Re: [dns-privacy] [Ext] Re: ADoT requirements for authentication?
Brian Dickson <brian.peter.dickson@gmail.com> Fri, 01 November 2019 16:58 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3D03120963 for <dns-privacy@ietfa.amsl.com>; Fri, 1 Nov 2019 09:58:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p37PBPFxEOuN for <dns-privacy@ietfa.amsl.com>; Fri, 1 Nov 2019 09:58:37 -0700 (PDT)
Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BCED120A30 for <dns-privacy@ietf.org>; Fri, 1 Nov 2019 09:58:37 -0700 (PDT)
Received: by mail-vs1-xe2c.google.com with SMTP id y23so274647vso.1 for <dns-privacy@ietf.org>; Fri, 01 Nov 2019 09:58:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lnBTlJz4tHclv+hyktXBJraXEL+84KVVQK5YOmoVbb8=; b=WQ2fnRjLQSjBC3xiDCyPucmhzO8zLw8ixrjgMRvwRk6QbEnyDY7ruEaODZCQMQzqyy LQqAxIQd5+lpvgSwOyOw4EKCBv5NilQ20ngU8Dg3HxUkJ7YtEJkrVa5NXVDcyQR9Qvei yKfZZ9E0iFj3004CvxF0K9cwP6Z/cnvTqmsNyVn2AsU8VuRG35cL9GSi2A6mLWycVbRf ac7Yp9KlQU5CiFU3EkMyfFhIJY/IqDh79DqI6C+A5QoG65dcov61Yr5IHF5i88jR/2D6 eaWhXbrOPscOy5BdHqUCygHOkzKvbaB9n+UqJRCOM12rbK2Fn2WZhMgEVTrltXe8u+Ft yeig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lnBTlJz4tHclv+hyktXBJraXEL+84KVVQK5YOmoVbb8=; b=tq3Ysbc+6wlW9tZOdKzTKyr4wt4fOLKVH3Vs2WkaGtFYeFgnBuDSjh80lhXZuaoosY qX2JZ4alJR28N6F2ctv8S/youAgmp5jfsvCMU9208PUG1P29S2WlwzhtX6hzG35O1Aw8 itGNgvulJ+zQPS+rcJkx1soOVuyg/zv3bDtz1e53+5o748G8A1Nrct2YFfVrDAHWtWN4 pGagx49g08fGkPYxC8e/9H/IbuWcJgz/MI2bh1ZOFBrCBuJOuZMhSJqbcbXyzub3XWsM 8qZ13qhr/V5qS6KkSNWZDXKqO1kQJlcuytFz2ZpFIcar0SiuPtmnxAurz20Jx5QbcJpA 5GLA==
X-Gm-Message-State: APjAAAV8PHnQ1ndngngpkx8Ny1V1pmNMxWbSHX8GmHm6aHALlwuqUuqW 8JXPAx/RyrN51JF7cqRHFjcI3QV5eK6itmjkFfs=
X-Google-Smtp-Source: APXvYqyuCp1y9kkU6pKp7u0hw0FtZiaEc8UFOE0nyRkrJm6HKuzG6U6AqlwuVKtzz1bTjFR8oyCmEE2t8AK8f92Nmao=
X-Received: by 2002:a67:dd81:: with SMTP id i1mr6238758vsk.136.1572627516289; Fri, 01 Nov 2019 09:58:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsDwDoTQN8Y5Zk7rSVepjwwyatEyAA6f0oJ9DESmAfHfXg@mail.gmail.com> <20191031211222.A6422DBC1C7@ary.qy> <CAH1iCiqYoXMZ0U3yt8AjUXyZVRdDnmHzSpHvYmg++ACZ-U6=zA@mail.gmail.com> <CABcZeBP-k23ZY=f6Lv5A+B+Z_4ar_9ea=G7O+KRriXNLUzKGqw@mail.gmail.com> <95e65176-0b80-fbe0-8409-11fada175c67@nic.cz> <CABcZeBPCMBDEGTpVULJgQEz_5Ddv27jayMxaW-fqXL3HQrqbyw@mail.gmail.com> <CAH1iCirJHDFVEW_vdcVOyGx1KK0zkwmrUEpP=ft-gWHbx7x8fw@mail.gmail.com> <CA+9kkMDKJ08RL8dk=O5-Z7Gj4fTkMpV71RtWWkPEvCKE_9FWFw@mail.gmail.com>
In-Reply-To: <CA+9kkMDKJ08RL8dk=O5-Z7Gj4fTkMpV71RtWWkPEvCKE_9FWFw@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Fri, 01 Nov 2019 11:58:25 -0500
Message-ID: <CAH1iCipE2MMmB-RmFuf5_HFobWn9x+Gkp=yj_40bG7_UqsDryA@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Eric Rescorla <ekr@rtfm.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000078f7b705964be053"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/lCC377AVOfDZJ1pdKj1T5Detc7k>
Subject: Re: [dns-privacy] [Ext] Re: ADoT requirements for authentication?
