Re: [dns-privacy] draft-pp-recursive-authoritative-opportunistic-04
"Livingood, Jason" <Jason_Livingood@comcast.com> Thu, 14 January 2021 16:31 UTC
Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE3763A1387 for <dns-privacy@ietfa.amsl.com>; Thu, 14 Jan 2021 08:31:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NIAjqz9qf0yE for <dns-privacy@ietfa.amsl.com>; Thu, 14 Jan 2021 08:31:56 -0800 (PST)
Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E7B73A15C4 for <dprive@ietf.org>; Thu, 14 Jan 2021 08:31:56 -0800 (PST)
Received: from pps.filterd (m0184892.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 10EGOlW2004276; Thu, 14 Jan 2021 11:31:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=20190412; bh=jTNINYAdevxikJvK2UoeCCE+jUZ0QmGjFNSPmENmpy4=; b=Q09fmMK5FpTfIOcJ2T6kApCmuT6JGKwYeU7GcuOn4R84M9wLy8qyL8yIMV+6AXpFvlHv +Ti9RdxIiMqUgOcUd2851UTymSzNySuUbP9fqj2KH00OrHzctxdrdcOdPy/kKi1ftir7 rxgJf6rAp8UM6XRJb4OICLnB6ar+67kS1ZgqqETQhHa6jqJo12fX7luQABNK30MGh4bT kjI0I1DuKoer7vlXXmt3E8+Ks1sMS8p7gd16++bDLFJjX5lq9IjPUOAqeNt8d/Ix3BPl SWOEO5C6TIXP+8heffyefTFuuVdQ4O8ezEinxNmH0iOyT8xXmA/agRmFo9ddBFZCCxsx hw==
Received: from pacdcex52.cable.comcast.com (dlppfpt-wc-1p.slb.comcast.com [96.99.226.136]) by mx0a-00143702.pphosted.com with ESMTP id 361g13np0q-13 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 14 Jan 2021 11:31:35 -0500
Received: from PACDCEX49.cable.comcast.com (24.40.2.148) by PACDCEX52.cable.comcast.com (24.40.2.151) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 14 Jan 2021 11:31:26 -0500
Received: from PACDCEXEDGE01.cable.comcast.com (76.96.78.71) by PACDCEX49.cable.comcast.com (24.40.2.148) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 14 Jan 2021 11:31:26 -0500
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (104.47.37.53) by webmail.comcast.com (76.96.78.71) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 14 Jan 2021 11:31:20 -0500
Received: from MN2PR11MB4287.namprd11.prod.outlook.com (2603:10b6:208:189::17) by BL0PR11MB3234.namprd11.prod.outlook.com (2603:10b6:208:65::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3763.9; Thu, 14 Jan 2021 16:31:19 +0000
Received: from MN2PR11MB4287.namprd11.prod.outlook.com ([fe80::d099:c25c:183c:1212]) by MN2PR11MB4287.namprd11.prod.outlook.com ([fe80::d099:c25c:183c:1212%3]) with mapi id 15.20.3742.012; Thu, 14 Jan 2021 16:31:19 +0000
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: Paul Hoffman <paul.hoffman@icann.org>, "dprive@ietf.org" <dprive@ietf.org>
Thread-Topic: [dns-privacy] draft-pp-recursive-authoritative-opportunistic-04
Thread-Index: AQHW6pKwb18orQ6OJkesH0qyD3xrPQ==
Date: Thu, 14 Jan 2021 16:31:19 +0000
Message-ID: <DD73EF4B-1570-405F-A6A0-923E766925DE@cable.comcast.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.45.21011103
authentication-results: icann.org; dkim=none (message not signed) header.d=none;icann.org; dmarc=none action=none header.from=cable.comcast.com;
x-originating-ip: [2601:41:200:d70:7871:2ebc:fcaa:c66b]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4ded7f9f-be53-4515-d307-08d8b8a9d2aa
x-ms-traffictypediagnostic: BL0PR11MB3234:
