[dns-privacy] [dprive] Specification of DNS over Dedicated QUIC Connections (draft-ietf-dprive-dnsoquic-04) - feedback
"Quick, Matthew" <mquick@verisign.com> Wed, 22 September 2021 15:14 UTC
Return-Path: <mquick@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82C043A263E for <dns-privacy@ietfa.amsl.com>; Wed, 22 Sep 2021 08:14:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_c3_y9nNntX for <dns-privacy@ietfa.amsl.com>; Wed, 22 Sep 2021 08:14:25 -0700 (PDT)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53E073A263C for <dns-privacy@ietf.org>; Wed, 22 Sep 2021 08:14:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=69644; q=dns/txt; s=VRSN; t=1632323666; h=from:to:subject:date:message-id:mime-version; bh=NyxL3ylbMkCOniotkqPTJYc1uQXBhH9+KlCYB03IdVE=; b=oH6yy0+mfRnGykWzTI8B5YENuxQYsMeFpDH3y2cW7Ug7xao9EAdyC/ot ybjlVw7/9Uv4yZmI1J5OnpIS4BJ3C2bYI4Mu5QnxNOZ/dFuKFeqi0/z0E 4KL+8QDSZ/hG4jRe/RlxXoE67tU2e9GD57Gv1Zn4paBKqFEq0Q6oxWLg0 /IVKVuJc+W6uXMqVHFIn7u3p49B/FeMZK7heTqszQHmD8c75tAhdwnpZ8 Xi45xUp4sbxIm3RTG5l/ZluRZ5KoqnNzbc90OMn3rMU4Z+0DBzpDgZGqH TL2QtkRZ9kaV+POyzltEZNrLKSJMzS8Fvd9vXbJYSBRiWWoiEjD+TZIyO g==;
IronPort-SDR: smudpzOERpnlpLuodW2Mi1a/e3E3gRqrLPLGELR6r/K70H/wSlW4N80kSUF2xBY8degeHNhoH1 02TydRBJpPcAJuc3NkHfG5IyGx7R4qMGQSgFYD5UHu5cKbi3u03WazwBD88wUEebB59I9ZkYMI YUFKqOc7ygdrT4JNKXMq7W3mbGeyj/5cr6Mvu/7EEdqF+UpZ1x/N81h2UnVXeR96Nb0PVBNKJN xHXyjA8UC1qiMOmQ1A4GdVw+9QCH9n133bOsn5HIIOh8WNE3XDeEkYYqBrDY1aneHrAho/vePk B9o=
IronPort-Data: A9a23:8g9Jj6Bs8td1dBVW/43hw5YqxClBgxIJ4kV8jS/XYbTApDIkhTwOm jEYUTiPaf7eYjD8ctt1Od+x8RgOuJeAztNrTANkpHpgcSlH+JHPbTi7wuccHM8zwunrFh8PA xA2M4GYRCwMo/y1Si6FatANl1ElvU2zbue6WLOs1hxZH1c+EX9w00g7wIbVv6Yz6TSHK1LV0 T/Ni5CHULOV82Yc3rU8sv/rRLtH5ZweiRtA1rAMTakjUGz2zhH5OKkiyZSZdBMUdGX08tmSH I4vxJnhlo/Q10l1VoP9yt4XeGVSKlLZFVDmZna7x8FOK/WNz8A/+v9TCRYSVatYozumuPMqz NN2j7y9STcSZLPl2+8tcjANRkmSPYUekFPGCVKFl5Ws6WD2KyKq3f5pFllwNIFe5PxsBydF8 vlwxDIlN0jF3r3thuvmEa8w1qzPL+GyVG8bknR50DDSDt44TIrCWKTF45lT2zJYasVmTKiFO 5JIOVKDajzjM0B/YAw+FKg7s76moXzAfGFluE6K8P9fD2/7iVYZPKLWGNbTYZmSX8RLl02Jj mPL42q/BQsVXOFz0hKP6HT1menCjXuiHZkMDvu99+UvilrVzHYVUVsIT0C95/K+jyZSRu5iF qDdwQJ2xYBayaBhZoCVs8GQyJJcgiMhZg==
IronPort-HdrOrdr: A9a23:yzarSaHV6BV+6irQpLqE0ceALOsnbusQ8zAXPhhKOH9om7+j5q KTdZUgpHnJYVkqOU3I9errBEDiewKkyXcW2+ks1N6ZNWGMhILCFu1fBP7ZrQEIbBeQygcy78 pdmuNFebjN5BBB/KLHCSeDYrEd/OU=
X-IronPort-AV: E=Sophos;i="5.85,314,1624320000"; d="png'149?scan'149,208,217,149";a="9634098"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.8; Wed, 22 Sep 2021 11:14:23 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2308.008; Wed, 22 Sep 2021 11:14:23 -0400
From: "Quick, Matthew" <mquick@verisign.com>
To: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dprive] Specification of DNS over Dedicated QUIC Connections (draft-ietf-dprive-dnsoquic-04) - feedback
Thread-Index: AQHXr8SGtAoTxHeLW0S57H4oGtFeZw==
Date: Wed, 22 Sep 2021 15:14:23 +0000
Message-ID: <7B4E24A0-76DA-411E-BA19-7556031DC9E4@contoso.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_004_7B4E24A076DA411EBA197556031DC9E4contosocom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/l-m8_rYRn5jxNSpQUwqhwIUISOM>
