IETF Logo Mail Archive

Re: [dns-privacy] Possible use case: Opportunistic encryption for recursive to authoritative

Peter van Dijk <peter.van.dijk@powerdns.com> Mon, 10 August 2020 09:01 UTC

Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3F4A3A148E for <dns-privacy@ietfa.amsl.com>; Mon, 10 Aug 2020 02:01:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.685
X-Spam-Level:
X-Spam-Status: No, score=-1.685 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.212, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a721eLaqNqFx for <dns-privacy@ietfa.amsl.com>; Mon, 10 Aug 2020 02:01:02 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09CA53A145E for <dns-privacy@ietf.org>; Mon, 10 Aug 2020 02:01:02 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx4.open-xchange.com (Postfix) with ESMTPS id 629CE6A244; Mon, 10 Aug 2020 11:01:00 +0200 (CEST)
Received: from plato (unknown [10.20.120.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 403543C029C; Mon, 10 Aug 2020 11:01:00 +0200 (CEST)
Message-ID: <89f7bbf801f78dc7917cc6169b043be1524281a2.camel@powerdns.com>
From: Peter van Dijk <peter.van.dijk@powerdns.com>
To: DNS Privacy Working Group <dns-privacy@ietf.org>
Date: Mon, 10 Aug 2020 11:00:59 +0200
In-Reply-To: <CAChr6SzAxy6AFUb0BDm2VgcrG=pxNqx6b5Ex+S4mLNAT26A_jA@mail.gmail.com>
References: <CAChr6SwGjo889gkMK0aE-76NTSrP799jMm8RBQaDRKo+XvWQ-w@mail.gmail.com> <20200808020442.127E71E60494@ary.qy> <CAChr6SzAxy6AFUb0BDm2VgcrG=pxNqx6b5Ex+S4mLNAT26A_jA@mail.gmail.com>
Organization: PowerDNS.COM B.V.
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5-1.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/jez1WKXUjCG3smDe5cbB0iQrdHQ>
Subject: Re: [dns-privacy] Possible use case: Opportunistic encryption for recursive to authoritative
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 09:01:11 -0000

On Fri, 2020-08-07 at 19:12 -0700, Rob Sayre wrote:
> The issue is that connection establishment will be expensive, which is something separate from getting a bunch of queries. As others have pointed out, this cost will be amortized to almost nothing most of the time. After an outage, this connection establishment cost will have to be dealt with in parallel.
> 
> I don't have an opinion on whether this should be implementation guidance, or even in the spec.

In the DS pinning draft, we explicitly decided to leave this out of scope, as we wouldn't want to prescribe resolver behaviour for other discovery methods (such as opportunistic). Sensible handling of connection establishment and pooling feels like a separate topic to me, so I don't think it should be part of any discovery document. I am unsure it should be an IETF spec at all.

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

v2.23.0 | Report a Bug | By Email