x-microsoft-antispam-prvs: <BL0PR11MB3234CFD8BEB35CDD5C63B9E4C7A80@BL0PR11MB3234.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: gv4A+oD/8Q+CnBSugT9JoVRwGEdf2C2sWHMEJQJ9CtzKg/M1nD7mwIlSS8HhEkO764J4oNpRUaY+AydnceGv5PgxQOhrPpongf9OyfcGnbGMIwhnJHzj/ZfM2EyICKS/YDE2xgNONqnBuTllfJdElVa0flI8NkuTze3ybVPOo8uG82IChVFzJoLunkB5oFYr/44RcyM1ZlqrdPuGyTbc2frYrPjzKm5QMwQ4WMw/lLekUdrRw81Rpf2bs1fZ8/H6fEL9UzpK/uQutuzG95j1K5ajASEgIl0cx3aX5+/sFkI6lP8NA6UV6o5sR1OTV6IkGoTpWSyopwbx2krQcyJB5ADugJwstbaA2Cze25rdlie2jXmgciBJFpaK7FpkOhdMwn5RxqB8DVCxYd//JXMHYSRvptY/r3LEa7/OSJo0bQT5Vh/2fcdv5e7DHl+BxLutIJ4luOL6Trbi5D791UkCe/tm7LLioac+A6IoDBeWOFAVQRFuAH+3YOJwfxTv3axZArqaQVvkdu5iboikmWgemA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4287.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(376002)(366004)(39860400002)(346002)(6486002)(478600001)(2616005)(6512007)(71200400001)(66446008)(86362001)(8936002)(64756008)(66556008)(83380400001)(966005)(33656002)(76116006)(66476007)(110136005)(5660300002)(2906002)(8676002)(6506007)(316002)(186003)(66946007)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: zQD3gLT425pWwRkH+PrQ6UR1Srlb7OeWICk6pKglGDAfaW0OMOBqtvUvmHea8VJHEM/xXWiJ6bU6BgOZtu/26qfv6hAX8TeJh8j6kE4fGOWjUtyVFwik6WMQ6dqHmzz2Y5mhaNOEJ1pO1F5yzuE2mEhTA4Em9gWNc0jYReIL+R+N7NL2msqWz/gK5+Xnpg78+MFLnFnVB5UN8O6Gjc/ejs7UtszYPIC8uL2YXU6tV+64MTEap/TDHiJvZyGfpB9e4ZTJHcqK+bw8HLWnWK/YfxgCugbPAx8ohFaRdmn3B3uoyOwYiQZ8DX66PQMN8qkvn5QuZeIo1PQiTaNHfmnZvLG/iWLkS7E3InGow4rS6fopfVmj+zqbdCLiMBoj2eNafksjnxA3azJ5k3lVfD/5Z9E/pMJypt7JYjqNEzsmoYpyANuVxDfJuJTC8/47bcfLSISGJu9kPgnApY5dyDq/0MsBRy05aXT+ns61QnOdldMpRGsyjE94U621NS2ZYH+6+eZw3jpDqqjZAzb2kNnbAvBnG+aDDEE31r3S+T1jUfX5VD8fwR5x32AT7D1tFwrn2apTD+NZNOq/DNMTGj1s3ZPeH/0R/y3qqamhVI7DxbhFvT7B+/R86hplvU+g8ACVvfnyiq5KyR6EyQyLl8K6y2m5okH3Vf4nU9wBvitp+nUKiVeECrR3RRn9BYl4LGTgDTsjVprpkWb9J/GjR0qGowUmgYBx88ngPj9o0vmVcr1H8KLwRnQqMjw0P0R2UlUd4pdeXM9vrMQFZ1ELgt6rx6xW1j2kp8JpTqT+UnzWJ9nOF0ENvRBZZrcjNq6aBHGv/vpRpwccu5MGFPMMG6vzRwS+So4+du8yQO4OM1In+4UbjMEpidb+QwFHtNSvvDb4RN798TA2fu0DuxUqndPlxjXUvtQv4PtDr0MELWF1lP3KnuGbQV5jIIAbl3mg8FBqQs0BLYS43P3RyuGfgzgz2ALjrP302m3Dcp5Kh+6u8Mg2D1m3PTtqxzL8RKFLXjcy8FBKDv5GRGx1+dToU2bj4RI9KajXCcdznGlXegNy46sSh8nF9SgFl1hAS1RfPf10
x-ms-exchange-transport-forked: True
arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CLOBqFPKKMgKzY/1aL27ypQ7zdbfgqIxLEQTT7T80Iv87Hy/Ue5wbxbmO8heCQn9h80gD4tN8zpQMeGk0WknNk2xXPdHpit5XfRkgSb4c1aWuGE8Q/PyboB6+R1Wyq2MJhexS8b1j1JK5JFKEXcKyQhTuz0D9gY/LkI1v/IHBFKcYLzEn9k4dll+jyDZWZjNVAemYfmyQi8bDymcFx/+gpceXpnIffapx13RdZDQzxVLEaBW2uFomEMcaFmfxpJ9FYzN4NHjcqxjjR/5olMsxzctpVkpxtYhLjOEQho1qavZuOO5v/yesrW48fvd8feAGc7zXs8Km6z1Kksx+yAECg==
arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Esfn/vo47A9NOLDIzfHddn6KiPcKTA3HKp7+psBWGG8=; b=Sg8UKbuM31ipQX66Uu4080/BSNZPZHix7Fo3mGjoz0x0ctgPFx9Cg7AQCQthZWP/vWGWKmZTltFgCFzIoreQfrlmEOn21HvlXo8XczcwXuLoMCVu3PSw1R8CB5Tt6fFysJAfm3u00uy9H23hfl064jwMl7wAssX6JvuVTp2weSL67xdJMzIl26IhHstKiW5ri9Yzf5oxZGcp0iliO6rxlY6iWWqU/5UVltpFjroTQ4t5ifF6cgUxm55P6xQCPwipEUKLKYqE+KD7BW+fNoX+ithK5oDddggYxKCiV/hqMlJUgTtEAQHA0Kcz1VOyiO12xKaeBqmwjZ3lUI9j9KFGsw==
arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cable.comcast.com; dmarc=pass action=none header.from=cable.comcast.com; dkim=pass header.d=cable.comcast.com; arc=none
