IETF Logo Mail Archive

Re: [dns-privacy] WGLC : draft-ietf-dprive-unilateral-probing

"Wessels, Duane" <dwessels@verisign.com> Wed, 22 March 2023 19:39 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2A69C15152E for <dns-privacy@ietfa.amsl.com>; Wed, 22 Mar 2023 12:39:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6wvAm2rqRDI for <dns-privacy@ietfa.amsl.com>; Wed, 22 Mar 2023 12:39:32 -0700 (PDT)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E970C14CE31 for <dns-privacy@ietf.org>; Wed, 22 Mar 2023 12:39:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2536; q=dns/txt; s=VRSN; t=1679513973; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=/fvblVwhKKJeX/OdmS811IiVBXSfQBn1GoYQmGHGDHU=; b=d+VOdiJb3hKL2PWgtE/NETfsnKsCKfs2ypuLj5f90sMsGwiuNC3U7ze4 h35PK2K822oJIq3TX6XDy9x15qbnpnxQzIsROMXNEDNcsq/Kmlt+dKC30 0fCRVJMXU7BBu0SVYEXoYkcYLsMtWJygLLFdDYniXB6DgXFXwVKAk94Us 4chNaj/W6KfgyzoYwz2GWdQR50vJb1y1VT6cirWNJezhnZKeeNdL3seZ3 PNtGgdAaMBsze93zT1oOLiOIZamgeoKUE+bxSyTSTV/Y0+cM4PWYdf+y5 ol7BqI5B0ZLfPec9N8fgMHyoLIgCNDvJfkBsqfD8q0dcxiRWnndjqKUiv A==;
IronPort-Data: A9a23:qEwZ6KMbKdvE8I/vrR3TlsFynXyQoLVcMsEvi/4bfWQNrUoghTZTn TAaXWqAO62KZjT2ed12Otvi9hlV7ZXUzYMxSAZtpSBmQkwRpJueD7x1DKtS0wC6dZSfER09v 63yTvGacajYm1eF/k/F3oDJ9CU6j+fQLlbFILasEjhrQgN5QzsWhxtmmuoo6qZlmtHR7zml4 LsemOWCfg71s9JIGjhMsfnb80k15K6aVA4w5TTSW9ga5DcyqFFIVPrzFYnpR1PkT49dGPKNR uqr5NlVKUuAon/Bovv8+lrKWhViroz6ZGBiuVIPM0SWuSWukwRpukoNHKFFNRoI0WXhc+dZk 72hvbToIesgFvOUxLRFC3G0GQkmVUFN0OevzXRSLaV/ZqAJGpfh66wGMa04AWEX0sZrDXBF1 /A4EypXRS6knemUyrmCUdA506zPLOGzVG8eklta62jmK9sWGcmFXa7N/8ce1Tt2mNpVG7DVY M9xhThHNUyGOkIUfA5KU9RizI9EhVGmG9FcgF6KqLEs7mzI5BJ8yrn2MdXTPNeNQK25m27C/ j6Wpz+nXHn2MvS4xTa6w2Pzu9TQ3nzWYb1OK5uFxMZD1Qj7Kms7TUd+uUGAifW/kQumQdNBI kcF0isjsaZ081akJvH3RRyxplaFuBgbRdNMEuo88wWEwOzS7hrxO4QfZjRbboU5ssImHWVvz UGT2dboHnllt/ufU3TEsKmOtjX0Mi8QRYMfWRI5ocI+y4GLiOkOYtjnF76PzIbdYgXJJAzN
IronPort-HdrOrdr: A9a23:T4nBMa2HYTtbY0rEtU/S1wqjBQxyeYIsimQD101hICG9Lfb3qy n+ppsmPEHP5Ar5AEtQ5expOMG7MBfhHO1OkPYs1NaZLUTbUQ6TTb2KgrGSuwEIdxeOlNK1kJ 0QDpSWa+eAQWSS7/yKmzVQeuxIqLLsncDY5ts2jU0dNz2CAJsQiDuRfzzra3GeMzM2Y6bReq Dsg/Zvln6FQzA6f867Dn4KU6zovNvQjq/rZhYAGloO9BSOpSnA0s+0LzGomjMlFx9fy7Yr9m bI1ybj4L+4jv29whjAk0fO8pVtnsf7wNcrPr3DtiFVEESstu+bXvUjZ1SwhkF2nAhp0idurD D4mWZhAy200QKUQoj6m2qr5+Cq6kdR15ar8y7ovZKkm72+eNr/YPAx3b6wtXDimhMdVZhHod J29nPcuJxNARzamiPho9DOShFxj0Kx5WEviOgJkhVkIMMjgZJq3PoiFXluYd49NTO/7JpiHP hlDcna6voTeVSGb2rBtm0qxNC3RHw8EhqPX0BH46WuonJrtWE8y1FdyN0Un38G+p54Q55Y5/ 7cOqAtkL1VVMcZYa90Ge9ES8qqDW7GRw7KLQupUB/aPbBCP2iIp4/84b0z6u3vcJsUzIEqkJ CES19cvX5aQTOYNSRP5uw+zvngehTJYd228LAs23FQgMyPeIbW
X-IronPort-AV: E=Sophos;i="5.98,282,1673931600"; d="scan'208";a="20480366"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.21; Wed, 22 Mar 2023 15:39:31 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2507.021; Wed, 22 Mar 2023 15:39:31 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
CC: Brian Haberman <brian@innovationslab.net>
Thread-Topic: [EXTERNAL] [dns-privacy] WGLC : draft-ietf-dprive-unilateral-probing
Thread-Index: AQHZVPljb0EvdxQszEuGqESMPYskga8HhSUA
Date: Wed, 22 Mar 2023 19:39:31 +0000
Message-ID: <D457FEE0-7848-45C4-A9B5-831347023091@verisign.com>
References: <64e17d73-ea1a-00cb-a8a5-b5cfb39c37ae@innovationslab.net>
In-Reply-To: <64e17d73-ea1a-00cb-a8a5-b5cfb39c37ae@innovationslab.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.2)
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <41E56D6544C2794792AB58E5829D873D@verisign.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/v_7F0pIZicIrG75MX3gqrd-JegA>
Subject: Re: [dns-privacy] WGLC : draft-ietf-dprive-unilateral-probing
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2023 19:39:36 -0000


