IETF Logo Mail Archive

Re: [dns-privacy] Fwd: New draft-ietf-dprive-unauth-to-authoritative and draft-pp-dprive-common-features

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 26 May 2021 20:09 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA30B3A129C for <dns-privacy@ietfa.amsl.com>; Wed, 26 May 2021 13:09:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id waP6LqKTX_Od for <dns-privacy@ietfa.amsl.com>; Wed, 26 May 2021 13:09:20 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00126.outbound.protection.outlook.com [40.107.0.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84A5A3A129E for <dns-privacy@ietf.org>; Wed, 26 May 2021 13:09:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l6wtuJ4kEDM/TrfagUq9xNpV12RUsxZtXY+AH6oMLMsd+MnHcwNo//nhF6hcYZgAhH+3iubgIS5+mZT8Bx9haCotyYYx+bAsEQWTcx3L6SNwXpv1grsBMpofn3/6N/LA0tbFAnJj4OYqsuhXFUXi1J3ICCOJs06kFiL2n+tDds+ZqQsIaHLgkWEDVXGf3dqdp3ks3QLvhzxRwoVr0zRnL/JSKHJ5P/0g9F94DJYtXd3lHFtpbQqngK3w8r58Qma8RHL8ADgoMCScKNpdt+t0z2Pm/Ue8F6VjkJghkV3yWRv8BTmH1R/uYyGa44heqgtvDMjr0BlYyjcGglf5xIOJzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k34trLpz7I8F+xeZZ+yeA6mpsn5VHe9IQEEf+Dsh2U8=; b=nFtkNsBV4O3h+S+2BDMYu8ZWEC7EH2kVhJHioYTi4LCM6xz9f8/yKXHnKZkXk1L8G9L5po7Ei6piKeAbobbk+if6E9C/vqIjPC6oNXVPBQpS8IDaMjjlX2LAJuUn6bUmUvlzhGCGe9Nr1VbNy81yD4/NIymShW2niyOD0506vq30+DHhVBjFBjOq1ENN4ymOkeO/ygMFPev4XxswxfQdpcJKpxJORhzMF1w2ECZCLHV2MJjM+X500IHUl6pDU84LBRfdbJ8/ASm0LRtr15TYkzy/AMHIbaKm1sFUyRar02LGXEsFjl7BOEH9SLIuVIxkbbcFvf+sfaT6pvkpkhZEtw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k34trLpz7I8F+xeZZ+yeA6mpsn5VHe9IQEEf+Dsh2U8=; b=HizRPPhipQF3hzVIqw/UnzEs8ih61y4GBbgMh4A131NS/w55c7EX4WnZ6ViBGgsKvZDaaGNFZL4uhhmYoIZMoiuhp9hGDQq4TLvDCmWgT6xBJmn59uPpeY1wRKiu2Mtb9syZ3ELaogRX3YcFyvopwUwegajirkVESHvA9pCLtYYq6j2cC6fQgaiKAtGjev4R7rToeBfPJyFR2qV+Vs07zmHMESjZXDUVkGsWSLzEtBTFOLXmHh/1HAOc4MehrCXEaYUZRa9ijVHhUWsg9rx4/9KZmzMw60kBrgJkVYqimWqOTWB6taIhXb0vexn9j6u3RzFO4bX2XWfrJLGiwYJm6Q==
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by DB8PR02MB5547.eurprd02.prod.outlook.com (2603:10a6:10:e7::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20; Wed, 26 May 2021 20:09:17 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::9c71:9f6:9136:f849%6]) with mapi id 15.20.4150.027; Wed, 26 May 2021 20:09:16 +0000
To: Eric Rescorla <ekr@rtfm.com>, Vladimír Čunát <vladimir.cunat+ietf@nic.cz>
Cc: DNS Privacy Working Group <dns-privacy@ietf.org>