x-ms-exchange-crosstenant-authas: Internal
x-ms-exchange-crosstenant-authsource: MN2PR11MB4287.namprd11.prod.outlook.com
x-ms-exchange-crosstenant-network-message-id: 4ded7f9f-be53-4515-d307-08d8b8a9d2aa
x-ms-exchange-crosstenant-originalarrivaltime: 14 Jan 2021 16:31:19.4680 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Hosted
x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
x-ms-exchange-crosstenant-mailboxtype: HOSTED
x-ms-exchange-crosstenant-userprincipalname: zqznP9Y7yWbtN39zQtu546W/nebSoINUMSr5/D+nmOCTSBCb8eWRsfCJhR0ZuYNKKcCpXHbU+OR3YrVmFIbuKm480dBjy5Shy1jBzjcSexk=
x-ms-exchange-transport-crosstenantheadersstamped: BL0PR11MB3234
x-originatororg: cable.comcast.com
Content-Type: text/plain; charset="utf-8"
Content-ID: <665CAC726D20894CB0DAAFBF57E03A75@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward AAETWS
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2021-01-14_06:2021-01-14, 2021-01-14 signatures=0
X-Proofpoint-Spam-Reason: safe
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/hFBlCV1KY9kFYdpsB8w9LzVN9D4>
Subject: Re: [dns-privacy] draft-pp-recursive-authoritative-opportunistic-04
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2021 16:31:58 -0000
Comments -- which may have been discussed in the WG before, in which case ignore them: - The discovery method seems to be that you look at the NS RR IP address and attempt DoT on port 853. But the requirements doc https://tools.ietf.org/html/draft-ietf-dprive-phase2-requirements-02 in requirement 7 suggests that instead of this that they auth SLD admin would specify secure transport preferences. Presumably this would be in some DNS RR in the SLD. Your proposed discovery method and what is suggested in the requirements doc seem to be at odds. - Why suggest attempting to contact via an IP rather than a FQDN in the URI? I know sometimes managing the TLS certs based on IPs rather than FQDNs can be problematic in some deployments. - Is it necessary to specify the transport cache? If it helps with performance everyone will do it. And the section other than saying there MUST be a cache does not specify anything else. Jason On 1/13/21, 8:07 PM, "dns-privacy on behalf of Paul Hoffman" <dns-privacy-bounces@ietf.org on behalf of paul.hoffman@icann.org> wrote: Greetings again. I have updated draft-pp-recursive-authoritative-opportunistic to include comments from the WG on -03, and to include timings that I have determined by experimenting on a large database of domain names of "typical" web sites. I am writing up that research now, but because the WG asked me to put data-driven timeouts in the draft, I did so in advance of the research. Draft: https://datatracker.ietf.org/doc/draft-pp-recursive-authoritative-opportunistic/ Diff: https://tools.ietf.org/rfcdiff?url2=draft-pp-recursive-authoritative-opportunistic-04.txt Comments before or during the interim are clearly welcome. --Paul Hoffman
- [dns-privacy] draft-pp-recursive-authoritative-op… Paul Hoffman
- Re: [dns-privacy] draft-pp-recursive-authoritativ… Livingood, Jason
- Re: [dns-privacy] [Ext] draft-pp-recursive-author… Paul Hoffman
- Re: [dns-privacy] [Ext] draft-pp-recursive-author… Livingood, Jason