Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

Jim Reid <jim@rfc1035.com> Wed, 31 March 2021 13:12 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C24063A27D8 for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 06:12:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8gRUWYT1xAjd for <dns-privacy@ietfa.amsl.com>; Wed, 31 Mar 2021 06:12:06 -0700 (PDT)
Received: from shaun.rfc1035.com (shaun.rfc1035.com [93.186.33.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4D763A27A0 for <dns-privacy@ietf.org>; Wed, 31 Mar 2021 06:12:05 -0700 (PDT)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 006A02420C28; Wed, 31 Mar 2021 13:12:03 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <c1ae3401-2565-016b-7acc-4891d0bde067@cs.tcd.ie>
Date: Wed, 31 Mar 2021 14:12:03 +0100
Cc: DNS Privacy Working Group <dns-privacy@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DEEF3D2D-695F-4FCE-BF2B-425BB9FF1F39@rfc1035.com>
References: <c925da9089fa4b1e991ec74fc9c11e7f@verisign.com> <CAChr6Sxwao=FAcoeHMuOf0L=JCZ+wvhsr9BNZW_dbt+1=HWQwg@mail.gmail.com> <CAMGpriX5rbswMQnjh4gZqsLjh2xUJxjJVxe2rEAVu=RdLAbGFw@mail.gmail.com> <CABcZeBOntrAqq_bVL-y-BP0DZLvYmVMkvKqi8K0D_SFqAfCVXg@mail.gmail.com> <96c2475d-ad93-a442-2003-db6f8782e450@cs.tcd.ie> <CAMGpriXdU7_mJh8CQvSiZGQaDUD9aZF=0iYu0yKBS06khAHgng@mail.gmail.com> <4094551f-4b39-a996-f12f-8c5317c4fe21@nic.cz> <20210331092449.GD10597@nic.fr> <cefd04bf-8685-1894-ef3a-b61ce6a37167@innovationslab.net> <155BAF8D-9F65-4C5C-9EB1-58EFD70827B5@rfc1035.com> <c1ae3401-2565-016b-7acc-4891d0bde067@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3445.9.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/hQCBQ3DMo6BdoFpZfCSVI8bfAVw>
Subject: Re: [dns-privacy] Root Server Operators Statement on DNS Encryption
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Mar 2021 13:12:11 -0000


> On 31 Mar 2021, at 13:58, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
>> And is TLS the *only* game in town?

> When encrypting DNS based on some standard protocol? It is

I know that Stephen. The point I was trying (and apparently failing) to make was there are other privacy-friendly tools/protocols available that could well be good enough solutions for some parts of the problem space.

As an example, widespread adoption of RFC8806 - no sniggering at the back! - could obviate the need for encrypted queries to the root or possibly offload the TLS goop to the local instances of the root. But the WG doesn’t seem to want to consider that.