Re: [dns-privacy] DoT between recursive and authoritative pilot
manu tman <chantr4@gmail.com> Thu, 27 December 2018 23:08 UTC
Return-Path: <chantr4@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49D15130E99 for <dns-privacy@ietfa.amsl.com>; Thu, 27 Dec 2018 15:08:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AvW3FzeF3X6S for <dns-privacy@ietfa.amsl.com>; Thu, 27 Dec 2018 15:08:15 -0800 (PST)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04B001294D0 for <dns-privacy@ietf.org>; Thu, 27 Dec 2018 15:08:15 -0800 (PST)
Received: by mail-io1-xd32.google.com with SMTP id s22so15598564ioc.8 for <dns-privacy@ietf.org>; Thu, 27 Dec 2018 15:08:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lOeP+VHMtvfujHZ3I8H5jMxy4yD9euqUR14V6kq21TE=; b=XvPE8lmneOUC4ggNJKKrjtR6vHt81ug712bvFAxXgBVEujIH9wkQY5LM4L0k0DdyOC twiHEwy87cCnrbJcMAL5D66KoqPNQVIF/uVb4IbDn4WV1PKiejeGknJTAOUURmO9Lian o48OLxqH2Lm9hTdYm+mxEOjX+u/Zb0zmfd3Y6eG6uxiXUg3wnTNZn6xjp9WgXiYF9dk3 vn8S+0dPJYz1Hv+1B9AP1zKvnNeUYzrDoEvapR0Otnq5oRn4Ebi8hgGitPcQcAcpOF59 H2eb6jfCF893J9mA8cNf8hsSU8RN1NoKptYkY16xk3M5oZK+33I4WAOM42uGXXd6IAjo AEoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lOeP+VHMtvfujHZ3I8H5jMxy4yD9euqUR14V6kq21TE=; b=n6ISJuhTGyFLSmsEkWDbZQL127zuAMj0lM/ERN6Y9DBaFnCqqbxQCI+ckuy19H/hD2 bRp7UWSwG3ICOhOVycqVtPeiO8wj+cEq56XjiUr2CUNzgkXXiXINjjHgkli6m9hSAWaz CLD2m0lrIWgmOz/20MIa5OEkejBYh80Bp7ALOS3fkR2rYCDrGTChma+X/hjFlvNjFtDU /TUbc6uVuQLqopl93mgJMP8msWX97Vv67bHhX1n1C1/aaNVU5TY64t2HThmcNawkQ4sM CwAq1fIQPETua7Nkd2IqAarWMfUseDH1A7npdk2x4DUdnNebM/Teita9pAzwQbpyQ2GG E2ig==
X-Gm-Message-State: AJcUukd1ldTG2g1OsXcwEz7i3I2MchJbxOosaayj57G4W6uBk+K3+4Ds xHXlrmnvh5+uoRea1BO4Mv42mqs72WihQ1zjbx8=
X-Google-Smtp-Source: ALg8bN7NlYpkXGBaCuDYvN6TWRXwotnuMhYrUnQuFzDMoT3ifC7G7flY7ZUjXPiETU/SlCw+vSFoI+iw8hnl5Y0Z8dk=
X-Received: by 2002:a5d:9405:: with SMTP id v5mr18288383ion.250.1545952093999; Thu, 27 Dec 2018 15:08:13 -0800 (PST)
MIME-Version: 1.0
References: <CAArYzrKWs63EdPNjZkc9PaVBbEqrtjuBR74726h-RwjySArH2A@mail.gmail.com> <20181227163247.c4czsly2rjeojvus@nic.fr> <CAAedzxqLR4FyS4vGPfQgCQiYXJq2jsCo6C-XR7XFTwTyqyXnzA@mail.gmail.com>
In-Reply-To: <CAAedzxqLR4FyS4vGPfQgCQiYXJq2jsCo6C-XR7XFTwTyqyXnzA@mail.gmail.com>
From: manu tman <chantr4@gmail.com>
Date: Thu, 27 Dec 2018 15:08:03 -0800
Message-ID: <CAArYzrLfS4=RV8rk7Q8KzP_m+XwNMHgcbJpbZ7JQCaOYppnVcA@mail.gmail.com>
To: ek@loon.co
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000067194c057e0905a5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/s5VkI382RTlIGByIzEwdu5He0v0>
Subject: Re: [dns-privacy] DoT between recursive and authoritative pilot
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Dec 2018 23:08:16 -0000
> > >> >> I do not find how the Cloudflare resolver discovers that Facebook >> authoritative name servers use DNS-over-TLS, and what are their >> keys. Hardwired in the resolver for the experiment? > > >> > The subject for the cert is not especially illuminating, though. I tried > sending the resolver name via SNI and got the same cert back. > We have used a preconfigured SPKI digest pinning. This was the easiest to get the experiment going and focusing on the impact of DoT as a transport. How to enable DoT discovery is yet to be discussed and defined. Discussions have started since the last dprive virtual meeting, all have their pros and cons but at least it seems constructive threads have been going on and we are getting a better grasp of what makes sense for the different operators involved. Manu
- [dns-privacy] DoT between recursive and authorita… manu tman
- Re: [dns-privacy] DoT between recursive and autho… Stephane Bortzmeyer
- Re: [dns-privacy] DoT between recursive and autho… Erik Kline
- Re: [dns-privacy] DoT between recursive and autho… manu tman