Re: [dns-privacy] [Ext] Re: ADoT requirements for authentication?

Brian Dickson <brian.peter.dickson@gmail.com> Fri, 01 November 2019 16:58 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3D03120963 for <dns-privacy@ietfa.amsl.com>; Fri, 1 Nov 2019 09:58:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p37PBPFxEOuN for <dns-privacy@ietfa.amsl.com>; Fri, 1 Nov 2019 09:58:37 -0700 (PDT)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BCED120A30 for <dns-privacy@ietf.org>; Fri, 1 Nov 2019 09:58:37 -0700 (PDT)
Received: by mail-vs1-xe2c.google.com with SMTP id y23so274647vso.1 for <dns-privacy@ietf.org>; Fri, 01 Nov 2019 09:58:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lnBTlJz4tHclv+hyktXBJraXEL+84KVVQK5YOmoVbb8=; b=WQ2fnRjLQSjBC3xiDCyPucmhzO8zLw8ixrjgMRvwRk6QbEnyDY7ruEaODZCQMQzqyy LQqAxIQd5+lpvgSwOyOw4EKCBv5NilQ20ngU8Dg3HxUkJ7YtEJkrVa5NXVDcyQR9Qvei yKfZZ9E0iFj3004CvxF0K9cwP6Z/cnvTqmsNyVn2AsU8VuRG35cL9GSi2A6mLWycVbRf ac7Yp9KlQU5CiFU3EkMyfFhIJY/IqDh79DqI6C+A5QoG65dcov61Yr5IHF5i88jR/2D6 eaWhXbrOPscOy5BdHqUCygHOkzKvbaB9n+UqJRCOM12rbK2Fn2WZhMgEVTrltXe8u+Ft yeig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lnBTlJz4tHclv+hyktXBJraXEL+84KVVQK5YOmoVbb8=; b=tq3Ysbc+6wlW9tZOdKzTKyr4wt4fOLKVH3Vs2WkaGtFYeFgnBuDSjh80lhXZuaoosY qX2JZ4alJR28N6F2ctv8S/youAgmp5jfsvCMU9208PUG1P29S2WlwzhtX6hzG35O1Aw8 itGNgvulJ+zQPS+rcJkx1soOVuyg/zv3bDtz1e53+5o748G8A1Nrct2YFfVrDAHWtWN4 pGagx49g08fGkPYxC8e/9H/IbuWcJgz/MI2bh1ZOFBrCBuJOuZMhSJqbcbXyzub3XWsM 8qZ13qhr/V5qS6KkSNWZDXKqO1kQJlcuytFz2ZpFIcar0SiuPtmnxAurz20Jx5QbcJpA 5GLA==
X-Gm-Message-State: APjAAAV8PHnQ1ndngngpkx8Ny1V1pmNMxWbSHX8GmHm6aHALlwuqUuqW 8JXPAx/RyrN51JF7cqRHFjcI3QV5eK6itmjkFfs=
X-Google-Smtp-Source: APXvYqyuCp1y9kkU6pKp7u0hw0FtZiaEc8UFOE0nyRkrJm6HKuzG6U6AqlwuVKtzz1bTjFR8oyCmEE2t8AK8f92Nmao=
X-Received: by 2002:a67:dd81:: with SMTP id i1mr6238758vsk.136.1572627516289; Fri, 01 Nov 2019 09:58:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsDwDoTQN8Y5Zk7rSVepjwwyatEyAA6f0oJ9DESmAfHfXg@mail.gmail.com> <20191031211222.A6422DBC1C7@ary.qy> <CAH1iCiqYoXMZ0U3yt8AjUXyZVRdDnmHzSpHvYmg++ACZ-U6=zA@mail.gmail.com> <CABcZeBP-k23ZY=f6Lv5A+B+Z_4ar_9ea=G7O+KRriXNLUzKGqw@mail.gmail.com> <95e65176-0b80-fbe0-8409-11fada175c67@nic.cz> <CABcZeBPCMBDEGTpVULJgQEz_5Ddv27jayMxaW-fqXL3HQrqbyw@mail.gmail.com> <CAH1iCirJHDFVEW_vdcVOyGx1KK0zkwmrUEpP=ft-gWHbx7x8fw@mail.gmail.com> <CA+9kkMDKJ08RL8dk=O5-Z7Gj4fTkMpV71RtWWkPEvCKE_9FWFw@mail.gmail.com>
In-Reply-To: <CA+9kkMDKJ08RL8dk=O5-Z7Gj4fTkMpV71RtWWkPEvCKE_9FWFw@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Fri, 01 Nov 2019 11:58:25 -0500
Message-ID: <CAH1iCipE2MMmB-RmFuf5_HFobWn9x+Gkp=yj_40bG7_UqsDryA@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Eric Rescorla <ekr@rtfm.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000078f7b705964be053"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/lCC377AVOfDZJ1pdKj1T5Detc7k>
Subject: Re: [dns-privacy] [Ext] Re: ADoT requirements for authentication?
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 16:58:39 -0000

On Fri, Nov 1, 2019 at 11:37 AM Ted Hardie <ted.ietf@gmail.com> wrote:

> Hi Brian,
>
> On Fri, Nov 1, 2019 at 8:35 AM Brian Dickson <
> brian.peter.dickson@gmail.com> wrote:
>
>>
>>    1. The operational cost of serving ADoT answers is prohibitive, due
>>    to a number of factors
>>
>>
Correction/clarification: This should have read "of serving ADoT on all
traffic" (is prohibitive, or likely so).

The main gist of this is a desire to establish requirements that avoid the
need for all authority traffic to be ADoT in order to achieve privacy.
(The presumption is that ADoT is in effect an agreement between recursive
and authoritative, and requires the consent of the authoritative.)

Brian