[dns-privacy] Re: [Ext] Verisign's RFC 9539 Experiment
"Hollenbeck, Scott" <shollenbeck@verisign.com> Fri, 13 June 2025 18:08 UTC
Return-Path: <shollenbeck@verisign.com>
X-Original-To: dns-privacy@mail2.ietf.org
Delivered-To: dns-privacy@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 7041C34B67B2 for <dns-privacy@mail2.ietf.org>; Fri, 13 Jun 2025 11:08:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W6tHgUX6VL3v for <dns-privacy@mail2.ietf.org>; Fri, 13 Jun 2025 11:08:26 -0700 (PDT)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) by mail2.ietf.org (Postfix) with ESMTP id D532834B67AA for <dprive@ietf.org>; Fri, 13 Jun 2025 11:08:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=1411; q=dns/txt; s=VRSN; t=1749838106; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=DfL19Mo7dpcLP5bAZNBTaZ7cAAXFObwWz++pCRCCehg=; b=hbiI85ObC1mZBFIgyUzjXD6/bAU22BVMDvGhQX+lKls6bdERzQBHl60S SWhui7zSlsUc+bU/ST3LRCMao1gfDjdqhSoddwZuYj79jiaok9++rJbFv GWpijW3RqtuzaXpbSNHpUG/x1+DOlYbxlggwvjPtJe1W4ZJdOLzlw2IxS qZUk+wX6v+zbcOPbmEqWe/Xc34JghRFmzzQc33P2mYdjQJ0KAKi348uIE F1TDVgE2VZCq3dFekH0hZYhzydv/ZEPVW0EnQ7oDbU42qsrpdIiriXfpY aog274Iu8+q5xNUXnkyBUkqd8MhUjsz+ROBMKU4UjWlHWLliXqeynIWZ/ A==;
X-CSE-ConnectionGUID: e24wmJ7vTJ65SRQzqrZTAg==
X-CSE-MsgGUID: nE2HJplkTcGF73OyO1XkXg==
X-ThreatScanner-Verdict: Negative
IronPort-Data: A9a23:wtFUa68A1qNsHTiyIoWJDrUDjH+TJUtcMsCJ2f8bNWPcYEJGY0x3z mtLD2mOM62PZWCkLoxxYNnl9EJS7MeBxoIxSVA4pCkxFiIbosf7XtnIdU2Y0wF+jCHgZBk+s 5hBMImowOQcFCK0SsKFa+C5xZVE/fjWAOK6UqidY3oZqTZMEE8JkQhkl/MynrlmiN24BxLlk d7pqqUzAnf8s9JPGjxSsvzrRC9H5qyo5WtG5wdmP5ingXeF/5UrJMNHTU2OByagKmVkNrbSb /rOyri/4lTY838FYvu5kqz2e1E9WbXbOw6DkBJ+A8BOVTAb+0Teeo5iXBYtQR8/Zwehxrid+ /0U3XCEcjrFC4WX8Agre0IBT3whZ/0uFIjvehBTueTLp6HPWyW0n6U2VCnaN6VAkgp8KTkmG fD1tFnhx/1M7g676OvTdwViuigsBMSxYJwamC5+8ROHUM0ceILaWZf2zNANiV/chugWdRrfT +84TRU2UzLtU0UVfEkcD4gm2u6kwGflaDseo1WQzUY1yzGLilYtjv60bYCTIIfiqcZ9xy50o krd/2P9BhwcPtGUyhKb/2itne7Am2XwX4d6+LiQra433wLKlzR75Bs+U3bhgduhjk2CUP1xd Bcz6w13nasC+xn+JjX6d1jiyJKehTYEUsdUVe095g+Iw6z84g2QAG5CSSROAPQqrNU3WzEC1 1KVkZXuHzMHjVGOYXec8rjNsjW/KXBPaHQcf3ZCSAoeptPk5oA3gUuJUMx4Fui+idid9SzM/ g1mZRMW39075fPnHY3ilbwbq1pAfqT0czM=
IronPort-HdrOrdr: A9a23:ygsNuKD8YChii6/lHekb55DYdb4zR+YMi2TDtnoedfUxSKGlfq +V7ZEmPHPP+VIssTQb6Ky90cq7IE80l6QFmrX5VI3KNGXbUSmTXeNfBO3ZowEIcxeUygc379 YCT0ERMrLN5HFB/LvHyTj9M9E8zMKM9qTtrf7Gi1dhJDsaE51I3kNYDRuWCUdxQE1sBZ1RLu vk2uN34xqmZHgNZMK+QlMCW+zOoMCOtJ+OW29gOzcXrCmIkD+y4rj/Vz+fwxcQUzlG3Lcl9i z/nwTi4KLLiYDc9jbsk0/V8phMkt3kjuFEGNeHhqEuW0rRY1aTDriIu9W5zU4ISRaUmSwXrO U=
X-Talos-CUID: 9a23:ZN0jnm3eTxxXiZvalomvKrxfF5p5bXj/k2nsARHlMlxQWqSPe2O59/Yx
X-Talos-MUID: 9a23:tpkD5g4QrkZ1RyOFK1g284aYxoxuzv6OKlgJkqkNlOfbbgthHG6tjwS4F9o=
X-IronPort-AV: E=Sophos;i="6.16,234,1744070400"; d="scan'208";a="38577190"
Received: from MILG1WNEX02.vcorp.ad.vrsn.com (10.246.152.23) by MILG1WNEX02.vcorp.ad.vrsn.com (10.246.152.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.10; Fri, 13 Jun 2025 14:08:26 -0400
Received: from MILG1WNEX02.vcorp.ad.vrsn.com ([10.246.152.23]) by MILG1WNEX02.vcorp.ad.vrsn.com ([10.246.152.23]) with mapi id 15.02.1748.010; Fri, 13 Jun 2025 14:08:26 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "paul.hoffman@icann.org" <paul.hoffman@icann.org>
