Re: [dns-privacy] [Ext] ALPN protocol ID for DoT
"Reed, Jon" <jreed@akamai.com> Fri, 13 December 2019 12:06 UTC
Return-Path: <jreed@akamai.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DC6B120091 for <dns-privacy@ietfa.amsl.com>; Fri, 13 Dec 2019 04:06:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IrBrd8GowsGQ for <dns-privacy@ietfa.amsl.com>; Fri, 13 Dec 2019 04:06:28 -0800 (PST)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17B9012081E for <dns-privacy@ietf.org>; Fri, 13 Dec 2019 04:06:15 -0800 (PST)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBDC28iC024155; Fri, 13 Dec 2019 12:05:53 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=MGpIpb+YWaWJ2e3B8VwIdu9aWAUgbWB87/0Fxri1XmU=; b=T5uHip4QuWGUJG3xTLlTpub72nIOjaZxUXrNjaMTFTGiH2NVQURjQThqXdZnaAyG5kAm Jk5S6Dos6sW4fv9tc8FNNNSuNnWNDtwdViO69sEiZDZoTwYNG6xh/kkPUEF5uN0UIwPG TMWqFxSHUf/t98riYKoI+YJ+/3TgOTVplXlzWVa8/3EV3C3eSooZa/vXoLeP9TFSM6qW n2sS/MLQIy8RB8bU/4d0AXSPMxs8icPoi21Tyu1xymJm28A/zsHb/UwUqzTCPETyvZ8f 9RLjDAGEl2wlgQokn5wyLgM9BHLeUXkj7L2pdSk0djihjVc6GVYXSWrAJ9MTN7UKhypI Nw==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18] (may be forged)) by mx0a-00190b01.pphosted.com with ESMTP id 2wur4skgk6-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 13 Dec 2019 12:05:52 +0000
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id xBDC2SxY030995; Fri, 13 Dec 2019 07:05:51 -0500
Received: from email.msg.corp.akamai.com ([172.27.123.31]) by prod-mail-ppoint1.akamai.com with ESMTP id 2wr8a1kqha-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 13 Dec 2019 07:05:51 -0500
Received: from usma1ex-dag3mb6.msg.corp.akamai.com (172.27.123.54) by usma1ex-dag3mb4.msg.corp.akamai.com (172.27.123.56) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 13 Dec 2019 07:05:50 -0500
Received: from usma1ex-dag3mb6.msg.corp.akamai.com ([172.27.123.54]) by usma1ex-dag3mb6.msg.corp.akamai.com ([172.27.123.54]) with mapi id 15.00.1473.005; Fri, 13 Dec 2019 07:05:50 -0500
From: "Reed, Jon" <jreed@akamai.com>
To: John Levine <johnl@taugh.com>
CC: "dns-privacy@ietf.org" <dns-privacy@ietf.org>, "paul.hoffman@icann.org" <paul.hoffman@icann.org>
Thread-Topic: [dns-privacy] [Ext] ALPN protocol ID for DoT
Thread-Index: AQHVsPz65oGKHtKjkEGPvoWLM8qmCqe29QiAgADVh4CAAIKaAA==
Date: Fri, 13 Dec 2019 12:05:50 +0000
Message-ID: <D5F89B94-1A5D-4250-9BAC-C993F6CA2E49@akamai.com>
References: <20191213041824.3F164114907C@ary.qy>
In-Reply-To: <20191213041824.3F164114907C@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.104.11)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.112.130]
Content-Type: multipart/signed; boundary="Apple-Mail=_35974649-9694-47E4-B5BC-E8E39B8A68FC"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-12-13_03:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-1912130098
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-13_03:2019-12-13,2019-12-13 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 suspectscore=0 priorityscore=1501 mlxlogscore=999 spamscore=0 impostorscore=0 mlxscore=0 lowpriorityscore=0 bulkscore=0 phishscore=0 clxscore=1011 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912130097
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/zDHx5e4g9aer8SV6i9v_NhCy0eU>
Subject: Re: [dns-privacy] [Ext] ALPN protocol ID for DoT
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Dec 2019 12:06:31 -0000
> On Dec 12, 2019, at 11:18 PM, John Levine <johnl@taugh.com> wrote: > > In article <7F87E623-3D21-4061-816B-1B18FAED36FB@icann.org> you write: >> - It will cause confusion because there will be two ways to do DoT, so a client might have to test each way >> in order to know if the resolver supports DoT. > > I have no objection to reserving an ALPN ID for DoT for use by private > agreement, That is precisely what I am proposing. > but I'd be pretty unhappy if it became a de-facto > alternative to port 853. If a small RFC is published, as others have discussed, I would support a statement to the fact that ALPN-capable resolvers SHOULD NOT (MUST NOT?) require the ALPN identifier when accepting DoT connections on 853. Ports other than 853 don't impact opportunistic DoT, since you have to have prior mutual agreement of the alternative port. > > We really need to figure out how to do DoWhatever discovery, > preferably better than probe ports on the same IP as the port 53 > server. Agreed. -Jon
- [dns-privacy] ALPN protocol ID for DoT Reed, Jon
- Re: [dns-privacy] [Ext] ALPN protocol ID for DoT Paul Hoffman
- Re: [dns-privacy] [Ext] ALPN protocol ID for DoT Martin Thomson
- Re: [dns-privacy] ALPN protocol ID for DoT Allison Mankin
- Re: [dns-privacy] ALPN protocol ID for DoT Martin Thomson
- Re: [dns-privacy] ALPN protocol ID for DoT Allison Mankin
- Re: [dns-privacy] ALPN protocol ID for DoT Martin Thomson
- Re: [dns-privacy] [Ext] ALPN protocol ID for DoT John Levine
- Re: [dns-privacy] [Ext] ALPN protocol ID for DoT Reed, Jon
- Re: [dns-privacy] [Ext] ALPN protocol ID for DoT John R Levine