Re: [dns-privacy] [Ext] Possible use case: Opportunistic encryption for recursive to authoritative

Brian Haberman <brian@innovationslab.net> Mon, 10 August 2020 11:38 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18DD33A14CB for <dns-privacy@ietfa.amsl.com>; Mon, 10 Aug 2020 04:38:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.847
X-Spam-Level:
X-Spam-Status: No, score=-2.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.949, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=innovationslab-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4KKYs14RUlS for <dns-privacy@ietfa.amsl.com>; Mon, 10 Aug 2020 04:38:40 -0700 (PDT)
Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E54783A0DD5 for <dns-privacy@ietf.org>; Mon, 10 Aug 2020 04:38:39 -0700 (PDT)
Received: by mail-qk1-x730.google.com with SMTP id x69so7979691qkb.1 for <dns-privacy@ietf.org>; Mon, 10 Aug 2020 04:38:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=innovationslab-net.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:autocrypt:message-id:date:user-agent :mime-version:in-reply-to; bh=HB1G3z6NFas/GK244fIhDl/s/1MFN2KJU2P3ubDKJFs=; b=vxhRvYR88wcEvVb/0g8Bt3CwQO3mVAq2Jv2esqLSKhguS2DUdEycb9q8uJd8DGLCEh p2aSUDGYi5X+dyrxNlDCt7goDEXT1MN1l7TI5PRAXSWE/MNlGGEJfwF7DHoEeMAWa6uF 9HGW2D7fg3oyNPXZlnNtncawbn2ucNEx60+dgRSleiiiW+1M2GPBJd3MmTqWRGnXXOeg j3DQ6OYmldeS3NNeYV2uhxcoGRDzGw1cmmQ/TiV6StsKyMrdsiWevlNNLqNS+nYzfOHi Rh2BFHURKaT30H8GNakB2g3M212Ss6piWXx75K51U4Ma3MY9xfL8LjsfgBT+DXzwFe76 n5Ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:autocrypt:message-id :date:user-agent:mime-version:in-reply-to; bh=HB1G3z6NFas/GK244fIhDl/s/1MFN2KJU2P3ubDKJFs=; b=c9fAacV+WV+lWZJ3zyRqcNqLBQ4Ri0YQsAkCuIHEg/BFdPd4zQNU8+0CVeubYW/T87 nkK4Mb66CEdg4x9OHkXhBx6kGb41fOYSD9uHh7dyIwVoSlF7s7ergzw+bjdKBqMG0cT/ k4bdzVk2Rt7l4Sr1Tqj8RBNkqWbc17eS9xr0u68cLuxBbZTrfQhmpjdAULDheYKryzJ1 ZJAEj1ZtSsV8i/WxU7qlZqVv9i/8CxC5ZXYiOzvh3mQzYRj4Ey/5wxd4DnbNGOHXgCrR bPWjtjC4WK8vZP73gYTQCWg5CBWXcmswh1oXkbjwEb+XYbHcgsdXAslcg8T9i7esARj2 ypYg==
X-Gm-Message-State: AOAM530ZHvCXHbqJxRfMJHs/nQnrOpNcY58xaBXnYP8U2Cge5I9vKvOf RLn+lJWHO2pePkPLvPKQjUo3p9mnHGnFcQ==
X-Google-Smtp-Source: ABdhPJzyeJSEuaNvVOr2ELDawo+hxqd8BxNoq2Mw5ETmEAM8406798Pc1uKsK8WTxzwiAnV3ZCFp+A==
X-Received: by 2002:a37:9d97:: with SMTP id g145mr21710393qke.263.1597059518275; Mon, 10 Aug 2020 04:38:38 -0700 (PDT)
