Re: [dns-privacy] Working Group Last Call draft-ietf-dprive-dtls-and-tls-profile

Sara Dickinson <sara@sinodun.com> Thu, 27 October 2016 14:45 UTC

Return-Path: <sara@sinodun.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10CC7129622 for <dns-privacy@ietfa.amsl.com>; Thu, 27 Oct 2016 07:45:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eTmB0Eka6cZc for <dns-privacy@ietfa.amsl.com>; Thu, 27 Oct 2016 07:45:04 -0700 (PDT)
Received: from shcp01.hosting.zen.net.uk (shcp01.hosting.zen.net.uk [88.98.24.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 612B51293F2 for <dns-privacy@ietf.org>; Thu, 27 Oct 2016 07:36:03 -0700 (PDT)
Received: from [62.232.251.194] (port=13095 helo=virgo.sinodun.com) by shcp01.hosting.zen.net.uk with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.87) (envelope-from <sara@sinodun.com>) id 1bzlmU-0006yy-VV; Thu, 27 Oct 2016 15:35:57 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Sara Dickinson <sara@sinodun.com>
In-Reply-To: <5659D16F-4744-4BCF-8D44-9A169DF4F800@vpnc.org>
Date: Thu, 27 Oct 2016 15:35:48 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <AD04EF10-E786-48D5-81CE-037347C42481@sinodun.com>
References: <5dc29c0c-9f34-dcac-8d94-f2722ee6a4ba@gmail.com> <03AC11BC-BE33-47B8-B1A2-1BDC26280B2C@vpnc.org> <7BAA0258-E476-4940-8430-80BC8ED4FD94@sinodun.com> <64813B2D-063A-49B2-8A82-7C248681B641@vpnc.org> <46BE40A7-402E-4C69-9A43-4CE500D47853@sinodun.com> <5659D16F-4744-4BCF-8D44-9A169DF4F800@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.3226)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - shcp01.hosting.zen.net.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - sinodun.com
X-Get-Message-Sender-Via: shcp01.hosting.zen.net.uk: authenticated_id: sara+sinodun.com/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: shcp01.hosting.zen.net.uk: sara@sinodun.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/xC9Xdmamp4kQk6iCgKpyhZoiUAo>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Working Group Last Call draft-ietf-dprive-dtls-and-tls-profile
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 14:45:08 -0000

> On 27 Oct 2016, at 15:06, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> 
> On 27 Oct 2016, at 5:35, Sara Dickinson wrote:
> 
>>> That would be good, yes. But "obtained" still sounds like it might come from the DNS itself, not from configuration or DHCP.
>> 
>> Well it could come from DNS via a SRV lookup.
> 
> How could it come from SRV? I am thinking (perhaps incorrectly) that it has to only come from configuration or DHCP.

Ah, in the case where the client only has the name configured I’m thinking that there has to be a  look up to know which server the domain name is valid for. So the name<-->IP mapping is what is ‘obtained’ from the DNS. How about: 

* How a DNS client can obtain the combination of authentication domain name and IP address for a DNS server.

Sara.