IETF Logo Mail Archive

Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01

Tim Wicinski <tjw.ietf@gmail.com> Thu, 12 November 2015 19:59 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23FCE1B3386 for <dns-privacy@ietfa.amsl.com>; Thu, 12 Nov 2015 11:59:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KvMthDg8etBz for <dns-privacy@ietfa.amsl.com>; Thu, 12 Nov 2015 11:59:04 -0800 (PST)
Received: from mail-pa0-x22d.google.com (mail-pa0-x22d.google.com [IPv6:2607:f8b0:400e:c03::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF7F61B3385 for <dns-privacy@ietf.org>; Thu, 12 Nov 2015 11:59:03 -0800 (PST)
Received: by padhx2 with SMTP id hx2so74480038pad.1 for <dns-privacy@ietf.org>; Thu, 12 Nov 2015 11:59:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=wORR9SWyBNDJSkKb/2nmFROgLuG5RR96t2vldJWeOcQ=; b=c/JmC82M80GL333fcWVAvGcQhQtUiWF9qYO+vDGtwqgQvEWfuXSCkl8bJTowrz7Pw1 I3H2xDaQzQnPmboZArf6EmUg0+djOYhatM66jkSgv7npopPUKK/uwuEJyndooIQO4W/h qZ9vR0fAEwNKoulpKeHmeWxmcLlyuvD86Ra5uXh/PmkfOImKXAygKR9w2PYcB7PCXFlC FnLr11HjsCy0Cw7rKVGPqLcMhGW6YYVGxlYHtIpNBLbg878DaZ0q2bRKP0M7FSiNYV9x vEumgMBaaiPyuiUeVQ7GbHaw5XIEuquMyCsqDtlIInVQxBtIe86HB5Jjq8YacjjNFxLS 3fCw==
X-Received: by 10.68.135.199 with SMTP id pu7mr25707142pbb.98.1447358343646; Thu, 12 Nov 2015 11:59:03 -0800 (PST)
Received: from twicinski-ltm.internal.salesforce.com ([204.14.239.13]) by smtp.googlemail.com with ESMTPSA id yh3sm16215603pbb.82.2015.11.12.11.59.02 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Nov 2015 11:59:02 -0800 (PST)
To: Simon Josefsson <simon@josefsson.org>, "Mankin, Allison" <amankin@verisign.com>
References: <CAHw9_i+8Jxs1ZFOUS5DJ46GJugJzQq6NGOMJbDMPgLvT9AZAag@mail.gmail.com> <87fv113gq6.fsf@latte.josefsson.org> <D2500269.1270%paul.hoffman@icann.org> <CAJE_bqf-sEJuq+_oA6stYS=gW2DSuk_ivkpUdo=AEZyX29gcrA@mail.gmail.com> <837F97E2-47E2-4106-B907-DF144EFCF575@sinodun.com> <1f981f52279347f2b0b119a0ac942457@XCH-RCD-017.cisco.com> <9B6EB2BA-35E0-4B2C-8D84-177974D678DF@sinodun.com> <af61d3cb9f0f4d0fbd54b2b4c24d69b6@XCH-RCD-017.cisco.com> <48313B38-AABC-47C1-A236-9C88B3944959@sinodun.com> <4dc5210ebc10401792eafb499d4a13d7@XCH-RCD-017.cisco.com> <4FEF4ACE-138C-4298-B102-F43DAB1CA2EF@verisign.com> <87h9kvynnr.fsf@latte.josefsson.org>
From: Tim Wicinski <tjw.ietf@gmail.com>
Message-ID: <5644EF87.7030701@gmail.com>
Date: Thu, 12 Nov 2015 11:59:03 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <87h9kvynnr.fsf@latte.josefsson.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/lFyV1Xo0ciDg-94_oDbPUrM7xp0>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>, Sara Dickinson <sara@sinodun.com>, "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2015 19:59:07 -0000

(as chair)

I don't see the point in holding up this document for the other DTLS 
document(s).   Using the "running code" practice, there is code out here 
which supports dns-over-tls.   The authors of dns-over-dtls do not have 
a plan to implement any solutions at this time.  However, as chair, I've 
reached out and I do believe some of the folks who have implemented the 
current dns-over-tls solution work on a proof of concept of dns-over-dtls.

