYdIV+lNIkgAEDKaFdoi dkkhbRrTfhag6gEvdQn80GlYFl8fYzOxMMlfOaMffTEjE5hrSySTG7i8SpjBTF8IxOpR cmRH8NIEQRuhoEEU/AeTQXQDzyXEOjXYlFuIihR/UJLbGTnSz6PE9GQoWkqcaXwk+Qa6 Ew==
Received: from vaadcmhout01.cable.comcast.com (vaadcmhout01.cable.comcast.com [96.114.28.75]) by mx0b-00143702.pphosted.com with ESMTP id 2vxwf7pt7b-90 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <dns-privacy@ietf.org>; Wed, 30 Oct 2019 14:19:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190412; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1572459552; x=2436373152; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=dR75/tvS/DfMFRc/Hdc4gRw1R44ndfkme/E341fU6E4=; b=lUl8fq7bkpo19oVpNkt6qEMsutayV5jQWqcMKLsESIAwn5FpU4kmlXg8o7L6sl0D C4VgkliVX9ZHucyzCthTKz3HY468qJgOEPRdLHKSiMmbTBElfZptCPOgbACqAIIc SJiV7u2CWhJdeQkf/sitAI0bV8YUDDBg8QEBibiTH8wkzE2cO8EfhZm/NDXXOzHx IHZBsDkN2N767eUsCVz3W65aFpks4NfwB2yAsLarXVRwxNqukRX83who2G4LV49l BPnqdQV0ieeFtmiXD2IXGi5Tw54h3w06xcJRS2wkJZF8EcS68kG1gB72gAwrcRIB PNMoOWhFsQh1ODQVTWnkQQ==;
X-AuditID: 60721c4b-f29ff7000000279f-18-5db9d420820f
Received: from PACDCEX36.cable.comcast.com (vaadcmhoutvip.cable.comcast.com [96.115.73.56]) (using TLS with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by vaadcmhout01.cable.comcast.com (SMTP Gateway) with SMTP id CA.ED.10143.024D9BD5; Wed, 30 Oct 2019 14:19:12 -0400 (EDT)
Received: from PACDCEX09.cable.comcast.com (24.40.1.132) by PACDCEX36.cable.comcast.com (24.40.2.135) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 30 Oct 2019 14:19:11 -0400
Received: from PACDCEXEDGE01.cable.comcast.com (76.96.78.71) by PACDCEX09.cable.comcast.com (24.40.1.132) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 30 Oct 2019 14:19:11 -0400
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (104.47.40.58) by webmail.comcast.com (76.96.78.71) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 30 Oct 2019 14:19:01 -0400
Received: from BY5PR11MB4403.namprd11.prod.outlook.com (52.132.252.96) by BY5PR11MB3991.namprd11.prod.outlook.com (10.255.160.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.24; Wed, 30 Oct 2019 18:18:59 +0000
Received: from BY5PR11MB4403.namprd11.prod.outlook.com ([fe80::c15e:699c:749e:790a]) by BY5PR11MB4403.namprd11.prod.outlook.com ([fe80::c15e:699c:749e:790a%7]) with mapi id 15.20.2387.025; Wed, 30 Oct 2019 18:18:59 +0000
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: Paul Hoffman <paul.hoffman@icann.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29
Thread-Index: AQHVjmQTSnDFuQGRWU+lKn1gYdeQOKdzPScA
Date: Wed, 30 Oct 2019 18:18:59 +0000
Message-ID: <85F1A997-BEA8-482B-8B3C-159EC3B139A9@cable.comcast.com>
References: <943e3973-f6a7-9f6e-a66a-33aff835bd5e@innovationslab.net> <503df6fb-b653-476f-055f-15c1a668ba36@innovationslab.net> <1d9213c1-0ee1-fce0-1ebb-f8272284c285@icann.org>
In-Reply-To: <1d9213c1-0ee1-fce0-1ebb-f8272284c285@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
x-originating-ip: [2001:558:1438:aa::4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6f18e96e-f893-4b92-3dfd-08d75d65a29a
x-ms-traffictypediagnostic: BY5PR11MB3991:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <BY5PR11MB3991141B30C3D86EB6DAEA99C7600@BY5PR11MB3991.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 02065A9E77
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(39860400002)(396003)(346002)(376002)(366004)(136003)(199004)(189003)(46003)(305945005)(7736002)(64756008)(66446008)(14444005)(58126008)(25786009)(316002)(33656002)(66556008)(256004)(6506007)(110136005)(71200400001)(966005)(71190400001)(6486002)(486006)(2906002)(6512007)(6306002)(6436002)(2616005)(446003)(11346002)(86362001)(476003)(14454004)(81156014)(81166006)(80792005)(229853002)(8936002)(8676002)(99286004)(6246003)(76176011)(186003)(66476007)(5660300002)(66946007)(76116006)(91956017)(2501003)(478600001)(102836004)(6116002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY5PR11MB3991; H:BY5PR11MB4403.