Re: [dns-privacy] ADoT deployment at the root

"John Levine" <johnl@taugh.com> Thu, 31 October 2019 19:43 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C496F120018 for <dns-privacy@ietfa.amsl.com>; Thu, 31 Oct 2019 12:43:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=IEjeftQz; dkim=pass (1536-bit key) header.d=taugh.com header.b=gcc6P9AU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fegomEFhZdYe for <dns-privacy@ietfa.amsl.com>; Thu, 31 Oct 2019 12:43:33 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5D1712000F for <dns-privacy@ietf.org>; Thu, 31 Oct 2019 12:43:32 -0700 (PDT)
Received: (qmail 80558 invoked from network); 31 Oct 2019 19:43:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=13aac.5dbb3962.k1910; i=printer-iecc.com@submit.iecc.com; bh=LQL31xFTbh90Y5anJisq48CRFjA2MDYPvYqOvrYliSc=; b=IEjeftQzzcVJ+9D/wYqOcwA2ZKxixji+Y9Dj3m30Bopr/UA4gBCmreVS2ccHWCiwZPNDvoSGSugb/xVbHyEqUKQKGMJC7xGFyDMSy3XrU0S6Nr0jpxpZPu2stKg3a5rBaIr1qZmgrepKWC3gNR7ZS1Mv8yI6ykhUx/ziVXB7NxukjtAZ+NUBimd5jTHmUzHxmERUO7d08XurTRcu3xiYPTFXRNUF02eqrPAtTh4JzQX9uxGz2WN5i0rcg0ccWio6
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=13aac.5dbb3962.k1910; olt=printer-iecc.com@submit.iecc.com; bh=LQL31xFTbh90Y5anJisq48CRFjA2MDYPvYqOvrYliSc=; b=gcc6P9AUUojISHMHn+5GiD5+qC2mxaqeToqamuJ46OKeT77gSy8SR8hOBN2orOXl6eVuDSRt0V5AqLx2puwP4oWpkQopGfB1h25Op/eIvsj1rvaZCQJS8z5sHP35mAuUhZhIz5mwcf2i6jlzhAxHWQaf9C2pdL8oqDj932iJUZZy/3S/NXv1y0M03GzDKmvugJlPBdoyF9M+qyfRFazIy3RYjPOFqoIfJsssC5D0vfJfhpUzhILOeOuyZ7g6krYg
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 31 Oct 2019 19:43:30 -0000
Received: by ary.qy (Postfix, from userid 501) id 18451DBB57A; Thu, 31 Oct 2019 15:43:29 -0400 (EDT)
Date: Thu, 31 Oct 2019 15:43:29 -0400
Message-Id: <20191031194330.18451DBB57A@ary.qy>
From: John Levine <johnl@taugh.com>
To: dns-privacy@ietf.org
Cc: ted.ietf@gmail.com
In-Reply-To: <CA+9kkMDNX-t4a+u63m8jf7rCMt2uD-7hvLjybQ50EWouAK8SDA@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/isLIqvJ2UjM1uRwuwsQ4vXaxfac>
Subject: Re: [dns-privacy] ADoT deployment at the root
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 19:43:34 -0000

In article <CA+9kkMDNX-t4a+u63m8jf7rCMt2uD-7hvLjybQ50EWouAK8SDA@mail.gmail.com> you write:
>I may have misunderstood John, of course, but that's the point of what I
>understood him to be saying.

Pretty much.

The root is an unusual zone in that it is small and unlikely ever to
be huge, it is easy to AXFR without prior arrangement, and its
management is subject to a thick layer of politics.  Since it is
signed you can get its contents from anywhere convenient.

Many of us already treat it as a special case by running a local
mirror, so I don't think it's a big deal if our ADoT techniques only
work starting at 2LDs.

R's,
John