IETF Logo Mail Archive

Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dnsodtls.

Bob Harold <rharolde@umich.edu> Thu, 18 August 2016 13:26 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F169212DE52 for <dns-privacy@ietfa.amsl.com>; Thu, 18 Aug 2016 06:26:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWzGCMDQQmAP for <dns-privacy@ietfa.amsl.com>; Thu, 18 Aug 2016 06:26:24 -0700 (PDT)
Received: from mail-yb0-x22b.google.com (mail-yb0-x22b.google.com [IPv6:2607:f8b0:4002:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78A1712DE4B for <dns-privacy@ietf.org>; Thu, 18 Aug 2016 06:26:24 -0700 (PDT)
Received: by mail-yb0-x22b.google.com with SMTP id z10so5305098ybh.2 for <dns-privacy@ietf.org>; Thu, 18 Aug 2016 06:26:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=FGpp87HApwLyNucwxnUGDXu/EZg/YdV+ZYVm3kHNoXI=; b=EAFWbGyiuc2BPpXsAHH6/kMaeD4lEc1t8k+B+Pu64yC0sKZ9KSZ/7FLJjpdvRfcg8X ir8UCJRSq/z0lW/6gthYuVlMK3yKOrv3zHvNgwKZvTPTMdhSMS0+eRycaqUPxJAaci75 wRydzn1heOOt1UNzEnQAi8vR3+SqHvEk1fHwAClR5OtAbzPAgTx1806N8MDW/a05KCZ+ ODU0B+13b23vWguH1ROzneHF1u1IQhXjDbF16JVHjMa56pe27E7eMGhmWv/33tuMVotm BqfXgS+dDyLeQguFHHJ+5tI8+2LUZODoMIPoGjhtACPSf/tLitw6K03wNMtW2xx4mc6r ijJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=FGpp87HApwLyNucwxnUGDXu/EZg/YdV+ZYVm3kHNoXI=; b=VY77B5u0btx79J6b+KLmvwKQRPX2l+7oiwv2YOjGvtHm7WE63bKiWPUgv1ve/5e3yz WuHjA9NS2Fy0TRh3FGy/uNhVfQLaYGDqfHIMdOymjOfntgOcCIPB45eQacZb5QIlId9w jzXGGl+CsMjdeEgWeNjPFxeKKV0zlWTaUcIUw1QouFmYFvQZ1EW2OhbfAFNV2cCDvNN+ 3tdwTXzyPJN1JYIyPhMdfn7iEWcvOSBrFaDZw+nAGIgFef4ZMUpUWHIIz//BpC6nyeoH 5g+BwKGRIZvZTPW5yP4XW3b+QL/hl2hY5ATSolik1wl7za6scortd2nWHRgiRabVXw7p 171w==
X-Gm-Message-State: AEkoouuz4GrArde29k8B7+b+ZgSXV85zhgMwfCX26lv+Ts7FGyaYzSS78XdvLcWaKpsmDaOWuaoaXlg+VhB4auRY
X-Received: by 10.37.22.5 with SMTP id 5mr1631881ybw.36.1471526783457; Thu, 18 Aug 2016 06:26:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.255.3 with HTTP; Thu, 18 Aug 2016 06:26:22 -0700 (PDT)
In-Reply-To: <e1354ea4f0f946399237a561de2c3818@XCH-RCD-017.cisco.com>
References: <CAHw9_iLWW-e_de9ieq_oe_eR=RBWg9swG7EiAPTp93825Vm=pw@mail.gmail.com> <CA+nkc8AQHF1vD5V9rMd=WHHNERt8zKa5s+XKmNAbHWshXuzL-Q@mail.gmail.com> <e1354ea4f0f946399237a561de2c3818@XCH-RCD-017.cisco.com>
From: Bob Harold <rharolde@umich.edu>
Date: Thu, 18 Aug 2016 09:26:22 -0400
Message-ID: <CA+nkc8B6yV9K5n_5_HFCLvqiHfb5_RMq6V-W4U_QhdYgM5c+KA@mail.gmail.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Content-Type: multipart/alternative; boundary="001a1141689834f2af053a5887c0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/nZ7k9SiVBHzmKw9c-ci6N7wk_mo>
Cc: "DPRIVE-chairs@tools.ietf.org" <DPRIVE-chairs@tools.ietf.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>, Warren Kumari <warren@kumari.net>, "draft-ietf-dprive-dnsodtls@ietf.org" <draft-ietf-dprive-dnsodtls@ietf.org>
Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dnsodtls.
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 13:26:28 -0000

On Thu, Aug 18, 2016 at 1:14 AM, Tirumaleswar Reddy (tireddy) <
tireddy@cisco.com> wrote:

> *From:* Bob Harold [mailto:rharolde@umich.edu]
> *Sent:* Wednesday, August 17, 2016 9:13 PM
> *To:* Warren Kumari <warren@kumari.net>
> *Cc:* dns-privacy@ietf.org; draft-ietf-dprive-dnsodtls@ietf.org;
> DPRIVE-chairs@tools.ietf.org
> *Subject:* Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dnsodtls.
>
>
>
>
>
>
>
> On Tue, Aug 16, 2016 at 1:05 PM, Warren Kumari <warren@kumari.net> wrote:
>
> Dear DPRIVE WG,
>
> The authors of draft-ietf-dprive-dnsodtls have indicated that they
> believe that the document is ready, and have asked for Working Group
> Last Call.
>
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/
>
> Please review this draft to see if you think it is ready for
> publication and send comments to the list, clearly stating your view.
>
> This WGLC ends Tue 30-Aug-2016.
>
> In addition, to satisfy RFC 6702 ("Promoting Compliance with
> Intellectual Property Rights (IPR)"):
> Are you personally aware of any IPR that applies to
> draft-ietf-dprive-dnsodtls?  If so, has this IPR been disclosed in
> compliance with IETF IPR rules? (See RFCs 3979, 4879, 3669, and 5378
> for more details.)
>
> Thanks,
> Warren Kumari
>
>
>
> Looks good to me.  A couple grammatical concerns:
>
>
>
> Section "3.1.  Session Initiation"
>
> The last sentance might sound better by adding "therefore" in the middle:
>
>
>
> "There are
>    significant security issues in mixing protected and unprotected data,
>
>             therefore
>    UDP connections on a port designated by a given server for DNS-over-
>    DTLS are reserved purely for encrypted communications."
>
>
>
> [TR] Updated in my local copy.
>
>
>
> Section "4. Performance Considerations"
> This sentence does not read well to me:
>
> "TLS False Start] which reduces round-trips
>    by allowing the TLS second flight of messages (ChangeCipherSpec) to
>    also contain the (encrypted) DNS query. "
>
>
>
> [TR] How about the following line ?
>
> TLS False Start [I-D.ietf-tls-falsestart] can reduce the round-trips in
> certain situations.
>

[BH] That would work.. I was think just change "which reduces" to "can
reduce":
"TLS False Start] can reduce round-trips
   by allowing the TLS second flight of messages (ChangeCipherSpec) to
   also contain the (encrypted) DNS query. "



>
>
> -Tiru
>
>
>
> --
>
> Bob Harold
>
>
>
>

v2.23.0 | Report a Bug | By Email