Re: [dns-privacy] [DNSOP] DNS stamps

Ted Lemon <mellon@fugue.com> Thu, 09 January 2020 16:13 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8ED4120845 for <dns-privacy@ietfa.amsl.com>; Thu, 9 Jan 2020 08:13:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GD3GMlxijQBx for <dns-privacy@ietfa.amsl.com>; Thu, 9 Jan 2020 08:13:51 -0800 (PST)
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 396CF12086F for <dns-privacy@ietf.org>; Thu, 9 Jan 2020 08:13:51 -0800 (PST)
Received: by mail-pl1-x62d.google.com with SMTP id s21so2740302plr.7 for <dns-privacy@ietf.org>; Thu, 09 Jan 2020 08:13:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Z+aWY3ZGMPPbhyOCVKjUgF+hOq7TVrZMIUd/h1oTPqM=; b=DTGt5hVJIqL+c+8J8xZJh8d686yCAIzmZNfF9XVA7FRLCnkXE6xCcnc4j0rRa+fdY1 a9xGflvaVLv47pS1CWhtFqIryPTf21hCo0I4s4CCqb7wGDDiBfmqeamCe534feRhlInf ZXEFe8aJGZeRILcTMbU+noR7z54F8HLCwQQe23wv7+bdEJ+ZEoZgy7dSFVuRHHIMwa4F Ma9/LWJwRFJ4Zj9aGYXr5r41uBrnJ0uz0sjuFaSQJZi6fRO0M9WytI9HiSSn0x5k5sDD Vckr0d3iwb4A+6hff3TUhh1kMckkDDedmifaNhb05xiAMzb2LLWyU13/oGlyFHcba7gp hL2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Z+aWY3ZGMPPbhyOCVKjUgF+hOq7TVrZMIUd/h1oTPqM=; b=QB6qc9mKPM99l2Iz+V+bLVk6k9jggB/aFcfeZZJtLrQBDWgfQ5LUbXk/3jbUtqYuzF k0TbMCb2AQg/WO8TccIsxpKWfAvav4YOWwFhebxeCts1jEl5vncRjtTinOeWxiHENf1T kCKhCEm10xxdYoJPQNGl3F2nUB3hInMVLOucLljeIPkUU6lOH8nDc3Z3DqvAEDPe28sz mFl82/dixEoA0S6NVzZaURTSurFcJBmgdS++GVgjafcAe8UVP7AUwC4UOyCR/T1efMGQ 8cI2Ipj3p3eMmpsCL+tTK0slVb7b7LBdaZbFEflgwuoRns0pG993COGmMzG7GciKot7Q /yMA==
X-Gm-Message-State: APjAAAWqzr0ywud5isD8pr1WmOMSXKSX0snwzYli9rTPLkve2/8oqWBJ x00maVXhjoAB7aKdBk0qEcvMtA==
X-Google-Smtp-Source: APXvYqx1c8NzahqhP5zDTM3n1a+Mn4rZhWslJOHVlU7Cpc4bxNlo8x97hir/n7BE5c/Ahrf0tVI2Gw==
X-Received: by 2002:a17:90a:2203:: with SMTP id c3mr6076390pje.68.1578586430515; Thu, 09 Jan 2020 08:13:50 -0800 (PST)
Received: from [17.192.170.199] ([17.192.170.199]) by smtp.gmail.com with ESMTPSA id l2sm8369044pff.59.2020.01.09.08.13.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Jan 2020 08:13:49 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <B0E87CB4-7CD4-4A12-A58C-1A3BEF104540@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1E014F5D-AC41-4ACD-9A97-B4BEF0A81C88"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.4\))
Date: Thu, 09 Jan 2020 08:13:47 -0800
In-Reply-To: <20200109143554.GA24757@nic.fr>
Cc: dnsop@ietf.org, dns-privacy@ietf.org
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
References: <20200109143554.GA24757@nic.fr>
X-Mailer: Apple Mail (2.3608.80.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/tod2YW3wnV8haloivnv5SjLVRSk>
Subject: Re: [dns-privacy] [DNSOP] DNS stamps
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2020 16:13:59 -0000

On Jan 9, 2020, at 6:35 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
> Could be useful specially for secure and public resolvers, may be
> worth of some IETF work?

In order for this to actually be useful, two things would be required.

1. The assertions about resolver behavior (e.g., logging, etc) would have to be signed
2. The signature would have to be validatable back to a specific entity that is legally competent to make promises
3. There would have to be some legal mechanism, whether actual law or precedent, saying that these assertions, when made by competent legal entities, constitute a contract.
4. It would have to be possible to automatically determine based on some trust model that a particular identity corresponded to an entity that qualified under (2)
5. Someone(s) would have to operate (4)

So basically this document does just the easy part, and none of the hard part.   And the bulk of the hard part is probably out of scope for the IETF, although a model like ACME could work.

I’m not arguing for or against doing this, but let’s be clear about how much work it is and what kind of work it is! :)