IETF Logo Mail Archive

Re: [dns-privacy] Last Call: <draft-ietf-dprive-rfc7626-bis-03.txt> (DNS Privacy Considerations) to Informational RFC

Stephane Bortzmeyer <bortzmeyer@nic.fr> Thu, 09 January 2020 15:44 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A40C61202A0; Thu, 9 Jan 2020 07:44:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V2dbgG2-ZNWR; Thu, 9 Jan 2020 07:44:47 -0800 (PST)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E88BC120809; Thu, 9 Jan 2020 07:44:46 -0800 (PST)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 83ACD2802F3; Thu, 9 Jan 2020 16:44:45 +0100 (CET)
Received: by mx4.nic.fr (Postfix, from userid 500) id 7C00E280678; Thu, 9 Jan 2020 16:44:45 +0100 (CET)
Received: from relay01.prive.nic.fr (unknown [10.1.50.11]) by mx4.nic.fr (Postfix) with ESMTP id 73B4E2802F3; Thu, 9 Jan 2020 16:44:45 +0100 (CET)
Received: from b12.nic.fr (b12.users.prive.nic.fr [10.10.86.133]) by relay01.prive.nic.fr (Postfix) with ESMTP id 6FAF3642C581; Thu, 9 Jan 2020 16:44:45 +0100 (CET)
Received: by b12.nic.fr (Postfix, from userid 1000) id 661643FDEE; Thu, 9 Jan 2020 16:44:45 +0100 (CET)
Date: Thu, 09 Jan 2020 16:44:45 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: S Moonesamy <sm+ietf@elandsys.com>
Cc: dns-privacy@ietf.org, Brian Haberman <brian@innovationslab.net>, draft-ietf-dprive-rfc7626-bis@ietf.org, dprive-chairs@ietf.org
Message-ID: <20200109154445.GD28511@nic.fr>
References: <157412591286.14148.8912544206473080519.idtracker@ietfa.amsl.com> <6.2.5.6.2.20200101181705.081679d0@elandnews.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <6.2.5.6.2.20200101181705.081679d0@elandnews.com>
X-Operating-System: Debian GNU/Linux 10.2
X-Kernel: Linux 4.19.0-6-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=1.2.2
X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2019.11.5.63017
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/kHdIAg-DAwxhOzNhQfUfhb5MY7Y>
Subject: Re: [dns-privacy] Last Call: <draft-ietf-dprive-rfc7626-bis-03.txt> (DNS Privacy Considerations) to Informational RFC
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2020 15:44:49 -0000

On Wed, Jan 01, 2020 at 10:45:58PM -0800,
 S Moonesamy <sm+ietf@elandsys.com> wrote 
 a message of 63 lines which said:

> There are currently four (IETF) working groups focused on DNS with three of
> them having privacy as part of their charter.

doh, dnssd and dprive (plus dnsop)?

> Section 1 of the draft has a tutorial of how DNS works.  What is the
> audience for this draft?

People (mostly at the IETF) interested by DNS privacy. When preparing
RFC 7626, we saw that many IETF participants had fuzzy (and sometimes
wrong) ideas about the DNS so this introduction seems a good idea.

> Section 3.1 of the draft discusses about the claim that "the data in the DNS
> is public".  The claim is supported [1] by one of the authors of the
> draft.

It is indeed an important tenet of the draft (as it was for RFC 7626).

> The draft states that the claim makes sense.  What is the meaning of the
> "data in the DNS"?

I'm confused. Is it a real question? Anyway, it proves that a tutorial
on the DNS is useful :-) So, "data" is the content of the Answer,
Additional and Authority sections in the answer. RFC 7626, section
2.1.

> The choice of resolvers was previously made by the network on which
> the user was connected.

No. (If you say Yes, please quote the relevant RFC.) DNS is a
protocol, the way a machine provisions its resolver(s) is out of scope.

> Recently, the Internet Engineering Steering Group approved the
> standardization of a mechanism so that the choice can be made by a
> web browser.

That's a very serious misrepresentation of DoH. Counter-example:
Google Chrome did DNS resolution with UDP, a long time ago. 

> The data from the DNS query is, with some exceptions, automatically
> transferred to a foreign jurisdiction.

Again, it seems you don't know the difference between a protocol and
an implementation.

v2.23.0 | Report a Bug | By Email