IETF Logo Mail Archive

Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing

"Hollenbeck, Scott" <shollenbeck@verisign.com> Tue, 06 June 2023 18:23 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD7C7C1524DD for <dns-privacy@ietfa.amsl.com>; Tue, 6 Jun 2023 11:23:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gp_PO4YQotLl for <dns-privacy@ietfa.amsl.com>; Tue, 6 Jun 2023 11:23:38 -0700 (PDT)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1326C151992 for <dns-privacy@ietf.org>; Tue, 6 Jun 2023 11:23:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2914; q=dns/txt; s=VRSN; t=1686075818; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=82ICKCPGzNLqtcwe05+K1+OfXmzz4SrBidYO01qzXus=; b=lNfsK0icT5N/X9U3+Q9Ox9IM/SM4xp2wFkmw8YxhOUcEqFzt1qa2aQm8 wejMBdYNyp2MOS7VE9YkKfMD6KhvV+U5HKy3wVtq5hDvwAHX/5x5Pnq1/ L5PM0FXnQ/pMFjKQubHSAeo763bIJP/lt1lXL9k1Hsgk1GZjAQCHWBLHb zJuWqEEq9q6jT2B8f6KdB2aOF1cHXZd/L5e+WL1ieg9GrlGL9F8VPMFwO ubCNdlcwzErPsDL00tHiiTzab49U7g4zoYB4uK+gbAmA3ZScwvpTEOUck f4HDMCZQvGccGP9xJmoIxlw0ZuDgFSyeIZe2mbjFtwjh2gGdGOU3LJsVk w==;
IronPort-Data: A9a23:o/FFP6qJA/WQ2JURpIXKCR3U3RFeBmJpZBIvgKrLsJaIsI4StFCzt garIBmPbPaPZGPyc913Yd/l8RwHvsXQxoA3GlE9+y5mRnkUpJacVYWSI3mrMnLJJKUvbq7FA +Y2MYCccZ9uHhcwgj/3b9ANeFEljfngqoLUUbKCYGYpLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMS31GWNglaYCUpKrfrbwP9TlK6q4mhA4ARgPaojUGL2zBH5MrpOfcldEFOlGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD8fwXG8M49m/t4sol IgS78zYpTABZcUgkMxFO/VRO38mYf0eoNcrK1Dn2SCY5xWun3cBX5yCpaz5VGEV0r8fPI1Ay RAXAChVV1PArvmc+pCAdrNyoPgNMvHCZ7pK7xmMzRmBZRonabr5Zfz1w/JohG12mMtJB+6Yb sZfdyB0alLLZBgn1lU/Ucp4xbjzwCCiKHsE+Tp5poJui4TX5Bdx17zpPdzfd9eJbdtYhEeDp 23AuW/+B3n2MfTFk2bYoiP234cjmwvDZL8dOq+8zMdo3l2xm2Y4VjQaXEO09KzRZkmWHog3x 1Yv0jInsKx09EulQNz0WTW5q3eCuFgbQdU4O+E880SV0KvK6g2ILmkJUjAHb8Yp3PLaXhQgz FnQgNXkFWQ19aaLUzSY96zRpzT0MzITdCkcfzQCCwAC5rEPvb0Os/4Gdf47eIbdszE/MWiYL +yixMTmu4gusA==
IronPort-HdrOrdr: A9a23:5eJ3dqlem7rzLUxdd63RfrdEWjLpDfLx3DAbv31ZSRFFG/Fw8P re+cjztCWE6gr5N0tBpTntAse9qBDnmqKdiLN5VYtKNzOW21dAQrsC0aLShxPtHCHk/vNQ2O NKY8FFZOHYPBxfgdzh6Ae1V/Qt0LC8mpyAtKP7w212RQ9nL5t86Rx0Yzz3LmRtSBJYCYECGJ 2Q28pCq1ObEkgqUg==
X-Talos-CUID: 9a23:xfKD9267Hh5vXi3jBdss7BYtWYMMaVfn7kzseVGeNUh3cJTOcArF
X-Talos-MUID: 9a23:PsTSZAQMjQcAqWOzRXTUuAxtGtVs2Z2sVkAvzJ8t5eCIPDR/bmI=
X-IronPort-AV: E=Sophos;i="6.00,221,1681171200"; d="scan'208";a="22458921"
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Tue, 6 Jun 2023 14:23:36 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) by BRN1WNEX02.vcorp.ad.vrsn.com ([10.173.153.49]) with mapi id 15.01.2507.023; Tue, 6 Jun 2023 14:23:36 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "paul.hoffman@icann.org" <paul.hoffman@icann.org>
CC: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
Thread-Index: AQHZmHz375wFcSRK4USi6pvTiU2HT6990jjwgABQSoD//71mMA==
Date: Tue, 06 Jun 2023 18:23:35 +0000
Message-ID: <d136ac53094b4a30aaab99be37751e29@verisign.com>
References: <64e17d73-ea1a-00cb-a8a5-b5cfb39c37ae@innovationslab.net> <45ada5a8-b483-dae7-eb56-88411fb2f75c@innovationslab.net> <7a3cd83a-b80d-f00d-b050-0a1d4845146b@innovationslab.net> <D7C916AC-E47D-45FE-9976-188DAE0775EF@icann.org> <CADyWQ+HMj5NH1g_oCTNxYkGDmp2L3EwmMyOv2-bXeXvp5kvm0A@mail.gmail.com> <6B55CCC0-069F-43DD-B9DA-024E4334D6F4@icann.org> <20c5ac1666e4428b8ffa70c7b9e8a19c@verisign.com> <CADyWQ+HJ7ZLWfwxr6vb9HsERMJXuu-1zD_=cr4S+mZ1ieWrYwQ@mail.gmail.com> <0007CDA7-ADD3-43BB-B5D3-3B1810206E0E@icann.org> <8fbed8926b3f4e28b9f3f76a85e0b619@verisign.com> <CANMuhxt5cE--GUtapEL69dFkAFSU5dF3psMCgNRKj8_dXpsFLA@mail.gmail.com> <ABE27A4A-BA96-4505-A3E3-1FE83CAA5A63@icann.org> <e3f2e4716fcc4bd6839bf18d88148a16@verisign.com> <DECAD84F-903D-421C-935F-BD861D653EE6@icann.org>
In-Reply-To: <DECAD84F-903D-421C-935F-BD861D653EE6@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/tA7Wo_cllWhWqjwaQTs50Ses-KI>
Subject: Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2023 18:23:41 -0000

