[dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-dnsodtls-13: (with DISCUSS and COMMENT)
"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Tue, 13 December 2016 13:03 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 053F3129546; Tue, 13 Dec 2016 05:03:16 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.39.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148163419601.29447.15218887979317459041.idtracker@ietfa.amsl.com>
Date: Tue, 13 Dec 2016 05:03:16 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/qV5EL91iT8hqEScrP19-EwVaBuM>
Cc: tjw.ietf@gmail.com, dns-privacy@ietf.org, draft-ietf-dprive-dnsodtls@ietf.org, dprive-chairs@ietf.org
Subject: [dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-dnsodtls-13: (with DISCUSS and COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2016 13:03:16 -0000
Stephen Farrell has entered the following ballot position for draft-ietf-dprive-dnsodtls-13: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I have two discuss points to chat about before I ballot yes for this: (1) I think it'd be good to make the nature of this RFC clear in the document, so that folks don't get confused and implement this now, when we think they ought be using TLS for stub to recursive privacy. I'd suggest maybe adding a note here (possibly an IESG note, or just more text before 1.1, whatever), that says something like: "This DTLS solution was considered by the DPRIVE working group as an option to use in case the TLS based approach specified in RFC7858 turns out to have some issues when deployed. At the time of writing, it is expected that RFC7858 is what will be deployed, and so this specification is mainly intended as a backup." Note that while text like that may also end up in the profiles document, I still think it may be useful here as well. (2) Section 4: No mention of OCSP stapling? And come to think of it, how would non-stapled OCSP even work? And since I've now thought of it, how will OCSP work with RFC7858? Does this (and 7858) need to mandate stapling or no revocation checking via OCSP at all? (Apologies for not asking about that when we were processing 7858;-) ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- - 3.3: What does "of the order of several seconds" mean? If you mean O(10s) then why not say that? - 3.3: Is figure 1 really needed? There's no longer any meaningful reference to it from the text. (I forget if there once was.) - To try answer Benoit's comment: I think that this is a part of the overall DPRIVE experiment, so it's a little hard to say exactly how this document alone constitutes a useful experiment. But see also my discuss point#1.
- [dns-privacy] Stephen Farrell's Discuss on draft-… Stephen Farrell
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Stephen Farrell
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Stephane Bortzmeyer
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Stephane Bortzmeyer
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Stephen Farrell
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Stephen Farrell
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Stephen Farrell
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] Stephen Farrell's Discuss on dr… Tirumaleswar Reddy (tireddy)