IETF Logo Mail Archive

Re: [dns-privacy] ADoT signalling

Warren Kumari <warren@kumari.net> Tue, 05 November 2019 16:12 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 135E31200B4 for <dns-privacy@ietfa.amsl.com>; Tue, 5 Nov 2019 08:12:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w1xyYg_8XB4o for <dns-privacy@ietfa.amsl.com>; Tue, 5 Nov 2019 08:12:33 -0800 (PST)
Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 456C612001A for <dns-privacy@ietf.org>; Tue, 5 Nov 2019 08:12:33 -0800 (PST)
Received: by mail-qk1-x733.google.com with SMTP id q70so21591345qke.12 for <dns-privacy@ietf.org>; Tue, 05 Nov 2019 08:12:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=C0f2OFbRQD3PPQDr+qdaV1Sfs/q9ipf+hHgzR/vI8Ys=; b=lK6K1WgONLPH9vVuV4FKQeHnBK7jmkRSUKdTWrFzcBKy2PZk0Bc3T41VQSETlMxHVH 3Dqaksom5vQJ/4MkiBA3jaZD/IGmgt5HZ5I79V9TS9jabndHzMRTdPWJgp9d6sGfuOD9 tHR2WWO06juxxhGmyCrg8uyHfE4F7skXY25JyVLKMyYlee8OIcGIfHrOoqAfsv6gdTfW Z5Tm2rUYrqhht1+l7MIfxYaK7sXnZdH8OCq6R41YVrDd4rZKT41KWL+3Vb6lwDdGAx4C U4jDRy04rPamc5e6hZutGueTrhfX2nOBOpEd2cdiGP6CnEp/J3kE7WxOuVxvNKbInsoJ U7Xg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=C0f2OFbRQD3PPQDr+qdaV1Sfs/q9ipf+hHgzR/vI8Ys=; b=bN21kiXOXTb8Swbc6eVTJKlKX7wEdj4snxbiy8t+xTO7UyiM3Ey/oh9PyIxXIh0xQ1 HzGzjARs7BBCQml2i2EbFG0fOonHrutR2wtMpXtj9rdwzRohw8AwZRKPTUGfOyf4uf/R JXkonIUSQ+jYJ0RAoUYNYmfjk1w+a1TF7v4HZuGxmI2pu1VIs6PU1IhwrAYWHxQeQn49 TKk1y0EPJIeN+TnIr4O6H6NoVDwJZCWwHaBa4JtSVdavNJyMyVB0NhzG+IMHP2DRDM0c aEaCAMZlPiTvqGfixW0X5N8Zir0DaD73h08l/uQoW4b9wyDX4JIgNY0YmxcAkXrKyoSq XPxw==
X-Gm-Message-State: APjAAAVG4P3agjTXaV0sNM/7hvIxs/38VsdyOvbxi3eZ2sGBtU53aYKp 1nShbKvP9a5Q8PNTv+1PxvRxdG7M5bmiipen1TSOuQ==
X-Google-Smtp-Source: APXvYqxYz9OP3LPAo+NquElrL6Ccw1As9upJjWFHRKzG9L9VnxjMPRk8gH7PZorf0xQCMHBr4wKQz9JazHcJMv+SMAk=
X-Received: by 2002:a37:9083:: with SMTP id s125mr26553971qkd.192.1572970351990; Tue, 05 Nov 2019 08:12:31 -0800 (PST)
MIME-Version: 1.0
References: <20191103223335.4395EE54E62@ary.local> <20191104142555.GA10561@nic.fr> <CABcZeBNDPbNznf8dSA8NdVH4TMVJEGGNjR09k4GTyjXWaEm0ZA@mail.gmail.com> <711d51d8-8786-6bdd-b95f-d968781b09db@huitema.net>
In-Reply-To: <711d51d8-8786-6bdd-b95f-d968781b09db@huitema.net>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 05 Nov 2019 11:11:55 -0500
Message-ID: <CAHw9_i+rNmD=8h48psUx-qbLK5NmXo8iJTsGJJrPhbH=-8Ohpw@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: Eric Rescorla <ekr@rtfm.com>, Stephane Bortzmeyer <bortzmeyer@nic.fr>, dns-privacy@ietf.org, John Levine <johnl@taugh.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/rzogXfopCsrVrNJPByYBei7_v00>
Subject: Re: [dns-privacy] ADoT signalling
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Nov 2019 16:12:35 -0000

On Mon, Nov 4, 2019 at 12:58 PM Christian Huitema <huitema@huitema.net> wrote:
>
>
> On 11/4/2019 7:12 AM, Eric Rescorla wrote:
>
>
>
> On Mon, Nov 4, 2019 at 6:26 AM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
>>
>> On Sun, Nov 03, 2019 at 05:33:34PM -0500,
>>  John Levine <johnl@taugh.com> wrote
>>  a message of 14 lines which said:
>>
>> > I thought it might be useful to make a list of possible ways to signal
>> > that a server offers ADoT:
>>
>> I would like also a discussion on whether signaling is 1) good 2)
>> necessary.
>>
>> Even if you get a signal, the reality may be out-of-sync with the
>> signal, for instance because of a problem on the server side (remember
>> AAAAs published without checking IPv6 connectivity works) or on the
>> client side (port 853 blocked).
>
>
> I'm less worried about the latter because I would expect recursive resolvers to generally be operated by people who are able to establish their port 853 status.
>
>
> Note that port 853 is a convention.

Yes -- and that was a conscious choice by the WG; a number of people
always figured that there would be DoT servers running on 443, but
that wasn't something that could be recommended in the document...

W

> Servers could trivially run multiple services over port 443, and demux based on the ALPN. I suppose that if we see a lot blockage of port 853, servers will just do that -- run on port 443, demux based on ALPN="DoT"...
>
> -- Christian Huitema
>
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email