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cable.comcast.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Af3AcpbmIm8xt4jG35Bodcvg0Q1gOIug0dZv9U5MPvJ+PdyMcMYbEss+DxFkKcZa3ydQt/5MvQ1c81+rQefbY1fpS+nlJDXzxCkSbZRfflSvzC4ygtFjeKhnM02lKcPVrOxQIlFk+7RxyMgBNAL3bcegIYem6IUnfw5gWluL7opioZYJSHjgcnyhiu/h48+Da+DyDeUjLQ6Y8xShgLhq/DTgCGXV482KefmdcOAl6lnoVlUdtirxvYlgIMAc7YbTilQMeeXj9naIflxd7sxV7yB7d0Jr1NXNMnfu+UIxcO0g5g8Q7CLoNVdSbdd9vYdXuofq+lYid4Uk72hrbBwCHJnjlq0xyXMgDtL4WLl2zaAyH9S0BVaGN2zP7KfebhTXXRy6yS3QOO0YkvnIoM0FQNlOl47KxbzZd1BRlJfR3MTbtDLZUgP2bOk1LKZn+FF0gLSyhA7A5HiJ+Sp8ekgd0MyKk2f21vjb4B3XiVE8WnI=
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hkQBeWmI+WmTVZjLpPyC6mW6g5bkoeAdnSWZsdG7sBpu7vj9TmzqaXlQTexMLEiYN1pO28e+NYxiHETCdD8MKqOJ0m5bjxEBCTvTzw5dm9ixMrJIzvqPFEUvjfjYhdszivDg0TXFmyG4flFW6gA5vnoqCz1JpFzj12w1GOU26M/QKOSOoNDMkRiQDishiTsKHWyVWD/Sb22XlBUuCiU8uZB6t5sP8SWMmTE0WkkA/mmMfEs5NZ74KOkUeaemdJDYVFkBZdgymT10UMIfLdRy1svNJGHl5j1u5xwmLXa8c8UdOVDyrpyaDGl/xAyglSq4Kab55q8ecM/h69mh0IORug==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZlwI1d/rC+gs/VDs3lGFUB93gE/FWST+Nt0pJltLUKA=; b=DaYbNvSWmc6axW6RgRmhBTi0ldoK8XIm+mW0t765i/gsWjJmPHWZtkfz2yDvkKYwCx9l+1x9nQt5foTJIgl3ZwFwT+VgD8fUwtvPBy3bmv6352VdQsr3hXBTgdmJS4r7WH23s877T/7qtky46OC7h5dCdO4Vap3+sJrvSt3eTHbNxKEvv29mgUgPds8h1yFKv5JruTu4FESIzMfekw+dvL3WvrL/vhK7ccJjRJoPB9AobcqhApjZNabZtES8MtzeaXNHdnA9sLpDagKAy9TO7KgIUjOReS0sD+tOtg2iFmTRwev2wqtcpqivjX8Uqz1inFS13D7gvUc7YZQ3V5VFXg==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cable.comcast.com; dmarc=pass action=none header.from=cable.comcast.com; dkim=pass header.d=cable.comcast.com; arc=none
dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector2-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZlwI1d/rC+gs/VDs3lGFUB93gE/FWST+Nt0pJltLUKA=; b=MBc1CDt1rkLGfdiFK50r3ENbCVX2DFRqK7JBf8i/3CsW7qG93OzlUskiMDKvHtiAq4xvo+1wzZtFtmSH44a511yqe7ezPFY3VfREsF3qQb2FWB0qj5orkHAJsb1XZyKDRu6iaRyOHwlEEzqCVqEqvV14ayIzOg6GrwX2H88t6kU=
x-ms-exchange-crosstenant-network-message-id: 6f18e96e-f893-4b92-3dfd-08d75d65a29a
x-ms-exchange-crosstenant-originalarrivaltime: 30 Oct 2019 18:18:59.4783 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: gwVRVLxw06xXxHfSkeOidTce8O4DuhgjzCudZf5XT7+Ni7++Lev5oiE6HFtDpY+cb6zCvwS7/Bl7CBo0bEN2h3ZWgusYUVnp5Be71R4bfYQ=
x-ms-exchange-transport-crosstenantheadersstamped: BY5PR11MB3991
x-originatororg: cable.comcast.com
Content-Type: text/plain; charset="utf-8"
Content-ID: <125B52614914E84790CC126745ECA779@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHKsWRmVeSWpSXmKPExsWSUOxpoatwZWeswbYL/BYbWnewWvROesLo wORx+MJ9Fo8lS34yBTBFNTDalGQUpSaWuKSmpeYVp9pxKWAAm6TUtPyiVNfEopzKoNSc1ETs ykAqU1JzMstSi/SxGqOP1ZyELqaMX7/XsxSskKw41bCUrYHxikQXIweHhICJRN9C+y5GLg4h gYNMEl+2nWSFcHYxShxqbGCDcK4ySmyde44FwjnKKNHy8S6UM4VJYtXKJ1Bljxglus6/Yepi 5ORgEzCTuLvwCjOILSIQJbFk+24wW1jAWqJ12xqouI3Eq/1X2CBsI4k/c4+A9bIIqEpMnPUU zOYVcJHY+Hg71IItjBLbzu0FS3AK2Eos2LGNBcRmFBCT+H5qDVicWUBc4taT+WC2hICAxJI9 55khbFGJl4//sYJ8LSqgL3Hwry9Ea4rE4q5FUOXqEsfufYSyZSUuze9mhLB9JVZP3Qhla0ms Od0JZUtJnLh4lBXCzpbY3/ccqldN4sabDqi1MhKb+jYzg9wvIXCdVeJBwzewG4QEsiTeXrWb wGg6C8nVs4AyzAKaEut36UOEPSQ6Z+5jhbAVJaZ0P2SfBQ4VQYmTM5+wLGBkXcXIY2mmZ2ho omdkoWduuokRlCqLZLx3MK776X6IUYCDUYmHN/P8zlgh1sSy4srcQ4wSHMxKIrzfbIBCvCmJ lVWpRfnxRaU5qcWHGKU5WJTEef+tWRArJJCeWJKanZpakFoEk2Xi4JRqYCyz9A38Xz4n3qH9 gdFTvZcTfNQ/7SqJtjFxOH2Nb+Wd1/pvgjkNb1nMNq9yNxO9NHVzVdSp7pU/f1lL/td/XFFV dFw5wGyibMJWU+nS6V0hnN/abfwM3TUKizW++mlmyzh/a5gn/YG/Nfrigp59T1T44mZcj2p5 sp3rYVDXBw6xnqfFWhPVlViKMxINtZiLihMB99qVR5EDAAA=
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-30_08:2019-10-30,2019-10-30 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/fCr_nWPTfz69RfA4G8nXOyDJbPE>
Subject: Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 18:19:19 -0000