Received: from clemson.local ([2601:154:c001:f99e:dcde:27cb:99fc:8856]) by smtp.gmail.com with ESMTPSA id b37sm15154598qtk.85.2020.08.10.04.38.36 for <dns-privacy@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 10 Aug 2020 04:38:37 -0700 (PDT)
To: dns-privacy@ietf.org
References: <3BA75997-3DE4-4DF5-B1F5-C57DBC423288@icann.org> <17f6e4fd-e545-267f-f29e-01d5fb57d017@innovationslab.net> <9856A472-1148-429A-844E-D561A1C808EB@develooper.com> <20200808220939.5D78891DC2E@fafnir.remote.dragon.net> <5E86BDE4-9A91-4565-8D2E-68F21404F08F@icann.org>
From: Brian Haberman <brian@innovationslab.net>
Autocrypt: addr=brian@innovationslab.net; keydata= mQINBFm5KgYBEACs2icafejrG19L5DRNFq8Q2O+K+LRxjR4qAElZDnXFXNA2ipFWPeT0J2wa KJ+h9UdfhDm8DzULB553CYm+Q3XF1N56TglkIRMZYc7mYXZEr3x7e4fmX4kD4qMjBLG8cL26 rEe3Q0qaiMGY69/4o5coVMT0qmHjgCH1tkG+L2Y8MKr1gFxS18eO8MVoWe1yDKuyxFSElHGB 3mZn4gcqeCaemPGG3CiVNlp4KnijpNcSgvseXbkQEA4IXEsIvUL8MIwOTXg9Gh5cbtisZpuf +4B0LNMUSqWlqyKd9M3KCMj+dW4vsFytc00Z+GyQ+ArOR9GwTdAwJ5qqVODTvbjKqOR1zolJ 1JxLUtSiv7Lx5x2OrCexPYXkzlTkjG9Imtg2XNh55R/JKMC3KU1NQL3nS9tJXeoRWNgWSZrG MsrbeejbqLVb9LblXNpgLciJ96XHMvYAXX7p4LAwivzSRrVg46vErYIAV6EvDvwVENWW8JCU 0vX5iTGfkEwU4KxCa7WAmmD8yiNspHP1J0uk93Sta5K0PuTi7b+EZlCjdrqOEWLGPv6qXlIu FwLLcCaDs3XdVvwgNM+UFRxFH1aOVQQKCiCOCcNlwgYG1u4ZbD2T6hd/d2tOAKu/MNnQVF7d Cfi2BtSjzglLcY61e37zqTM04BgU+LniZ7V99yneM6DM2UzgkwARAQABtClCcmlhbiBIYWJl cm1hbiA8YnJpYW5AaW5ub3ZhdGlvbnNsYWIubmV0PokCQAQTAQoAKgIbAwUJB4YfgAULCQgH AwUVCgkICwUWAgMBAAIeAQIXgAUCWbkqSAIZAQAKCRBo1jycU9GLYQixD/9UX0uiAvbJ+4dK z3Ne3kUdDK0Lk73RGfFgE/ezsc9I6ED82h+arC8pAoDnBWgzTxugZdbexek983bgMq02XFsG pJf7hudeKnB8UmtjTc0j1UUgi129FYyBmINS2Lz1gpEOygFfbeOGLJK5qZJwD3I3O6yN8SUZ uwahXXd1aEB+d1eGhNqxkjQ+L7vdfTlN662GWog3ROMwUbrg0+QAbn/Vlp2iIYO6VERUZ9Yr GfFJX9b9LKa6AHxzAaqFIix1h2wBiIacpIBGU/4+3+wL5zkCbGSRzoIHW8srllj7ehgwwfNx QevibuZWJ4XpHpIxrtsmBO7ERFk8pN7oiQ9M3b2Cg9OBD5vgxyMCHEKIblWyKz8GLtz5357L ORU1EBWB8BoJPBHz3u7bZE+jH9+w5PpI087Ae78KCDkTNj7o2wbkRoYLmLpMo8DOwAumyy5R 2DuRu0cn5Rw5pFjlJkyfM0Wf80Ml/SINrUORWeqSbsHSX8i+Y0Oyt5JNo9NFbgN0Gn/Qo364 I8cLgbvUAyFHwhnmbHB+QXFCGAy73NOQ+g2fCRPeSbihhYa34ugfmd4oa6W2w805ixzM7iGr P+wDB1dhA7eHKVmoo9Kxvm9VzU+2homYGEROd/H6n0BMvWtp1oFh/JvEgZN6dVLg3p+XX5Zj Ggy568bIY4P5kP7pAxh017kCDQRZuSoGARAAtCWxW1cRne/iGbFuibvB8d3upcbCB7oz4LWk LSE20Db2ymn04ici9V+wBSWX57me5jQdwMi/gzVVZcupbzWTg5Yhv7Qt7CKORJLEKo6nULbb 4aEpdOXD9s7wwx+foFjzjtDOH/JYoB+OEe2oW39VmK6EsIx7ClsLf6+cih5yApZHtmV+2M3J