Subject: [dns-privacy] [dprive] Specification of DNS over Dedicated QUIC Connections (draft-ietf-dprive-dnsoquic-04) - feedback
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Sep 2021 15:14:32 -0000
Dear Christian et al,
Hello - I hope this finds you well. Please find an additional section suggestion and comments for “draft-ietf-dprive-dnsoquic-04”, below. Your feedback is greatly appreciated.
Best,
Matthew Quick, Verisign
____________________________
9. Privacy Considerations
Justification:
The reference to [I-D.ietf-dprive-rfc7626-bis] is obsoleted when it became [RFC9076] in July 2021.
Existing Text:
The general considerations of encrypted transports provided in "DNS Privacy Considerations" [I-D.ietf-dprive-rfc7626-bis] apply to DoQ.
Suggested Text:
The general considerations of encrypted transports provided in "DNS Privacy Considerations" [RFC9076] apply to DoQ.
____________________________
9.1 Privacy Considerations
Justification:
The reference to [RFC7626] is obsoleted when it became [RFC9076] in July 2021.
Existing Text:
This risk is in fact a subset of the general problem of observing the behavior of the recursive resolver discussed in "DNS Privacy Considerations" [RFC7626].
Suggested Text:
This risk is in fact a subset of the general problem of observing the behavior of the recursive resolver discussed in "DNS Privacy Considerations" [RFC9076].
____________________________
9. Privacy Considerations
Justification:
The new text only applies to interactions with authoritative name servers, not stub to recursive, so it fits well as an additional part of Section 9 – Privacy Considerations. Also, RFC 9076 only mentions QNAME minimization, so it’s helpful to have a separate place to expand the explanation of data privacy.
New Section Suggested Text:
9.5. Relationship with Minimization Techniques
QNAME minimization [RFC7816] reduces the sensitive information exchanged to only what’s necessary to perform a requested function. This reduces the risk of disclosure to both outside and inside parties, with no operational impact on the receiver. Additional minimization methods include NXDOMAIN cut processing [RFC8020], and aggressive DNSSEC caching [RFC8198].
____________________________
12.2. Informative References
Justification:
This updates the document reference to [I-D.ietf-dprive-rfc7626-bis] and [RFC7626] to [RFC9076].
Existing Text:
[I-D.ietf-dprive-rfc7626-bis]
Wicinski, T., "DNS Privacy Considerations", draft-ietf-
dprive-rfc7626-bis-09 (work in progress), March 2021.
…
[RFC7626] Bortzmeyer, S., "DNS Privacy Considerations", RFC 7626,
DOI 10.17487/RFC7626, August 2015,
<https://www.rfc-editor.org/info/rfc7626>.
Suggested Text:
[RFC9076] T. Wicinski, "DNS Privacy Considerations",
RFC 9076, DOI 10.17487/RFC9076, July 2021,
<https://www.rfc-editor.org/info/rfc9076>.
Matthew Quick
Senior Engineer
Industry Standards & Technical Engagement
mquick@verisign.com<mailto:mquick@verisign.com>
571.732.6173
[signature_817490243]
12061 Bluemont Way, Reston, VA 20190
- [dns-privacy] [dprive] Specification of DNS over … Quick, Matthew
- Re: [dns-privacy] [dprive] Specification of DNS o… Sara Dickinson
- Re: [dns-privacy] [dprive] Specification of DNS o… Quick, Matthew