IETF Logo Mail Archive

Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing

"Hollenbeck, Scott" <shollenbeck@verisign.com> Fri, 09 June 2023 14:44 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62692C151B20 for <dns-privacy@ietfa.amsl.com>; Fri, 9 Jun 2023 07:44:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.396
X-Spam-Level:
X-Spam-Status: No, score=-4.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f2jIxelY70jx for <dns-privacy@ietfa.amsl.com>; Fri, 9 Jun 2023 07:44:19 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33B1BC151B1F for <dns-privacy@ietf.org>; Fri, 9 Jun 2023 07:44:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=12391; q=dns/txt; s=VRSN; t=1686321859; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=LvnNy5HYVT517eEhFSmX5tuHUJZYeOJhJwW28MNx8so=; b=CD53Uk9HiRQRoRS5YaUl3+/ez5n/SS2qLmj+q3+ziwonuLk29dljfQKx a5JrFUnU7LYAqbX//o9XZuvpD8GfBwh33DDUKtvRslo+heYSzwQgb7MPy hJp1DUEtJCciOerx/4tDOpC56CA3LyHm+yyEoqk2FfjxXc/ZzA+4m5PmF ObYqq9SzlhOoTkfehUFmMmt0qsiqZd+LjKJzbKfsH3YZs1IaiNSPxFTT6 Fm7qos01i2HKcZbjSn1FerfjGGuKccAdPNDx1ICOgX+a9pqpgiD+NZLnT 8F9v9bacQNdYnNmZg/fcS7liTb4xlwlPqTNt4SFkxIJIKn1W0pWEPAE+d Q==;
IronPort-Data: A9a23:TmbmmaqUzBYnovEWLH0t6RoXrZ9eBmIbZBIvgKrLsJaIsI4StFCzt garIBmBb/rcYzGnKYp/Otzg9RwGuZGByNVmHgtprXwxQSwW8ZacVYWSI3mrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYGYpLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMS31GWNglaYCUpKrfrbwP9TlK6q4mhA4ARvPakjUGL2zBH5MrpOfcldEFOlGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD8fwXG8M49m/t4sol IgS78zYpTABZcUgkMxFO/VRO38mYf0eoNcrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXACgRQhKquP2n+raqGuQ3lOs8K8fFO4xK7xmMzRmBZRonabr5Zfz1w/JohG12mMtJB+6Yb sZfdyB0alLLZBgn1lU/Ucp4xbjzwCCiKHsE+Tp5poJui4TX5Bdx17zpPdzfd9eJbdtYhEeDp 23AuW/+B3n2MfTFl2TZoyz93Ycjmwv0eYAvDOKh+cJ3nQ2I3XQoUEUweVKS9KzRZkmWHog3x 1Yv0jEnvLI/7mSkS9D8W1uzp3vslgYVRt4WE+o05gSEzILV6A+fAC4DVDEpQNAgr4ouXz003 1SYt9LkGTIpt6eaIU9x7Z+etzXrJi4YPTdYIDQaV00A4sKmqoZ1hAjJF5B9CrWzyNbyHFkc3 gy3kcT3vJ1L5eZj6klx1Qmvb+6EznQRcjMI2w==
IronPort-HdrOrdr: A9a23:RKZVSarCMHvlBBq+Z9xXEOwaV5r2eYIsimQD101hICG9Ffbo8v xG/c5rtyMc5wxwZJhNo7690cq7Lk80nKQdibX5Vo3SPzUO1lHIEKhSqaXvxDH6EzDz+6p3xc 5bH5RWOZnVAUJhhcj3pCu1A78bquWvweSNif3Fx3lgCTt2bbpthj0VNi+AHlZoSBJ9CZ01KZ qZ6qN8zAadRQ==
X-Talos-CUID: 9a23:ed54eW9StmJhmLH/vxKVv1YINsIMTWLM9nPBc0LjG0l2T7O7TlDFrQ==
X-Talos-MUID: 9a23:3tFz9wj55L02lCewtzWURcMpO+Zq3rzxEU8xjIhWoNKcDnQoHRuUpWHi
X-IronPort-AV: E=Sophos; i="6.00,229,1681171200"; d="scan'208,217"; a="26649693"
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Fri, 9 Jun 2023 10:44:17 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) by BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) with mapi id 15.01.2507.023; Fri, 9 Jun 2023 10:44:17 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "sayrer@gmail.com" <sayrer@gmail.com>
CC: "paul.hoffman@icann.org" <paul.hoffman@icann.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [EXTERNAL] Re: Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
Thread-Index: AQHZmlYSjkEsQ4l/dUi+NuiBZq35j6+CigAA
Date: Fri, 09 Jun 2023 14:44:17 +0000
Message-ID: <0341d9c8663642a7a673c5dc50f4121a@verisign.com>
References: <64e17d73-ea1a-00cb-a8a5-b5cfb39c37ae@innovationslab.net> <45ada5a8-b483-dae7-eb56-88411fb2f75c@innovationslab.net> <7a3cd83a-b80d-f00d-b050-0a1d4845146b@innovationslab.net> <D7C916AC-E47D-45FE-9976-188DAE0775EF@icann.org> <CADyWQ+HMj5NH1g_oCTNxYkGDmp2L3EwmMyOv2-bXeXvp5kvm0A@mail.gmail.com> <6B55CCC0-069F-43DD-B9DA-024E4334D6F4@icann.org> <20c5ac1666e4428b8ffa70c7b9e8a19c@verisign.com> <CADyWQ+HJ7ZLWfwxr6vb9HsERMJXuu-1zD_=cr4S+mZ1ieWrYwQ@mail.gmail.com> <0007CDA7-ADD3-43BB-B5D3-3B1810206E0E@icann.org> <8fbed8926b3f4e28b9f3f76a85e0b619@verisign.com> <CANMuhxt5cE--GUtapEL69dFkAFSU5dF3psMCgNRKj8_dXpsFLA@mail.gmail.com> <ABE27A4A-BA96-4505-A3E3-1FE83CAA5A63@icann.org> <e3f2e4716fcc4bd6839bf18d88148a16@verisign.com> <DECAD84F-903D-421C-935F-BD861D653EE6@icann.org> <d136ac53094b4a30aaab99be37751e29@verisign.com> <CAChr6SzyEHHP=eSr4Df9Lm4Ov9GEk5_VGmS1ZE+MD=O3NXV-Sw@mail.gmail.com> <B437746D-AB24-4507-A0CD-63CABCB32E34@verisign.com> <CAChr6Sy7KmVYmodQrzEbpXrZF6HmB9vniyGhdnUZN2CKFugc3g@mail.gmail.com>
In-Reply-To: <CAChr6Sy7KmVYmodQrzEbpXrZF6HmB9vniyGhdnUZN2CKFugc3g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0048_01D99ABF.56B12020"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/qrWnNxmGi8afby7jaQzTgIAfjps>
Subject: Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2023 14:44:23 -0000

