Re: [dns-privacy] [Ext] Intermediate proposal (what I was saying at the mic)
"libor.peltan" <libor.peltan@nic.cz> Wed, 04 August 2021 07:56 UTC
Return-Path: <libor.peltan@nic.cz>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B0133A0B8D for <dns-privacy@ietfa.amsl.com>; Wed, 4 Aug 2021 00:56:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.4
X-Spam-Level:
X-Spam-Status: No, score=-0.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_WEB=1.5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fTD1zmHx-dCC for <dns-privacy@ietfa.amsl.com>; Wed, 4 Aug 2021 00:56:19 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C5503A0B8C for <dns-privacy@ietf.org>; Wed, 4 Aug 2021 00:56:18 -0700 (PDT)
Received: from [192.168.1.106] (unknown [193.138.153.8]) by mail.nic.cz (Postfix) with ESMTPSA id A6A7814225B for <dns-privacy@ietf.org>; Wed, 4 Aug 2021 09:56:14 +0200 (CEST)
To: dns-privacy@ietf.org
References: <CABcZeBNRZsyjd-M_hKOwxdqY=Y7oZs5-d4waqPHb9gO-GJNV+Q@mail.gmail.com> <8b2ac283-614e-40d2-b6bf-5e67d5324aaa@www.fastmail.com> <CABcZeBM+rBLgUs+xzyhTOjCFuPdjUDPDMeFL6CAXanDaicC+Pg@mail.gmail.com> <CAHbrMsA3ROoeeDXm_HpXP73uFjVrEQUycQ0OR0e6JE0hCoS1sw@mail.gmail.com> <5EEBC284-71B3-4308-B5C6-AF3847A6ED36@icann.org> <CAHbrMsCN9N=sV2xtc5b9QFeSSCsr65wXEEZ+d6DSTNbRxRt8GQ@mail.gmail.com> <66A4FCE3-A07A-4177-A596-17B660FB3535@icann.org> <CAHbrMsBT5VDYSKL9Pn8iq3uCMVAn6qc+Hd8PYfxUR2nxs5tp9w@mail.gmail.com>
From: "libor.peltan" <libor.peltan@nic.cz>
Message-ID: <73791df6-098b-ecf0-e776-58a160cd936f@nic.cz>
Date: Wed, 04 Aug 2021 09:56:14 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <CAHbrMsBT5VDYSKL9Pn8iq3uCMVAn6qc+Hd8PYfxUR2nxs5tp9w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------96D2A0C856E393382B4DD2AE"
Content-Language: en-US
X-Virus-Scanned: clamav-milter 0.102.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/iTDFeJQXTXc7V2CwMWjLl5zo5Kg>
Subject: Re: [dns-privacy] [Ext] Intermediate proposal (what I was saying at the mic)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2021 07:56:24 -0000
I think that if we decide to employ DS the new way to signal the desired transport protocol, the CDS->DS mechanism might still be used to "upload" those DSs to the parent (however, it's not allowed by current RFCs, since CDNSKEY is required whenever CDS exists). (I don't conclude if this has any effect of usefulness of SVCB at the child apex or just permanent CDS there.) Libor Dne 03. 08. 21 v 23:30 Ben Schwartz napsal(a): > > > On Tue, Aug 3, 2021 at 5:20 PM Paul Hoffman <paul.hoffman@icann.org > <mailto:paul.hoffman@icann.org>> wrote: > > On Aug 3, 2021, at 2:06 PM, Ben Schwartz <bemasc@google.com > <mailto:bemasc@google.com>> wrote: > > > > On Tue, Aug 3, 2021 at 4:55 PM Paul Hoffman > <paul.hoffman@icann.org <mailto:paul.hoffman@icann.org>> wrote: > >> If the WG is going to go to DS in the parent to have a signed > signaling response, it would make sense that the signal in the > child have an identical format. If we go with that, I'd rather see > CDS be used in the child instead of SVCB. > >> > > I disagree. CDS is explicitly a signal from the Child to the > Parent. > > Yes, exactly. This is the best way to get those DS records in the > parent. > > > Quite possibly, yes, but far from the only way. In fact, CDS record > support is not widely deployed at present. > > > It's literally in the name of the RR type. I would not want all > the resolvers in the world to be reading CDS records as part of > the iterative resolution process. > > Why is "all the resolvers in the world to be reading" an SVCB > record better? > > > In the parent, our RR type choices are constrained by a slow-moving > ecosystem, so we may have to reuse the DS RR type in some fashion. In > the child, we don't have this problem, so we can use proper RR types > with purpose-designed semantics, zone file representation, and wire > format. > > I'll put together a more detailed proposal and then we can argue about > this some more. > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy
- [dns-privacy] Intermediate proposal (what I was s… Eric Rescorla
- Re: [dns-privacy] Intermediate proposal (what I w… Paul Wouters
- Re: [dns-privacy] Intermediate proposal (what I w… Eric Rescorla
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Robert Evans
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] Intermediate proposal (what I w… Martin Thomson
- Re: [dns-privacy] Intermediate proposal (what I w… Christian Huitema
- Re: [dns-privacy] Intermediate proposal (what I w… Eric Rescorla
- [dns-privacy] ADoX experiments (was: Re: Intermed… Stephen Farrell
- Re: [dns-privacy] Intermediate proposal (what I w… Ben Schwartz
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Ben Schwartz
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Ben Schwartz
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… libor.peltan
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Brian Dickson
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Brian Haberman
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Stephen Farrell
- [dns-privacy] scope of authoritative signalling [… Daniel Kahn Gillmor
- Re: [dns-privacy] scope of authoritative signalli… Brian Dickson
- Re: [dns-privacy] scope of authoritative signalli… Peter van Dijk
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Brian Haberman
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Bill Woodcock
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Bill Woodcock
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Christian Huitema
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Bill Woodcock