[dns-privacy] Paul Wouters' Abstain on draft-ietf-dprive-unilateral-probing-12: (with COMMENT)
Paul Wouters via Datatracker <noreply@ietf.org> Thu, 05 October 2023 18:45 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AD988C151549; Thu, 5 Oct 2023 11:45:44 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Paul Wouters via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dprive-unilateral-probing@ietf.org, dprive-chairs@ietf.org, dns-privacy@ietf.org, brian@innovationslab.net, tjw.ietf@gmail.com, brian@innovationslab.net
X-Test-IDTracker: no
X-IETF-IDTracker: 11.12.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Paul Wouters <paul.wouters@aiven.io>
Message-ID: <169653154469.24088.12325885241211072486@ietfa.amsl.com>
Date: Thu, 05 Oct 2023 11:45:44 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/fZvbt8_ue0Un5pmFmU8QzvHSokA>
Subject: [dns-privacy] Paul Wouters' Abstain on draft-ietf-dprive-unilateral-probing-12: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2023 18:45:44 -0000
Paul Wouters has entered the following ballot position for draft-ietf-dprive-unilateral-probing-12: Abstain When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Based on the authors response to my DISCUSS (https://mailarchive.ietf.org/arch/msg/dns-privacy/mVGvnh3g0Z9O70XeguVNUx59SYk/), I have updated by ballot to ABSTAIN. I do not see any use of this draft. In its regular use, the user is still sending their queries in the clear initially. The draft assumes that after the initial leak, queries for the same target will be encrypted opportunistically. I tried pointing out that on most mobile devices, this is not the case due to frequent network changes and DNS cache purges. Any Operational or Security Considerations related to this were deemed out of scope. I can only conclude that no privacy is gained, and that the additional complexity in code is not worth the effort of implementing. Additionally, since the draft requires the DNS servers to generate a certificate, the difference between generating a self-signed certificate, and using an ACME based certificate that CAN be validated and wouldn't need unilateral opportunistic security, I see even less reasons to attempt to deploy this. As no indications are given back to the user, the draft does the enduser no harm (other than possibly introducing bugs due to added complexity on the code) and I see no reason to further block it with a DISCUSS.
- [dns-privacy] Paul Wouters' Abstain on draft-ietf… Paul Wouters via Datatracker
- Re: [dns-privacy] Paul Wouters' Abstain on draft-… Eric Vyncke (evyncke)