Re: [dns-privacy] Next steps for draft-rescorla-dprive-adox

Ben Schwartz <bemasc@google.com> Thu, 13 May 2021 00:01 UTC

Return-Path: <bemasc@google.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8576D3A1B60 for <dns-privacy@ietfa.amsl.com>; Wed, 12 May 2021 17:01:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNAi8e18AWDW for <dns-privacy@ietfa.amsl.com>; Wed, 12 May 2021 17:00:57 -0700 (PDT)
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E790E3A1B59 for <dprive@ietf.org>; Wed, 12 May 2021 17:00:56 -0700 (PDT)
Received: by mail-wr1-x432.google.com with SMTP id n2so25361936wrm.0 for <dprive@ietf.org>; Wed, 12 May 2021 17:00:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=i92FSBsVNiZHlCE/jvbInDGUTIf/yo5AVyWsUXWvslg=; b=rw2hcl9Awii3S49OE+x0pyYSApYKc+vmcmBkm4zPUTlQEMYHaf8sFXfGUGauXZvI57 V/q2ZTYmAIeUAhgYxzZs710O6aR5k7NVPkhGSWeX3IYXW9rmOx6q42GNvrbbXHvXY6/p F1Ae48EPfiog8xNKpXNYDL5hG1Olb7HnS044i9MHSNnwvHKBG1V+SanDHE90wdrDXfRR gkdScW5MeklSuSCoNszgiMh6Q3/oO8fZfLEEBR7g99qH0JJbs/3U4hsw8hDc+GO7Qn8+ aZ5QD0ILky4VraXDNHbsk+Q7uiT4p6526uGVvoDXBMiE/RuATn4VmXMRi6WfqvWwQ1Sq AFiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=i92FSBsVNiZHlCE/jvbInDGUTIf/yo5AVyWsUXWvslg=; b=cQDDlbTxRxZ3TDat/qx9RqoKsCAbYrE4pOCX56RlK2pwBLba8qViDLT3omxNdF2EGl Lubgdk7GaNmFuQ9a0ZoZDs7YW4ndSSwLUmh1ve3GR24cJ0KYqdBiFv3KwifK2NrPs7jX K+rUdB2SgOGLmiQ6USl/PXLY1n5HLk5jz2Xu2u+39+RE13LpJsv5cD07dm7pMNuKN9hd ACLhZ+/4lsccwvH1oJrkgFTgaYn6UzUUQz5YXw3Co7UYxoQvlPIV9Odhj9KZeNf4ng5+ 3XTACs8egW1hK488tnJ59GlyubuQLc1rA/mxkWhY6L7FJHWuw3117hAolew6qOFjPi1h AE5g==
X-Gm-Message-State: AOAM533yXEVgcp0bkHbcbbh8m8vzsUCeCIKqq/a7vY9ZaPsoMY4A7xDu 2Rp39wW3eSFiHGAiGXLwVqzfjbg5vMrI/G8Lqp3UPA==
X-Google-Smtp-Source: ABdhPJzastspNXDQ84oCaiYzCs/z8qSd4HGkTTLv7hdOz6fLyV5eNPQ4L3gkN7UbjruPjAZgdInBrZOXQkW5XU8fh8o=
X-Received: by 2002:adf:eec4:: with SMTP id a4mr49016695wrp.159.1620864053656; Wed, 12 May 2021 17:00:53 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsB=q-zgEbBB6cM3dimx8hsue93ego7JG8PY=WMPQeYp2w@mail.gmail.com> <39000723-2624-4770-8C54-B96357F24844@nohats.ca>
In-Reply-To: <39000723-2624-4770-8C54-B96357F24844@nohats.ca>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 12 May 2021 17:00:42 -0700
Message-ID: <CAHbrMsDLerdfhnEKLZNjig+8sc7nse8LPHR19EXBiRrANGuaFg@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: Eric Rescorla <ekr@rtfm.com>, dprive@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000002a8ec105c22ad238"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/nxXlotkjtQdAQLxiMH8clOTKymM>
Subject: Re: [dns-privacy] Next steps for draft-rescorla-dprive-adox
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2021 00:01:02 -0000

On Wed, May 12, 2021 at 4:40 PM Paul Wouters <paul@nohats.ca> wrote:
...

> The draft is proposing a fundamental change in the processing of the new
> proposed RR. It is a major protocol change, as opposed to simply adding a
> new RR TYPE that works under RFC 3597
>

Regarding RFC 3597, this proposal is actually entirely compliant.  The
concerns we're grappling with are due to the lack of RFC 3597 compliance
elsewhere.

That work should not be done in this WG. Any fundamental change in how DNS
> operates belongs on dnsop (well, dnsext but that role was taken on by dnsop)
>

It seems to me that encrypting resolver-authoritative connections is a
fundamental change in how DNS operates.