Re: [dns-privacy] Benjamin Kaduk's Discuss on draft-ietf-dprive-xfr-over-tls-11: (with DISCUSS and COMMENT)

Rob Sayre <sayrer@gmail.com> Sun, 16 May 2021 01:03 UTC

Return-Path: <sayrer@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F06703A232D; Sat, 15 May 2021 18:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sFU8d8xq1YEw; Sat, 15 May 2021 18:03:11 -0700 (PDT)
Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D27F3A232C; Sat, 15 May 2021 18:03:10 -0700 (PDT)
Received: by mail-io1-xd2e.google.com with SMTP id a11so2453335ioo.0; Sat, 15 May 2021 18:03:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZOqTPjqb3ee8XLan/m0WtxTHqNBQi3Luq+aycB3wloc=; b=opV0aK2GegYFgAFbk4We6tNwnEQau+MAYkL/erMlu21hCfFTz5w/oT5LReS4aU7Wrw TQ9fA9/atkqx+z/TRhv7XTgho7UHatVQ21E0Qz9HysOfgWshkdZmpPCM+6rSqkYPPd1c t4Uwo+RbrJ5wAelP524P9QvGZGlhVZvQv/m3gggIq4ZLYjmNiEbGWtabg+m9ULZ0W4wl 0B4YEZyqzJhbvPybDKV47LUOWoBwH7+uUMcOBNv8xuEU+lAUNCF5IRlWfAU3TjcIiZbE H1DUP7V5f6Bg0Z+aLtyuVkThebWLgZQNRrGXOQKTmOpWbWrXpY4QYg3MKna8vP0xFg0v b1rA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZOqTPjqb3ee8XLan/m0WtxTHqNBQi3Luq+aycB3wloc=; b=tlEFr4BR1oJ7/vNgGLTtlPwfHFtxFlC9uYoynCVYB6sIFwcSaeulFErjWc/RSFm2UI mS4LOOaFRQ/mHom3Y5Ngx2qT6xT6txAaiQY+6xQDl5lfT1shO0JBp9emjSZa1rd+cQQO 7miU33z2ztkd9s+bd0wpHrIYzaPTCZSPbbx9DV0am1LQ/+t2SZTmyRjKHzFPM9KG15he HaHlX1+DXsHZdIJO9cF9HLlge0SDWHyV4AYEwtD3l+LuNf77fPYfULVs1MToNS/WnuUE O0Q29Sz6UVdE0XiJ36SJHS61KfDjTT5dIq/XGjZGO08qiZpU/0zT5w8kdPEYjLOi1tbX TI+Q==
X-Gm-Message-State: AOAM533tJ18v2ing9bDn8XeHeMYStK0KOjbG9dpBhatdiehtZmVYbBD+ ULU3QyQxl+CxLSRKq14jiP3AafDMFOFvjaZBrR0=
X-Google-Smtp-Source: ABdhPJxAWXTIkYKBvzwuLf+rwqw74wt7Q4TxvfnmKpy0eV2aYi4Q3055NqN9C20IQAlQ1lFxAOExfUw6e6MYv7wkeUU=
X-Received: by 2002:a02:c98a:: with SMTP id b10mr49916014jap.103.1621126989010; Sat, 15 May 2021 18:03:09 -0700 (PDT)
MIME-Version: 1.0
References: <162018984115.28455.12313533259326172808@ietfa.amsl.com> <9C0C2B16-CB4E-48B8-9269-9266F58F4B4A@sinodun.com>
In-Reply-To: <9C0C2B16-CB4E-48B8-9269-9266F58F4B4A@sinodun.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Sat, 15 May 2021 18:02:58 -0700
Message-ID: <CAChr6SzCd_46cByRuSCtuG-Gx9cbOvUNAGNCicNRF-mxyHTYhg@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, Tim Wicinski <tjw.ietf@gmail.com>, DNS Privacy Working Group <dns-privacy@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-dprive-xfr-over-tls@ietf.org, dprive-chairs@ietf.org
Content-Type: multipart/alternative; boundary="00000000000050da3c05c2680a23"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/ipkV-TOMP32SCfYAfOYOEamW1uc>
Subject: Re: [dns-privacy] Benjamin Kaduk's Discuss on draft-ietf-dprive-xfr-over-tls-11: (with DISCUSS and COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 May 2021 01:03:16 -0000

On Wed, May 12, 2021 at 5:16 AM Sara Dickinson <sara@sinodun.com> wrote:

>
>
> On 5 May 2021, at 05:44, Benjamin Kaduk via Datatracker <noreply@ietf.org>
> wrote:
>
>
> Because this topic relates to TLS usage, I have started an email thread
> with the TLS WG for it:
> https://mailarchive.ietf.org/arch/msg/tls/ZIPo1mF_wnOXkgS7Uv_wzIBFmR8/
>
> The tentative recommendation so far is in rough agreement with my
> instincts, and suggest removing the entire appendix.
>
>
> There was a discussion at IETF108 about using ALPN to distinguish between
> XoT and ADoT - the results was the clarification that ALPN should not be
> used for that purpose and requests by several people that the document
> outline the other mechanisms that could be used by operators (including
> SNI, which was mentioned). Appendix A was added in response to those
> requests and so removing it entirely at this stage feels like the wrong
> thing.
>
> Obviously if there is text that needs updating/correcting though, that
> should be done.
>

It doesn't seem like the appendix is informative in the sense that someone
could read it and make an informed decision.

It might be better to link to other documents for the concerns listed
(which are valid).

thanks,
Rob