> -----Original Message-----
> From: Paul Hoffman <paul.hoffman@icann.org>
> Sent: Tuesday, June 6, 2023 11:05 AM
> To: Hollenbeck, Scott <shollenbeck@verisign.com>
> Cc: dns-privacy@ietf.org
> Subject: [EXTERNAL] Re: [dns-privacy] [Ext] WGLC :
> draft-ietf-dprive-unilateral-
> probing
>
> Caution: This email originated from outside the organization. Do not click
> links
> or open attachments unless you recognize the sender and know the content is
> safe.
>
> On Jun 6, 2023, at 7:49 AM, Hollenbeck, Scott <shollenbeck@verisign.com>
> wrote:
> > [SAH] The criteria to conduct the experiment and measure the outcome
> > could be documented in the current draft.
>
> Please propose such criteria. I ask because I feel that the likely criteria
> (at least
> one resolver implementation, one server implementation, and interop testing
> between the two of them) has already been met.

[SAH] I'm thinking about experimentation more in the context of measuring 
operational impact and not so much as a pass/fail thing. For example:

Measurement of CPU and memory use between Do53 and DoT or DoQ.
Measurement of query response rates between Do53 and DoT or DoQ.
Measurement of server authentication successes and failures.
Measurement and descriptions of observed attack traffic, if any.

Even if these measurements are operator dependent, this is the kind of 
experimentation that every name server operator will find invaluable in terms 
of understanding if/how they can implement and deploy the protocol,.

> Or are you saying that, if we include the criteria in the current draft, and
> show
> that they are met, that we can proceed on standards track without changing
> the charter?

[SAH] No, because the current intended status is inconsistent with the current 
charter. That needs to be resolved.

> > From there:
> >
> > Publish experimental RFC.
> > Conduct experiment.
> > Publish RFCbis I-D to document the results of the experiment with
> > informational status for failure or standards track for success.
>
> See above.

[SAH] Noted. If we take a measurement approach, and not a pass/fail approach, 
we can eliminate the "fail" possibility.

> > Assuming success, recharter to publish RFCbis I-D on the standards track.
> > Adopt RFCbis I-D as a working group document.
> > Working group works to publish RFCbis on the standards track.
> >
> > Paul is correct in noting that there's more IETF effort associated
> > with the above. It's worth making that effort to ensure that the risks
> > to critical internet infrastructure are minimized.
>
> How would you put that (legitimate!) concern into a criterion for the
> experiment?

[SAH] I'd like to see the experiment described more in terms of measurement as 
I've described above. It doesn't have to be categorized as pass/fail.

Scott

v2.23.0 | Report a Bug | By Email