[dns-privacy] WG strategy on opportunistic vs authenticated moving forward
Tim Wicinski <tjw.ietf@gmail.com> Mon, 12 July 2021 17:12 UTC
Return-Path: <tjw.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C12F3A22C6; Mon, 12 Jul 2021 10:12:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.188
X-Spam-Level:
X-Spam-Status: No, score=-0.188 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZONg7YuxPs3l; Mon, 12 Jul 2021 10:12:38 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9613F3A22C4; Mon, 12 Jul 2021 10:12:37 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id 22so14478349lfy.12; Mon, 12 Jul 2021 10:12:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=Cg+7Qk6tJrB94r0brd/RwZAhuf1zU3ts4aT2hnBnFoM=; b=k9lkDtsy+zu5GVyjJu6Cx2hyfMm/Dur5LGSWhZiYdLJ5jqvAN5OGGZB8Q5cmW3zHUO zfe7xsV2FxSQudgYAolhpQNy54XsGvzF9bHtwxhUR3kQHVlyPjwEkKCjvG92JRJ26qvU OOP4GeJYqfrk9Q8sq2PoXr96R+53FdxXb9DSrTQJTgio3K6ZuyKg3ADWLFK+MbNUdvmB MpQLAb62Vo5ouXRTtVDpTvzO9Jcf23DU9qjOHCQrkHSbhNGdA7vOAfTBt+4dQFP2Wl8R BWUenA5Wncj+1u/9T2BnF5rbwAnv6GI6uyipLYbV1+yut9nFfDvf3A3GrqHHjpEQfNDc y/vQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=Cg+7Qk6tJrB94r0brd/RwZAhuf1zU3ts4aT2hnBnFoM=; b=Vth3yddraKwTV4IlpvbLhohyYgyfxBrIMQIaJWxdQ96byQGlK8ksG4NUyrF3mn6pWb ZOVF7buBXJgDPoXHn2qQYna2QKPiehM8VvyoJyA6ZUQ8attXZIUgkYN4d4opi3a66AI4 Ds8m/pQ8tFYFgl1R3H37i6qr03QFCMKCyxpAgEwSMqhRFD3QIBZoJwFduFvPfrlLLh+J N/3HQsCSRKoy7svqSfg7AwAk89s90sV5fx/8/YO61C8i9+FfgqRH009/6jn9wRaoxKYS wIz0slJvnN29LvFzPY0O/fIoQeipn3xf2osPOVX4fRdJBpUDzQyVCZt7dwYYRsV6pQ2B 5GqQ==
X-Gm-Message-State: AOAM532bTM5uqPcvBK7LZnEveQGw1IyfhV/kg16r53UEUc06jhsg6kce h259SvMpKCYUhzBXqR5WYI6pRBIdLHMiGYCzcaOI4V/Au6GvCQ==
X-Google-Smtp-Source: ABdhPJxnh6+/uUqQWeni5FFWx5VP2jOTlMpgFSolJpPAb9Dr6YlGv2YUHdOgye0wXPQdZlj6j60IxoHVyjGr3thfW2I=
X-Received: by 2002:ac2:42cd:: with SMTP id n13mr40532579lfl.330.1626109952727; Mon, 12 Jul 2021 10:12:32 -0700 (PDT)
MIME-Version: 1.0
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Mon, 12 Jul 2021 13:12:21 -0400
Message-ID: <CADyWQ+FQsJmmqsVhBqxK6RP-0RhOHVqvMN_bQ4CEpBWNCU+LJg@mail.gmail.com>
To: DNS Privacy Working Group <dns-privacy@ietf.org>
Cc: dprive-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000191ea905c6f03aab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/wqU9LECOcn0mCStp0EAmj8jP57o>
Subject: [dns-privacy] WG strategy on opportunistic vs authenticated moving forward
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2021 17:12:40 -0000
All, The chairs have been watching the working group while we prepare for the upcoming meeting, and working through the proposals and arguments that keep coming up. We feel there is strong consensus to work on opportunistic encryption and that it may be beneficial to discuss possible experimental deployments with a version of the currently documented approach (draft-ietf-dprive-unauth-to-authoritative). The concern with lumping the root, TLDs, and SLDs into one solution is that there are contractual issues with what can be in a zone above an SLD. These limitations are potentially an issue with some solutions that need/want new records in the parent’s zone. We feel like the WG will not be able to make additional progress on any of the proposed solutions until we can reach consensus on whether the solution should be homogeneous from the root down or that the real focus is on SLDs and down. We've asked Paul and Petr to not focus on the common-features document and move that content back into their draft. The authors of draft-rescorla-dprive-adox-latest will be incorporating concepts from draft-schwartz-dprive-name-signal as a next step for the authenticated encryption proposal. This should provide a more concrete proposal that can be considered for WG adoption. The chairs would like to solicit any input/feedback on the above as we prepare for our session during IETF 111. Tim & Brian
- [dns-privacy] WG strategy on opportunistic vs aut… Tim Wicinski
- Re: [dns-privacy] WG strategy on opportunistic vs… Stephen Farrell
- Re: [dns-privacy] WG strategy on opportunistic vs… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WG strategy on opportunis… Paul Hoffman
- Re: [dns-privacy] [Ext] WG strategy on opportunis… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WG strategy on opportunis… Paul Hoffman
- Re: [dns-privacy] [Ext] WG strategy on opportunis… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WG strategy on opportunis… Vladimír Čunát