IETF Logo Mail Archive

Re: [dns-privacy] New draft on encrypting the stub-to-resolver link: draft-hoffman-dns-tls-stub-00.txt

David Ulevitch <david@opendns.com> Wed, 20 August 2014 18:34 UTC

Return-Path: <david@opendns.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F48A1A04A1 for <dns-privacy@ietfa.amsl.com>; Wed, 20 Aug 2014 11:34:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.377
X-Spam-Level:
X-Spam-Status: No, score=-1.377 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qyc355qQqs8B for <dns-privacy@ietfa.amsl.com>; Wed, 20 Aug 2014 11:34:52 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABC6B1A0668 for <dns-privacy@ietf.org>; Wed, 20 Aug 2014 11:34:51 -0700 (PDT)
Received: by mail-lb0-f170.google.com with SMTP id l4so7239745lbv.15 for <dns-privacy@ietf.org>; Wed, 20 Aug 2014 11:34:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opendns.com; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=zrvpewXz7L/EnVnk8d2K+ULQbNew+hSZvdcMU3oVIT8=; b=Z4STIlke5rQxFkfgCN71xxrxyk9SeICbN+xwT88mSwtEnxT1ao8J+wa9MJkAvsEbHX E/IhqKtWF7dmoGllPRcSOPKop4f4XoDTOz3S39QbNWTt2uRRXtpFXQN3tXYrwtcNIRxr PKZlM40NcdW0WfwAmI1vfEOqPxwfxe/ZdQves=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=zrvpewXz7L/EnVnk8d2K+ULQbNew+hSZvdcMU3oVIT8=; b=YO5/X5D8B7MhnW8uWw3dyNPJAz5KWYC/5yPljQycke9c8fFj4xP7djIwOPQOPurdcG IFW/t0OKH3doP7DgeRMhbE+HB2EVvjgazaP7uajCj0vxEcntAvFFxVxMREUaASIoj+Y+ SkGG6p7nQiODsMVGN9/8hFdpZRWAiSv/nJ0bAbMjr3wBaZpOj7BmZc7FFCw26ob0j2qE iJTqpjxJaSHS+ePmco6Rtc46dCnWJXqzp98dxoY38pnSrOV8SnI/3Xv7QT2YqCEYY99L f+TRxBZsRKm+z+n8ZdSzv5iuC15i0J0I5NBPGqvZvy+IBTeHDoHGHTZEIaTD+tmb9r5s Q+kA==
X-Gm-Message-State: ALoCoQmbkCZTrglI0aclS9WXybYUY3w6Oag9e01eEUvGvqGSZw+xVSLAWjfaWXStyPC5oi+vGQzI
MIME-Version: 1.0
X-Received: by 10.152.45.8 with SMTP id i8mr44066940lam.3.1408559689864; Wed, 20 Aug 2014 11:34:49 -0700 (PDT)
Received: by 10.152.242.34 with HTTP; Wed, 20 Aug 2014 11:34:49 -0700 (PDT)
In-Reply-To: <CAFggDF0McW3JD9+mzSc2wpkorvkyR-v-GCn-FyhWUH9PcnCdMw@mail.gmail.com>
References: <20140818175701.12317.96810.idtracker@ietfa.amsl.com> <FF99C324-2959-48EB-A187-18007F7AA364@vpnc.org> <CAJE_bqeoUx2gFsnVgZYfoWASkHaMgKW4tR552YRmQ4ZNzH1M=g@mail.gmail.com> <361D96E3-CD31-4E2B-88E3-46E44D6F8C3D@vpnc.org> <alpine.LFD.2.10.1408191650420.22835@bofh.nohats.ca> <EFBD7F1F-EB4B-4EC4-BE08-C7C92EC471FF@vpnc.org> <CAFggDF2tdiUzGmEi9u68mubR6F+Lp7U4dy0N6R7PQVAQ_nNw=g@mail.gmail.com> <A22A1BAF-5B70-4574-AF92-B777FF5F89E9@vpnc.org> <CAFggDF0McW3JD9+mzSc2wpkorvkyR-v-GCn-FyhWUH9PcnCdMw@mail.gmail.com>
Date: Wed, 20 Aug 2014 11:34:49 -0700
Message-ID: <CAC4GpT_qA50n4DtMKh-V+zMd5=WtqppmZncYROAn_+qnCSEzCQ@mail.gmail.com>
From: David Ulevitch <david@opendns.com>
To: Jacob Appelbaum <jacob@appelbaum.net>
Content-Type: multipart/alternative; boundary="001a11c1ba20f60704050113db64"
Archived-At: http://mailarchive.ietf.org/arch/msg/dns-privacy/gTpMzgw-RR3gRHjlbUPPw9FWx7I
X-Mailman-Approved-At: Wed, 20 Aug 2014 14:18:29 -0700
Cc: dns-privacy@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [dns-privacy] New draft on encrypting the stub-to-resolver link: draft-hoffman-dns-tls-stub-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 19:15:06 -0000

On Wed, Aug 20, 2014 at 8:11 AM, Jacob Appelbaum <jacob@appelbaum.net>
wrote:

> On 8/20/14, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> > On Aug 20, 2014, at 6:30 AM, Jacob Appelbaum <jacob@appelbaum.net>
> wrote:
> >
>
> >> e) All the other DNS privacy stuff - eg: OpenDNS's encrypted DNS
> >> stuff, djb's other work, etc.
> >
> > I can't list a policy that I can't cleanly describe. The OpenDNS folks
> still
> > haven't produced a stable description of their protocol that I can find;
> if
> > they have one, I'm happy to list it. DNScurve doesn't work for
> > stub-to-recursive, I don't believe; only recursive-to-authoritative.
> >
>
> Really? I'm surprised. I've cc'ed David Ulevitch - perhaps he or
> someone at OpenDNS can chime in with something helpful here?
>

DNSCrypt has been well-described and is in use by millions of people today
across a number of implementations.  Details available here:
http://dnscrypt.org/  -- We can certainly do better. Happy to help push it
along to a standard.

I'll have one of our engineers get more involved in this list.  Thanks for
the poke Jacob.

-David

v2.23.0 | Report a Bug | By Email