[dns-privacy] Mail regarding rfc9539
Luca vom Bruch <luca@vom-bruch.com> Sat, 14 December 2024 00:29 UTC
Return-Path: <luca@vom-bruch.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB13C1840E6 for <dns-privacy@ietfa.amsl.com>; Fri, 13 Dec 2024 16:29:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vom-bruch.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fT91QQ0ZZw56 for <dns-privacy@ietfa.amsl.com>; Fri, 13 Dec 2024 16:29:02 -0800 (PST)
Received: from home.vom-bruch.com (home.vom-bruch.com [213.255.218.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6988CC151998 for <dns-privacy@ietf.org>; Fri, 13 Dec 2024 16:29:01 -0800 (PST)
Received: from PEGASUSX (unknown [IPv6:2a00:98c7:1000:1300:aaa1:59ff:feea:c339]) by home.vom-bruch.com (Postfix) with ESMTPSA id A4E61810A392 for <dns-privacy@ietf.org>; Sat, 14 Dec 2024 01:28:58 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 home.vom-bruch.com A4E61810A392
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vom-bruch.com; s=default; t=1734136138; bh=fomTFv3IEyCB+acRySl3u0m/zKBPjgN2w/tURgEqJUQ=; h=From:To:Subject:Date:From; b=lshGQapYP36iWpjFH7YTF4AZKEVyNzsK8HmacOKkRTNdVB3VNGnCVhCAWoInR+LzF 48j92xyoOW8Ocs0+YKG7XeGZyyzCsqdm6mwWUwba7qdkeUxt3TEWUDo+0zwF+gZOfk DZnXBthyzIclaY2G9AbV9xtcaGUyQoxXmIAFnkpD73K0ydrNQBmaIfoke8peBm6P4f hvNh13sylw7/FngKg3WjpfEk/1jBjJJ2jIBcZK0tmvHNmNBvMxf1wzMxkec0CwzjOe FokRrlCp9MkKFG7rRZ5kZssafTqXaTpRkjKx26jcWAEntPSU1/xj146B8HXinqVYnt WXevmgz2doqRQ==
From: Luca vom Bruch <luca@vom-bruch.com>
To: dns-privacy@ietf.org
Message-ID: <001001db4dbf$29e7f000$7db7d000$@vom-bruch.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0011_01DB4DC7.8BACCD30"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdtNvfsDZQ7lGWnUTMGU3lgJX+I7oA==
Content-Language: de-at
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.6.4 (home.vom-bruch.com [0.0.0.0]); Sat, 14 Dec 2024 01:28:58 +0100 (CET)
X-Greylist: inspected by milter-greylist-4.6.4 (home.vom-bruch.com [0.0.0.0]); Sat, 14 Dec 2024 01:28:58 +0100 (CET) for IP:'2a00:98c7:1000:1300:aaa1:59ff:feea:c339' DOMAIN:'[2a00:98c7:1000:1300:aaa1:59ff:feea:c339]' HELO:'PEGASUSX' FROM:'luca@vom-bruch.com' RCPT:''
X-MailFrom: luca@vom-bruch.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dns-privacy.ietf.org-0
Message-ID-Hash: 5H5V3HCRLKQPWCSJRPEDIRTHWPWIYBYH
X-Message-ID-Hash: 5H5V3HCRLKQPWCSJRPEDIRTHWPWIYBYH
X-Mailman-Approved-At: Sun, 15 Dec 2024 10:49:17 -0800
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dns-privacy] Mail regarding rfc9539
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/g6EFxqooh4mjjvgTml1hDtNRLe8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Owner: <mailto:dns-privacy-owner@ietf.org>
List-Post: <mailto:dns-privacy@ietf.org>
List-Subscribe: <mailto:dns-privacy-join@ietf.org>
List-Unsubscribe: <mailto:dns-privacy-leave@ietf.org>
Date: Sat, 14 Dec 2024 00:30:37 -0000
X-Original-Date: Sat, 14 Dec 2024 01:28:57 +0100
Hello, I am new to this. I hope I may ask this question regarding TLS encrypted communication between nameservers, for proposed RFC 9539 Will the ciphers be specified? In practical terms I currently enabled this for DoT on port 853 in BIND9.18: protocols { TLSv1.2; TLSv1.3; }; ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256"; prefer-server-ciphers yes; Or will it be TLS 1.3 only? There seems to be a consensus that 1.0,1.1 is outdated, and 1.3 seems well regarded as of 2024 and doesn't have any discussions about the ciphers. For 1.2 there is some debate about possibly unsafe ones. I don't know if the situation compares to the HTTPS world, or it is less or more relevant for DNS. Kind regards, Luca
- [dns-privacy] Mail regarding rfc9539 Luca vom Bruch
- [dns-privacy] Re: Mail regarding rfc9539 Rob Sayre