I'll chat with Warren about this, but I don't see the reasons to hold 
this one for now.

tim

On 11/9/15 11:32 AM, Simon Josefsson wrote:
> "Mankin, Allison" <amankin@verisign.com> writes:
>
>> My two cents is that the authentication profile for TLS and DTLS
>> should not be the same as a draft with flows.
>>
>> I reviewed the flows draft before it was submitted (and thank the
>> authors for responding to initial comments).  Unsurprisingly, the
>> flows draft is almost entirely made up of flows.  I estimate that many
>> will have to change in response to DPRIVE WG review/discussion of the
>> DTLS fragmentation scheme; also, some of them may need to change based
>> on what is finalized for 1.3 in the TLS WG.  In keeping with other
>> precedents at IETF, I’d see the flows draft as an informational
>> document to help implementors/deployers.
>
> I don't think this WG should wait for completion of TLS 1.3.  If you
> write drafts the right way, I don't see anything that needs to be
> changed moving from TLS 1.2 to TLS 1.3.  Or are you thinking of
> mandating TLS >= 1.3 for dprive?
>
> I believe the dprive documents are in reasonable shape, and the only
> worrying concern is that the (D)TLS-considerations ought to be
> synchronized between DoDTLS and DoTLS.  It appears there is already work
> towards fixing that, and once that document is available, there could be
> a WG last call on all three documents.  I don't see anything that would
> prevent this from happening during the next 0-3 months process-wise.  I
> believe that TLS 1.3 will not be finalized within that time-frame.
>
> /Simon
>
>>
>> The authentication profile for TLS/DTLS is something we can pull
>> together now, with some work by the WG, and I’d expect it to be
>> standards track.  I would not want to delay it for finishing the
>> detailed engineering on the DTLS draft.
>>
>> Bottom line: I very much support Sara’s offer to start a stand-alone
>> document for the authentication profile.  Speaking for the TLS
>> authors, we’ll be happy to add language pointing ahead to an
>> authentication profile external to our draft.
>>
>> Allison
>>
>> .
>>
>>
>>> On Oct 27, 2015, at 11:12 AM, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com> wrote:
>>>
>>>
>>>
>>> From: Sara Dickinson [mailto:sara@sinodun.com <mailto:sara@sinodun.com>]
>>> Sent: Tuesday, October 27, 2015 7:34 PM
>>> To: Tirumaleswar Reddy (tireddy)
>>> Cc: dns-privacy@ietf.org <mailto:dns-privacy@ietf.org>
>>> Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01
>>>
>>>
>>> On 27 Oct 2015, at 12:31, Tirumaleswar Reddy (tireddy)
>>> <tireddy@cisco.com <mailto:tireddy@cisco.com>> wrote:
>>>
>>>
>>> I’m saying I think creating a separate document that specifically
>>> covers authentication for both TLS and DTLS makes most sense to me
>>> and will be clearer for consumers of the documents.
>>>
>>> [TR] We can move this Section to
>>> https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00
>>> <https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00>
>>> and that will take care both (D)TLS profile for DNS privacy and
>>> authenticating the server.
>>>
>>> I guess this is a decision for the working group since the DTLS
>>> draft is adopted, but the above document isn’t.
>>>
>>> [TR] Yes, of course; will do that only after WG feedback and adoption of the draft.
>>>
>>> -Tiru
>>>
>>> Sara.
>>> _______________________________________________
>>> dns-privacy mailing list
>>> dns-privacy@ietf.org <mailto:dns-privacy@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/dns-privacy
>>> <https://www.ietf.org/mailman/listinfo/dns-privacy>
>> _______________________________________________
>> dns-privacy mailing list
>> dns-privacy@ietf.org
>> https://www.ietf.org/mailman/listinfo/dns-privacy
>>
>>
>>
>> _______________________________________________
>> dns-privacy mailing list
>> dns-privacy@ietf.org
>> https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email