References: <B27C4F2E-D5AF-428B-BBD1-A57E7D676BD5@icann.org> <CADyWQ+E9jpV0BwMsaS8=vNbs7x87d4qqGbKQevj8MVGCLGyv5w@mail.gmail.com> <5714de37-baae-9f72-3f02-e2765a6d4e2c@nic.cz> <CABcZeBP5vCNJ3cPrwmAxo_YMkHMAQkw6RtN4Pt+ueo5wCXTyGA@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <dcdeecf0-e99f-e8c6-ba78-0c5f619e6ccd@cs.tcd.ie>
Date: Wed, 26 May 2021 21:09:14 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
In-Reply-To: <CABcZeBP5vCNJ3cPrwmAxo_YMkHMAQkw6RtN4Pt+ueo5wCXTyGA@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="MtThQhYSmBpjNaZAyfJalqExDiCKaLAkg"
X-Originating-IP: [2001:bb6:5e5e:b458:9f8:facf:7ca9:6dc1]
X-ClientProxiedBy: DB6P191CA0013.EURP191.PROD.OUTLOOK.COM (2603:10a6:6:28::23) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [IPv6:2001:bb6:5e5e:b458:9f8:facf:7ca9:6dc1] (2001:bb6:5e5e:b458:9f8:facf:7ca9:6dc1) by DB6P191CA0013.EURP191.PROD.OUTLOOK.COM (2603:10a6:6:28::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Wed, 26 May 2021 20:09:16 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6387d84e-443b-46b8-a77b-08d92082237e
X-MS-TrafficTypeDiagnostic: DB8PR02MB5547:
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <DB8PR02MB5547BC965A1AA33E72D5D038A8249@DB8PR02MB5547.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Oob-TLC-OOBClassifiers: OLM:1775;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: Py9qU7Ym5JyPvjrRME2oRcWufODFMPoeWHrCh6quuk3cLr7AZFUXuPxTJ0p8v+VvlUyEtSQ7f4g80k2DrHlU77Vf5ZgsX33zdWZ6JAdRowtf4wLweICeJbGZ+7RKf0NBMGNLZm8ckMxZnShFB77K/aYhrbmvvLrZTdmwcguB0fIQxgmUIdCvGQv4zkDHHxtiHpeW2KkR6I2fWnZ/qaek5Q7JESgDrWXxOGA+sSK+4lnaB89ATWZbDF7V9mTrLdgME8LRFsyb6SQDKb1FP+gS3PiX4UB3uqfSR6kTZM3yZfsynubZvFVWpRrnbIVzbBlAml8C8k9UBYLE89Enmn7HAitd07LKWQZv9dr7Aas8dVJRHQTXDZru8Bi3AqyL4rMWgBms7SadUhE89DHaqX6u0Ao5IVi3ROoj/MhSmms3YDNFVJy+ExReQFKIB4TuNX+KrLf5FWuk77kpsLgfgpK7z3siBclLU8uM6YrYpTv6ZWVTJCmZHgwiWQc2bSJM8yk/hGCQr5BSTnT8SVsL2LrLYQgpVCWDJy1hcdo2Cwgf7N60yTd7Sn7r8MiAgdRukQY3/DbEPd22JfTaptfr8lU5IIzNfA6CnnCHH5FhFOO/Zv+TxPSWwLKStJHqLj0WnpsKvLg9d9xcfKavZevEJmKJFPPY/ekq1IrdP0diojjC0DGGsG62jHgmp6d1HmQX2x8P
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(376002)(366004)(39860400002)(396003)(478600001)(53546011)(66476007)(4326008)(2616005)(33964004)(316002)(21480400003)(8936002)(52116002)(235185007)(66946007)(66616009)(66556008)(186003)(786003)(5660300002)(38100700002)(44832011)(16526019)(8676002)(31686004)(83380400001)(86362001)(6486002)(2906002)(110136005)(31696002)(36756003)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 2