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 16:58:39 -0000
On Fri, Nov 1, 2019 at 11:37 AM Ted Hardie <ted.ietf@gmail.com> wrote: > Hi Brian, > > On Fri, Nov 1, 2019 at 8:35 AM Brian Dickson < > brian.peter.dickson@gmail.com> wrote: > >> >> 1. The operational cost of serving ADoT answers is prohibitive, due >> to a number of factors >> >> Correction/clarification: This should have read "of serving ADoT on all traffic" (is prohibitive, or likely so). The main gist of this is a desire to establish requirements that avoid the need for all authority traffic to be ADoT in order to achieve privacy. (The presumption is that ADoT is in effect an agreement between recursive and authoritative, and requires the consent of the authoritative.) Brian
- [dns-privacy] DPRIVE Interim: 10/29 Brian Haberman
- Re: [dns-privacy] DPRIVE Interim: 10/29 Allison Mankin
- Re: [dns-privacy] DPRIVE Interim: 10/29 tjw ietf
- Re: [dns-privacy] DPRIVE Interim: 10/29 Brian Haberman
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Paul Hoffman
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Brian Haberman
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Livingood, Jason
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Alexander Mayrhofer
- Re: [dns-privacy] DPRIVE Interim: 10/29 Brian Haberman
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Brian Dickson
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Rob Sayre
- Re: [dns-privacy] DPRIVE Interim: 10/29 Eric Vyncke (evyncke)
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Paul Hoffman
- [dns-privacy] ADoT requirements for authenticatio… Paul Hoffman
- Re: [dns-privacy] ADoT requirements for authentic… Ted Hardie
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Paul Hoffman
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ted Hardie
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ben Schwartz
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Brian Dickson
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Paul Wouters
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Brian Dickson
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ted Hardie
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Brian Dickson
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ben Schwartz
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ted Hardie
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Eric Rescorla
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ben Schwartz
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Eric Rescorla
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Brian Dickson
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ben Schwartz
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Eric Rescorla
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Christian Huitema
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… John Levine
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Jim Reid
- [dns-privacy] DoT at the DNS root Jim Reid
- Re: [dns-privacy] DoT at the DNS root Jim Reid
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Watson Ladd
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Alexander Mayrhofer
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ralf Weber
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Paul Wouters
- Re: [dns-privacy] ADoT requirements for authentic… Tony Finch
- Re: [dns-privacy] [EXTERNAL] Re: [Ext] Re: DPRIVE… Livingood, Jason
- Re: [dns-privacy] [Ext] Re: DPRIVE Interim: 10/29 Livingood, Jason
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Livingood, Jason
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… John Levine
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Jim Reid
- [dns-privacy] ADoT deployment at the root Jim Reid
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Jim Reid
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Brian Dickson
- Re: [dns-privacy] ADoT deployment at the root Ted Hardie
- Re: [dns-privacy] ADoT deployment at the root Warren Kumari
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… John Levine
- Re: [dns-privacy] ADoT deployment at the root John Levine
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… John Levine
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ben Schwartz
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Stephen Farrell
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Brian Dickson
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… John R Levine
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Eric Rescorla
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Vladimír Čunát
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Vladimír Čunát
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Eric Rescorla
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Vladimír Čunát
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Brian Dickson
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Eric Rescorla
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Eric Rescorla
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Brian Dickson
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Brian Dickson
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Vladimír Čunát
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… John R Levine
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Ted Hardie
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… Brian Dickson
- Re: [dns-privacy] [Ext] Re: ADoT requirements for… John R Levine
- Re: [dns-privacy] DPRIVE Interim: 10/29 Brian Haberman