> On Mar 12, 2023, at 8:43 AM, Brian Haberman <brian@innovationslab.net> wrote:
> 
> All,
>     This starts a 2-week WGLC for draft-ietf-dprive-unilateral-probing-05. This call is to determine if the document is sufficiently complete to facilitate implementations and interoperability testing. Once that determination is made, the chairs will park this document in the datatracker with a state of "Waiting for Implementation" and we will await for the requested implementations and interoperability reports.
> 
>     The chairs will note that the document is currently marked as Proposed Standard and that there has been a suggestion to move it to Experimental. If you have an opinion on the status at this time, please include it in your feedback to the WG mailing list. We will revisit the status of the document before it gets advanced to our AD.
> 
>     This WGLC will end at midnight UTC on March 26, 2023.
> 
> Regards,
> Brian & Tim
> Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. 
> 


My primary concern with this draft is that, as written, it could
be interpreted as a requirement for DNS providers that operate
under contracts that use language such as "shall comply with relevant
existing RFCs".  I'm not sure that was the authors' intention.
For example, section 3 says:

   An authoritative server implementing the protocol described in this
   document MUST implement at least one of DoT or DoQ on port 853.

I can think of a couple ways this guidance could be improved:

1. The document could be split into two separate documents for clients
   and servers, and the server document could be given Experimental status.

2. Clarify that this protocol is optional for servers to deploy.  For example:

   The protocol described in this document is OPTIONAL for authoritative
   servers.  An authoritative server choosing to implement the
   protocol described in this document MUST implement at least one
   of DoT or DoQ on port 853.

Also as a point of semantics, when this document uses "implement"
I think maybe it really means "deploy"?  I've always thought that
implementation is what developers do and deployment is what operators
do.  That is the approach taken with RFCs 7766 (DNS Transport over
TCP - Implementation Requirements) and 9210 (DNS Transport over TCP
- Operational Requirements).

DW

v2.23.0 | Report a Bug | By Email