IETF Logo Mail Archive

Re: [dns-privacy] [Ext] next steps for draft-opportunistic-adotq

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sat, 27 March 2021 02:02 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A7393A1A10 for <dns-privacy@ietfa.amsl.com>; Fri, 26 Mar 2021 19:02:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MbwHJbaNPztC for <dns-privacy@ietfa.amsl.com>; Fri, 26 Mar 2021 19:02:22 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DFB43A1A11 for <dns-privacy@ietf.org>; Fri, 26 Mar 2021 19:02:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id E30EABE2F; Sat, 27 Mar 2021 02:02:17 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RoDNRzTBboIr; Sat, 27 Mar 2021 02:02:15 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AB806BE1C; Sat, 27 Mar 2021 02:02:15 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1616810535; bh=plTZL2C1MiHF5Ztu8K3LEUFshWGCwdY57et9GZdtnCM=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=adSellj8DFIH39dAptk/3SKmO0ZQind7jMd+tqQCjR8MdbGGfQFP4nsXp0H/4bF19 FX2/yEWnlFhh8yGa5wimyg+SYhiLKPRgBg5ASWcLEiyIxXhmCcBMHD6Te52GHwgxu5 BFhu+wWysUzQX8Wl5U1IKVZlxvcQnALvzWwtRVrI=
To: Eric Rescorla <ekr@rtfm.com>, Jim Reid <jim@rfc1035.com>
Cc: DNS Privacy Working Group <dns-privacy@ietf.org>, Bill Woodcock <woody@pch.net>
References: <A68841F4-B7CC-4AAC-BC9F-0961ADF2C8FA@rfc1035.com> <DF40D081-1EA8-4E92-BB67-2966E32688DE@nohats.ca> <2E5B5290-CBBE-4F20-AD89-0BDCE3B2AA7F@pch.net> <DB196A4D-2720-4C9E-8A66-C314AB16BA0E@rfc1035.com> <A45C3DAA-C910-427A-9359-E38570D274D3@pch.net> <C6C1D17A-CE7B-4189-BC63-69FD2C5E9FD8@rfc1035.com> <CABcZeBMHXHY28y3KD=b7+KVkKhZ=A=du-2fJiG2=5oEYgm1ZRQ@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <80e40639-56ae-49a9-8207-83d7080593f0@cs.tcd.ie>
Date: Sat, 27 Mar 2021 02:02:14 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <CABcZeBMHXHY28y3KD=b7+KVkKhZ=A=du-2fJiG2=5oEYgm1ZRQ@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="CLxBoTNMGO8LjpLwhyzVfwncUQBVEGAyv"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/rzBSR-ZMGp1Y044SHMjLP4cO_7I>
Subject: Re: [dns-privacy] [Ext] next steps for draft-opportunistic-adotq
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Mar 2021 02:02:27 -0000

Hiya,

Not asking anyone in particular but...

On 27/03/2021 00:24, Eric Rescorla wrote:
> WRT the operational risk (slide 3), it's likely true that it's 
> somewhat harder to run a DoX server than a Do53 server. However,
> given that we have plenty of worked examples of TLS servers of
> comparable if not greater scale being operated with high reliability
> (e.g., Google, Fastly, Cloudflare, etc.), I think there's pretty
> strong evidence that this is an operational issue that can be
> addressed.

That's been said a number of times, and I think has a
fairly clear ring of truth to it, but yet it somehow doesn't
seem to sway those who operate larger scale Do53 services
today.

Can anyone help me understand that?

I could understand if the justifications were down to
stability or cost, either of which could be valid
engineering reasons why someone might prefer the status-quo,
but I don't think I've seen the argument made explicit in
either of those ways.

I don't have first-hand knowledge of this, so it'd
help me at least if it the reasons why DoH or DoT are
hard for (especially the likes of .com/.net) could be
further clarified.

Thanks,
S.

v2.23.0 | Report a Bug | By Email