From: Rob Sayre <sayrer@gmail.com>
Sent: Thursday, June 8, 2023 6:11 PM
To: Hollenbeck, Scott <shollenbeck@verisign.com>
Cc: paul.hoffman@icann.org; dns-privacy@ietf.org
Subject: [EXTERNAL] Re: Re: [dns-privacy] [Ext] WGLC : 
draft-ietf-dprive-unilateral-probing




Caution: This email originated from outside the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.

On Wed, Jun 7, 2023 at 2:05 PM Hollenbeck, Scott <shollenbeck@verisign.com 
<mailto:shollenbeck@verisign.com> > wrote:



On Jun 6, 2023, at 8:42 PM, Rob Sayre <sayrer@gmail.com 
<mailto:sayrer@gmail.com> > wrote

On Tue, Jun 6, 2023 at 11:23 AM Hollenbeck, Scott 
<shollenbeck=40verisign.com@dmarc.ietf.org 
<mailto:40verisign.com@dmarc.ietf.org> > wrote:

Measurement of CPU and memory use between Do53 and DoT or DoQ.
Measurement of query response rates between Do53 and DoT or DoQ.
Measurement of server authentication successes and failures.
Measurement and descriptions of observed attack traffic, if any.

...

[SAH] It would be unreasonable if we were discussing a proposal that had no 
impact on root and TLD name servers. Under some conditions, this proposal can 
affect their ability to perform their primary function of responding to DNS 
queries. Those conditions need to be understood.



I think the measurements you suggest make perfect sense. I don't think there 
is anything in the IETF process that leads to the conclusion that this draft 
must be Experimental as a result, though. So, my objection is about the ad-hoc 
process created for this draft. I also don't get the impression that this 
draft would enjoy instant adoption, so there would be time to slowly ramp it 
up. For example, 23 years separate RFC 2616 from RFC 9112, but they are both 
on the standards track.

[SAH] The IESG deliberately chartered this working group to “Investigate 
potential solutions for adding confidentiality to DNS exchanges involving 
authoritative servers” in an Experimental manner. As Brian noted, that’s a 
binding agreement with the IESG. We can either do that or attempt to 
re-charter the working group. I’m under the impression that Brian’s last note 
to the group was a request to discuss those two options, which could include 
discussion of how to conduct the experiment. It’s not an ad-hoc process at 
all.



Additionally, some of the operators of those services are subject to 
regulators who commonly require them to implement, deploy, and operate IETF 
standards. That’s another good reason to do our best to understand the 
operational impact before this becomes a proposed standard.



I never like to read stuff like this. Each of us probably has a regulator that 
annoys us in their treatment of some issue. But we can't really make decisions 
based on guesses about the future actions of unnamed regulators. I'm also sure 
you know the document ladder quite well, but you've used imprecise terms here. 
In the first sentence, you say "IETF standards". But the last sentence says 
"proposed standard".



[SAH] I used those terms deliberately. My employer has contractual obligations 
to implement a mix of IETF-developed Proposed Standard and Standard 
specifications – that is, “IETF standards”. In the last sentence, “proposed 
standard” specifically refers to one possible status for this draft.



Scott

v2.23.0 | Report a Bug | By Email