YSxD2kCUE619ITFLAkMf203ap5vJ6DDaaKnVoNhF9qV7jlJEceGqHTBG4KkBX/zNCehMIfhr ViY/B2IWAHeuZ99lnCPx2mehGGa4XLjQauUkY9KB7dOq/ODyt+7SL0dfWrOVf3BnU3C308b4 9YdId8KI4dJ30nfXn6ifTK9STZHZE+Mt1sIVmtEguqMXEk/axZmT14x194c7ZPmU/uCQTE3U y1NFs4Yof50WF1ze0CyN2ycmqx11mHjP5+L23TqcdIWmJG+EtdHUAFpu42kbB0fML3Oc/cEU SmWK3WpF5YPljLM2gyh3RXjuiBnaGoJaKTOj5zXQ2G2l3/ijbn9FbqmFup+R352dxUyakXEP xNe3HdyjfyUcy/RJNeZz/lgUIhkxWQjOOU1RIN41RtCKcF9tJjMwgQvI51QmPvf90/6ab3I/ vwEpjlRb4AbuWfPWe89J+Z3TG97V9sntlMcQ6MGiPLbyFpiXIf2150e6FxZdJtipVwY2d/kA EQEAAYkCJQQYAQoADwUCWbkqBgIbDAUJB4YfgAAKCRBo1jycU9GLYfy0EACYrxb4nWtOnIu0 N7rXXo/0ZjaBTyUhJ6hzy2D7rt3vv/qj2ui+N21ui/yMDS928za/XRfP25qN9A1puioHqN4l SAsxwCC3mT9GJXVXVgivg3MeciqBXoOdnk1hUkP1CTKL3qZ9pSuw8bPlNE7+b1xF7Oce37YH +QRVmBXbGwTxtDTCZ9Js0/IpiUtg9QCfmryB1r/fD0TFb8b9aCBuVeKocWSuX9UXRt7zRGM8 BJwOLvdLdGvV8us1imlBKFLai4L8CPgihuc/s7ZB0r3pgW697hXScWhGHF3OUWbPFVkNyivM xtDcq+9ZlUMrxFbwUEABi8NFwvzwn+YJQqlrPiF4xxsScYpnIlfWEuP6Vpp6Z/u5x+1MNyZb oxNWWaevMVeo3tdRV9F6/YFqucw4JQ9HqlCKQ62sW9+e5SSlxGNlV4j9cchG6a4fAZqxL+pS ks+KitK3ap/R4RUG+nbjLlhCwGJIti8lxvdYAoPqjtwEUmMJv4dIl0/2h1495cwBIi7XeRKZ Rx38TV3G3LCx0J8dFhkyTG5TxUZQFgHjznkIX7bzeSQX72MxT0b/tc38yM71WpAgAY+MlHCT FQRKqIQsH/4MFir+g/oV2uPNGwmg0QEOnv9zZ79JJ/nBmuXC2RwUVTtZgtiZXhaP0afvR0eg WPEzptIZZCSmtBOOYkfsAw==
Message-ID: <d082ddc1-3803-9e86-7701-5e57226342fd@innovationslab.net>
Date: Mon, 10 Aug 2020 07:38:35 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <5E86BDE4-9A91-4565-8D2E-68F21404F08F@icann.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="lqzPJtsIE3tN4W4ExaX1N49FP9Qj22gZY"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/fJvgEYdJyxIPW99gX1c--XPLd-U>
Subject: Re: [dns-privacy] [Ext] Possible use case: Opportunistic encryption for recursive to authoritative
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 11:38:43 -0000

Hi Paul,

On 8/8/20 7:39 PM, Paul Hoffman wrote:
> Sorry to break in, but what does the question of number of anycast auth servers have to do with this use case? Or did y'all mean to start this as a thread for draft-ietf-dprive-phase2-requirements, in which it could be relevant?
> 

I asked the question in relation to the use case since the use of
anycast with any stateful security mechanism tends to raise concerns. If
authentication of the authoritative is of interest, there is also the
issue of managing consistent credentials across all servers responding
to the same anycast address.

Regards,
Brian