From my perspective it didn't seem that query privacy meant only encryption; there may be steps that can be privacy-protective that can be taken independently of or before encryption (ergo QNAME min). That seems a key question for the WG --> is query privacy limited to encryption or are there addition things or alternative things that can be done?

In addition, the notion of addressing potential differences between RSOs, TLDs and SLDs grew from the realization that each of these are usually distinct groups of operators, may have different requirements or operational goals/concerns, and will likely implement on different timeframes. But this is simply a matter of opinion right now - let’s maybe see how it looks as we amend the requirements based on the call & mailing list and see how things shape up.

Jason

On 10/29/19, 10:20 AM, "dns-privacy on behalf of Paul Hoffman" <dns-privacy-bounces@ietf.org on behalf of paul.hoffman@icann.org> wrote:

    Here are a few responses to the initial draft. I will try to be on the call unless we lose power again.

    There are many parts of the "core requirements" that seem out of place.

    - Resolvers have never had to understand the different between the root zone and TLDs and SLDs and "other", so introducing that here might cause bikeshedding and lack of adoption. A simpler core requirement would be that DoT is required between resolvers and any interested authoritative server.

    - QNAME minimization is orthogonal to adding cryptographic privacy. If you have a cryptographic tunnel, QNAME minimization adds overhead and the risk of additional round trips. On the other hand, some resolvers are perfectly happy using QNAME minimization all the time, so they shouldn't have to know whether to change settings if DoT is in use.

    - The aggressive caching requirement mixes up aggressive caching and normal caching in the all-caps bit. Aggressive caching will reduce the number of TLS connections you need to set up, so it is a positive, but it is unclear how requiring it in order to use ADoT could be enforced.

    - DNSSEC validation is orthogonal to adding cryptographic privacy.

    --Paul Hoffman
    _______________________________________________
    dns-privacy mailing list
    dns-privacy@ietf.org
    https://www.ietf.org/mailman/listinfo/dns-privacy