X-MS-Exchange-AntiSpam-MessageData-0: Bc0cNkOuWBLUoSalp/WbLc1+kQRGSCBCl779jxUlwK4DI9FvlauqOPyDLnPLFizQPZmCADGmCbTZk+B6ZxFoi3ZDqnWOUIJ8SXfCnr2z64EVpzyP9mZja8jC2bJznJYkA4L/EwZ6GjvEgs6HRtsedOeeAuQqFVklJNA5q62Ve2cu5GAl6GX6bXAWGkvhAHc+Hz4C7cVXwK4lzx5nLljIzw3NFvjXiqJndvXo1jRsKZMESdsPgEU9FYCKckoZDljYeatQbK98Kl0Mr9SzJ6fs0YP3EoHe7F9BcyzM3UghIOXgIrlIVgSecg6Kzr5AQSdxlvBl8zB4s9i2vIrdP/hxlZz6huTf+whGgNrnanj0UfrClazTlpR2muqAF/HTpgBOlZkvsn8f22P3WLKwwAwzeEIDcaCsfmygBWbEVXqvZth3BRvpo50Kq7vsmFN86qvIQLrNaPWQR/pxGzaEPILCbJjiFIc8kBf8frQ4sU3Blz4Tm10coaMTQ6o2JmwABp02xeelOlg7JW27Xbr3td8j1m1DbrP5WFyNMyMBX4FbzccI1OK8X+4PUhH1dVteUT61G74PkgJWE4FKtFORnnRsTJhuRcxgnO9P6P6/6oiZB4BdTk8TpHOxV0JZMXx7ZAfuL7GLDBxA8LHuVtAzPuw4KVTIzzIrrsryQLZQKI4KPuwErHLeP9/4K0aLKhne9Dv/1e5WmTsst5ecdUgRb1XfuDVXVs3PPFh+5zTqwMtoQP+6nOgzS/vbi+WDgEz2oRSu8A+bvGV8cb5FyEyUxmmSnyvPY8IrTr7R/TMIPhQQJhWlY1Wxz5FK0sdrYuyRXEoR7F4H2XbenDndr+v/r+cQO20UdOsm9m7/6NPKK4+TleYLuXJ2JZHZdOVIiy4c0eSXiLGAMuHSroQHB/1VyJClo0285mtCaY1HpZyeHeqXjGjkv0kyiu6/VOJbHL1xCcOZE7n4D0PzOUZ8vCDoh71Gl1lhBaU5pU+mw4DUivFf
X-MS-Exchange-AntiSpam-MessageData-1: 5iYZTIfVA7RF7IT0vzKmQ11m4pvwgX5xum7BDm8vJAuTERuMATKlGcKGUBu/Qt7akaWKy6AsvhziF/IjxwGjxaiYZ7mujprkLtWpBAlg7meWnkVymngnlqGuyKFGxbP3qsqzRRt8F14bcgi2A3uPb9QLcvwEHDS1SU2nvsTURILFRH0Md+NPDEmklOA1FDyz2FWwhBdhh7jrHLnXMIc3FgzucAaGJ852FAQ7K6jZzPOgJdhdtZ3yY0/9P65TNsQudSnuo+vNUGMi7YsSGzQXnljJmqxRme7YI69UvaOCLg8H7EEAxneWu4LmDINgdvrMTn3yJy1tIFbScF8YaZR9qWcN0veJfjeRp0RBUSZXklgZZGEAGGdMKlbtPrCypC637SqhLLOc/IF9q0h+IkefQnUh
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 6387d84e-443b-46b8-a77b-08d92082237e
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2021 20:09:16.4495 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: OccozakyO/7VdEv9Oq6KmB/kA7hEEGnsuCMOaxxZp/tAd/gWsd30X5S9HQcocP8v
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR02MB5547
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/vB5c1DnLuzzHjEJWO5J7rNX59Co>
Subject: Re: [dns-privacy] Fwd: New draft-ietf-dprive-unauth-to-authoritative and draft-pp-dprive-common-features
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 20:09:26 -0000

Hiya,

On 26/05/2021 20:49, Eric Rescorla wrote:
> As noted in my presentation, it's more than an optimization. It's an
> important security function in cases where the sensitive domain name is the
> apex.

I agree with Eric on the above. And a similar thing is true
of the DS record for DNSSEC. And there's no evidence I've
seen that either is remotely practical for the vast majority
of 2LDs. (A few exceptional TLDs aside.) That's really a
pity, and I'd love to see things improve but that's where we
seem to be and have been for years.

Cheers,
S.

v2.23.0 | Report a Bug | By Email