Thread-Topic: [Ext] [dns-privacy] Verisign's RFC 9539 Experiment
Thread-Index: Advb0QSGsYUZi1xeTxSpaxVzLUMqYwA9lswAAA5oGHA=
Date: Fri, 13 Jun 2025 18:08:26 +0000
Message-ID: <b4d5308a7b2348f0a8f4ce9163231b20@verisign.com>
References: <49d12c67a4494e259ce2882988f48ebf@verisign.com> <51E6AA9B-7A76-4E92-A83F-D685CD02E004@icann.org>
In-Reply-To: <51E6AA9B-7A76-4E92-A83F-D685CD02E004@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Message-ID-Hash: HJQFFA7G5HF5PKVYF3656ZBOUVCMEQTX
X-Message-ID-Hash: HJQFFA7G5HF5PKVYF3656ZBOUVCMEQTX
X-MailFrom: shollenbeck@verisign.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dns-privacy.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "dprive@ietf.org" <dprive@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dns-privacy] Re: [Ext] Verisign's RFC 9539 Experiment
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/r68TNrM4QzXTpkt43h6pgVih5m4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Owner: <mailto:dns-privacy-owner@ietf.org>
List-Post: <mailto:dns-privacy@ietf.org>
List-Subscribe: <mailto:dns-privacy-join@ietf.org>
List-Unsubscribe: <mailto:dns-privacy-leave@ietf.org>
> -----Original Message----- > From: Paul Hoffman <paul.hoffman@icann.org> > Sent: Friday, June 13, 2025 1:58 PM > To: Hollenbeck, Scott <shollenbeck@verisign.com> > Cc: dprive@ietf.org > Subject: [EXTERNAL] Re: [Ext] [dns-privacy] Verisign's RFC 9539 Experiment > > Caution: This email originated from outside the organization. Do not click links > or open attachments unless you recognize the sender and know the content is > safe. > > On Jun 12, 2025, at 12:36, Hollenbeck, Scott > <shollenbeck=40verisign.com@dmarc.ietf.org> wrote: > > > > Earlier today I added text describing Verisign's RFC 9539 Experiment to > GitHub: [SAH] [corporate URL masher snipped] > > Can you say more about this particular result? > > - The maximum QPS for DoT without session re-use was more than three orders > of magnitude lower than the maximum QPS for DNS over UDP, and almost > three orders of magnitude lower than DNS over TCP. > > It sounds like the maximum QPS for DoT was about the same as for DNS over > TCP. How much is "more than" and "almost"? [SAH] Sorry, I can't provide specific numbers. > Also, can you say why Verisign didn't measure using TCP session reuse? [SAH] It wasn't one of the goals of our experiment. Performance would certainly have been better with certain optimizations, but we wanted to better understand unoptimized behavior. Scott
- [dns-privacy] Verisign's RFC 9539 Experiment Hollenbeck, Scott
- [dns-privacy] Re: Verisign's RFC 9539 Experiment Peter Thomassen
- [dns-privacy] Re: Verisign's RFC 9539 Experiment Hollenbeck, Scott
- [dns-privacy] Re: Verisign's RFC 9539 Experiment Allison Mankin
- [dns-privacy] Re: [Ext] Verisign's RFC 9539 Exper… Paul Hoffman
- [dns-privacy] Re: [Ext] Verisign's RFC 9539 Exper… Hollenbeck, Scott
- [dns-privacy] Re: Verisign's RFC 9539 Experiment Watson Ladd
- [dns-privacy] Re: Verisign's RFC 9539 Experiment Christian Huitema
- [dns-privacy] Re: Verisign's RFC 9539 Experiment Stephen Farrell
- [dns-privacy] Re: Verisign's RFC 9539 Experiment Petr Špaček
- [dns-privacy] Re: Verisign's RFC 9539 Experiment Hollenbeck, Scott