IETF Logo Mail Archive

Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Tue, 27 October 2015 17:32 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1B5C1A89F2 for <dns-privacy@ietfa.amsl.com>; Tue, 27 Oct 2015 10:32:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aObIIegIej1k for <dns-privacy@ietfa.amsl.com>; Tue, 27 Oct 2015 10:32:32 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DE501ACD26 for <dns-privacy@ietf.org>; Tue, 27 Oct 2015 10:32:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=21638; q=dns/txt; s=iport; t=1445967147; x=1447176747; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=8ZhFqKaEecj6MxNT2Lu9N2VNe3JXqwccNBFo7Ujre0o=; b=UpWLqcvKC6n8nS4uI4H/2YnrTH/oX7JwdlJESBLp56eBVY+S4Xz7Gd7Z HmvNKyYcKWJ/gFkmGVqPtFpzLDE8piu4KIQXS7sf456HJXCo4k+yCnWEk UsupIqgkHiSC1OZT1YSQ6EJD69masOe/cu9NAQbbxxaf+i6dT4xtDHKGn c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D6AQBytC9W/49dJa1egmlNVG8GvwEBDYFaFwEJhXkCHIElOBQBAQEBAQEBgQqEMgEBAQQBAQEgCkELEAIBCBEEAQEoAwICAiULFAkIAgQBDQUIiCgNs1CSIAEBAQEBAQEBAQEBAQEBAQEBAQEBARQEhneEfoRCRwQGAYJpgUUFkmODVQGFG4gBnDgBHwEBQoQEcoRogQYBAQE
X-IronPort-AV: E=Sophos; i="5.20,206,1444694400"; d="scan'208,217"; a="44440038"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-2.cisco.com with ESMTP; 27 Oct 2015 17:32:26 +0000
Received: from XCH-RCD-018.cisco.com (xch-rcd-018.cisco.com [173.37.102.28]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t9RHWQ1K014865 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 27 Oct 2015 17:32:26 GMT
Received: from xch-rcd-017.cisco.com (173.37.102.27) by XCH-RCD-018.cisco.com (173.37.102.28) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 27 Oct 2015 12:32:02 -0500
Received: from xch-rcd-017.cisco.com ([173.37.102.27]) by XCH-RCD-017.cisco.com ([173.37.102.27]) with mapi id 15.00.1104.000; Tue, 27 Oct 2015 12:32:02 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: "Mankin, Allison" <amankin@verisign.com>, Sara Dickinson <sara@sinodun.com>
Thread-Topic: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01
Thread-Index: AQHRENR+YDLKz4Tc2kuKLpZKvxS29J5/kLnA
Date: Tue, 27 Oct 2015 17:32:01 +0000
Message-ID: <fff8ba8fa3c941bfa8ee9b344caddd60@XCH-RCD-017.cisco.com>
References: <CAHw9_i+8Jxs1ZFOUS5DJ46GJugJzQq6NGOMJbDMPgLvT9AZAag@mail.gmail.com> <87fv113gq6.fsf@latte.josefsson.org> <D2500269.1270%paul.hoffman@icann.org> <CAJE_bqf-sEJuq+_oA6stYS=gW2DSuk_ivkpUdo=AEZyX29gcrA@mail.gmail.com> <837F97E2-47E2-4106-B907-DF144EFCF575@sinodun.com> <1f981f52279347f2b0b119a0ac942457@XCH-RCD-017.cisco.com> <9B6EB2BA-35E0-4B2C-8D84-177974D678DF@sinodun.com> <af61d3cb9f0f4d0fbd54b2b4c24d69b6@XCH-RCD-017.cisco.com> <48313B38-AABC-47C1-A236-9C88B3944959@sinodun.com> <4dc5210ebc10401792eafb499d4a13d7@XCH-RCD-017.cisco.com> <4FEF4ACE-138C-4298-B102-F43DAB1CA2EF@verisign.com>
In-Reply-To: <4FEF4ACE-138C-4298-B102-F43DAB1CA2EF@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.65.55.189]
Content-Type: multipart/alternative; boundary="_000_fff8ba8fa3c941bfa8ee9b344caddd60XCHRCD017ciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/wexdpG5NsVG6d1k_S1I275HTPq0>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 17:32:39 -0000

Inline [TR]

From: Mankin, Allison [mailto:amankin@verisign.com]
Sent: Tuesday, October 27, 2015 9:59 PM
To: Tirumaleswar Reddy (tireddy); Sara Dickinson
Cc: dns-privacy@ietf.org
Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01

My two cents is that the authentication profile for TLS and DTLS should not be the same as a draft with flows.

I reviewed the flows draft before it was submitted (and thank the authors for responding to initial comments).   Unsurprisingly, the flows draft is almost entirely made up of flows.  I estimate that many will have to change in response to DPRIVE WG review/discussion of the DTLS fragmentation scheme; also, some of them may need to change based on what is finalized for 1.3 in the TLS WG.  In keeping with other precedents at IETF, I’d see the flows draft as an informational document to help implementors/deployers.

[TR] But this draft also discusses (D)TLS profile for DNS privacy and it cannot be made informational. However (D)TLS profile and authentication mechanism discussed in DTLS draft can be moved to a new draft and this draft can then just discuss flows with (D)TLS and can be made informational.

The authentication profile for TLS/DTLS is something we can pull together now, with some work by the WG, and I’d expect it to be standards track.  I would not want to delay it for finishing the detailed engineering on the DTLS draft.

Bottom line:  I very much support Sara’s offer to start a stand-alone document for the authentication profile.

[TR] DNSoD already discusses authentication mechanism that can also be used for TLS. This new draft can pick text from DNSoD. This new draft should cover both authentication and (D)TLS profile. I can help with the text for this draft.

-Tiru

Speaking for the TLS authors, we’ll be happy to add language pointing ahead to an authentication profile external to our draft.

Allison

.


On Oct 27, 2015, at 11:12 AM, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com<mailto:tireddy@cisco.com>> wrote:



From: Sara Dickinson [mailto:sara@sinodun.com]
Sent: Tuesday, October 27, 2015 7:34 PM
To: Tirumaleswar Reddy (tireddy)
Cc: dns-privacy@ietf.org<mailto:dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Start of WGLC for draft-ietf-dprive-dns-over-tls-01


On 27 Oct 2015, at 12:31, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com<mailto:tireddy@cisco.com>> wrote:



I’m saying I think creating a separate document that specifically covers authentication for both TLS and DTLS makes most sense to me and will be clearer for consumers of the documents.

[TR] We can move this Section to https://tools.ietf.org/html/draft-wing-dprive-profile-and-msg-flows-00 and that will take care both (D)TLS profile for DNS privacy and authenticating the server.

I guess this is a decision for the working group since the DTLS draft is adopted, but the above document isn’t.

[TR] Yes, of course; will do that only after WG feedback and adoption of the draft.

-Tiru

Sara.
_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org<mailto:dns-privacy@ietf.org>
https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email