IETF Logo Mail Archive

Re: [dns-privacy] [core] [DNSOP] Next steps: draft-ietf-core-dns-over-coap

Carsten Bormann <cabo@tzi.org> Fri, 07 July 2023 08:43 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8F25C15106A; Fri, 7 Jul 2023 01:43:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onz_OdElJap2; Fri, 7 Jul 2023 01:43:37 -0700 (PDT)
Received: from smtp.zfn.uni-bremen.de (smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C47FC14CE4A; Fri, 7 Jul 2023 01:43:36 -0700 (PDT)
Received: from client-0227.vpn.uni-bremen.de (client-0227.vpn.uni-bremen.de [134.102.107.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4Qy6PK3GftzDCfC; Fri, 7 Jul 2023 10:43:33 +0200 (CEST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <DU0P190MB19787639A69DDB74B086A84CFD2DA@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
Date: Fri, 07 Jul 2023 10:43:32 +0200
Cc: Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org>, Christian Amsüss <christian@amsuess.com>, "draft-ietf-core-dns-over-coap@ietf.org" <draft-ietf-core-dns-over-coap@ietf.org>, dnsop <dnsop@ietf.org>, DNS Privacy Working Group <dns-privacy@ietf.org>, "core@ietf.org" <core@ietf.org>
X-Mao-Original-Outgoing-Id: 710412212.7129591-1e5c841324fe56840a2a51a056f3de7d
Content-Transfer-Encoding: quoted-printable
Message-Id: <FA7989CA-7329-4661-B49B-C3B1A837FBCF@tzi.org>
References: <BN8PR15MB32814FED7FC7E459A484967FB32FA@BN8PR15MB3281.namprd15.prod.outlook.com> <DU0P190MB19787639A69DDB74B086A84CFD2DA@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/mN5SlY0eCFjG4X87II2GyPouWqs>
Subject: Re: [dns-privacy] [core] [DNSOP] Next steps: draft-ietf-core-dns-over-coap
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2023 08:43:41 -0000

On 2023-07-07, at 09:26, Esko Dijk <esko.dijk@iotconsultancy.nl> wrote:
> 
> In the last interim meeting presentation “security” was a key driver for this draft.  Which is a very good one; compared to non-secured DNS as the alternative.
>  
> Firmware size and code complexity/BOM are also relevant if this protocol can avoid pulling in extra components (TLS/DTLS) that would otherwise not be needed.
> “More security by reducing complexity and reducing attack surface” also comes to mind here as a secondary security benefit.

Note that “pulling in (D)TLS” may also mean pulling extra key material that needs to be managed separately from the keys relevant to the device’s applications.  

Grüße, Carsten

v2.23.0 | Report a Bug | By Email