Re: [dns-privacy] Paul Wouters' Discuss on draft-ietf-dprive-unilateral-probing-12: (with DISCUSS and COMMENT)
Paul Wouters <paul@nohats.ca> Tue, 19 September 2023 13:25 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDD00C1516E9; Tue, 19 Sep 2023 06:25:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.404
X-Spam-Level:
X-Spam-Status: No, score=-4.404 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lcpn1CyC6JA8; Tue, 19 Sep 2023 06:25:34 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0449C15155F; Tue, 19 Sep 2023 06:25:33 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4Rqj8V4SCRz3LK; Tue, 19 Sep 2023 15:25:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1695129930; bh=IIFCl9v7xCytbJ25y6kC78eKRrAVLm4TukEQrnHAjks=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=HNOtcuPIl1rOdtrDWAJhXqFFQpgM/LZawjEdVdJ3YohwQHnrR/edeuM9sOUZ9Zu2x QF5go+urtSMH/4OioEuvXcKyxz5We8SgTRZVb5lRIjLienPNIhpt2te4Wq+ADs2jau iKVXNMvPMFae1co3T+KhbIs6sHPxzG87hSQhKTiQ=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id Yfz1beaFZp49; Tue, 19 Sep 2023 15:25:29 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 19 Sep 2023 15:25:29 +0200 (CEST)
Received: from smtpclient.apple (unknown [193.110.157.209]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id 7CD331066C06; Tue, 19 Sep 2023 09:25:28 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Tue, 19 Sep 2023 09:25:13 -0400
Message-Id: <3AAAE140-232B-4FE1-805B-33EEDD28D111@nohats.ca>
References: <BY5PR11MB419692DC13F81876A33931EEB5FAA@BY5PR11MB4196.namprd11.prod.outlook.com>
Cc: Paul Wouters <paul.wouters@aiven.io>, The IESG <iesg@ietf.org>, draft-ietf-dprive-unilateral-probing@ietf.org, dprive-chairs@ietf.org, dns-privacy@ietf.org, brian@innovationslab.net, tjw.ietf@gmail.com
In-Reply-To: <BY5PR11MB419692DC13F81876A33931EEB5FAA@BY5PR11MB4196.namprd11.prod.outlook.com>
To: "Rob Wilton (rwilton)" <rwilton=40cisco.com@dmarc.ietf.org>
X-Mailer: iPhone Mail (20C65)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/kYJ_HcdWYI68qQyvuPBC4PGm7sE>
Subject: Re: [dns-privacy] Paul Wouters' Discuss on draft-ietf-dprive-unilateral-probing-12: (with DISCUSS and COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Sep 2023 13:25:38 -0000
On Sep 19, 2023, at 09:01, Rob Wilton (rwilton) <rwilton=40cisco.com@dmarc.ietf.org> wrote: > > Hi Paul, > > One question/comment on one of your discuss comments inline > [Rob Wilton (rwilton)] > > This makes sense, but do we know what proportion of authoritative servers will have DoT/DoQ enabled? E.g., is this something that the latest version of common DNS server software enables by default, or does it require extract proactive configuration? Currently, my guess is about 0% > I can imagine that if lots of users hit a 3-5s delays for their queries then that could be really annoying. I agree one should only do this to the user via opt-in. Note that users running their own recursive resolvers are already voluntarily taking a delay. And for those recursive servers that are used by many users, this delay would be hardly noticeable as it only happens once a day or less and with prefetching could happen even less. I guess there is a big deployment requirement difference between using a stub to a recursive or running a recursive yourself, which the current document doesn’t consider. > This is also potentially something that could be changed in the future. I.e., default to also sending in the clear now, but with a plan to subsequently change the default behaviour a couple of years down the line. I.e., a phased migration. A couple of years down the line, I was hoping to have authenticated DoT/DoQ and not unilateral probing with unauthenticated TLS. Paul
- [dns-privacy] Paul Wouters' Discuss on draft-ietf… Paul Wouters via Datatracker
- Re: [dns-privacy] Paul Wouters' Discuss on draft-… Rob Wilton (rwilton)
- Re: [dns-privacy] Paul Wouters' Discuss on draft-… Paul Wouters
- Re: [dns-privacy] [Ext] Paul Wouters' Discuss on … Paul Hoffman