Re: [dns-privacy] [DNSOP] [core] WGA call for draft-lenders-dns-over-coap

Vladimír Čunát <vladimir.cunat+ietf@nic.cz> Fri, 09 September 2022 16:11 UTC

Return-Path: <vladimir.cunat+ietf@nic.cz>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60374C1524C8; Fri, 9 Sep 2022 09:11:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YsIUE3ktXLEU; Fri, 9 Sep 2022 09:11:27 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72211C14CF04; Fri, 9 Sep 2022 09:11:26 -0700 (PDT)
Received: from [IPV6:2a02:768:2d1c:226:f415:ddea:df86:8fa9] (unknown [IPv6:2a02:768:2d1c:226:f415:ddea:df86:8fa9]) by mail.nic.cz (Postfix) with ESMTPSA id 1B48913F7DF; Fri, 9 Sep 2022 18:11:22 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------orMinuqPUoml2j1MEXKoKCK1"
Message-ID: <0597f734-d900-4eb0-9004-134d318e619c@nic.cz>
Date: Fri, 9 Sep 2022 18:11:21 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
To: Ben Schwartz <bemasc@google.com>
Cc: core@ietf.org, DNS Privacy Working Group <dns-privacy@ietf.org>, dnsop <dnsop@ietf.org>, =?UTF-8?Q?Jaime_Jim=c3=a9nez?= <jaime@iki.fi>
References: <eb776071-e99c-93a9-b0ba-c14ad5c11e13@fastmail.com> <98cb0b90-4b23-257b-9553-7b0ef3a9bcab@fastmail.com> <CAHbrMsA4CnFKAxNXEvXfXGNgHi7FNt=T+pPMOca13bBCxi12Gg@mail.gmail.com>
Content-Language: cs, en-US
From: =?UTF-8?B?VmxhZGltw61yIMSMdW7DoXQ=?= <vladimir.cunat+ietf@nic.cz>
In-Reply-To: <CAHbrMsA4CnFKAxNXEvXfXGNgHi7FNt=T+pPMOca13bBCxi12Gg@mail.gmail.com>
X-Virus-Scanned: clamav-milter 0.103.6 at mail
X-Virus-Status: Clean
X-Rspamd-Queue-Id: 1B48913F7DF
X-Spamd-Result: default: False [-1.93 / 99.00]; ARC_NA(0.00)[]; BAYES_HAM(-2.83)[99.28%]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; R_MIXED_CHARSET(1.00)[subject]; ASN(0.00)[asn:44489, ipnet:2a02:768::/32, country:CZ]; TAGGED_FROM(0.00)[ietf]; MID_RHS_MATCH_FROM(0.00)[]
X-Spamd-Bar: -
X-Rspamd-Server: mail
Authentication-Results: mail.nic.cz; auth=pass smtp.auth=vladimir.cunat@nic.cz smtp.mailfrom=vladimir.cunat@nic.cz
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/zQEDuICgR4XrUzYFcoFuu3pQ4jk>
Subject: Re: [dns-privacy] [DNSOP] [core] WGA call for draft-lenders-dns-over-coap
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2022 16:11:31 -0000

On 06/09/2022 17.06, Ben Schwartz wrote:
> The choice of transport is independent of the DNS server's answering 
> behavior, which must not be modified by the transport.

Nit: there's a very specific counter-example of EDNS padding which is 
meant to be added depending on transport encryption. 
https://www.rfc-editor.org/rfc/rfc7830#section-6

There might be some others (in future, too), as encryption does change 
some considerations, but yes - not basic stuff like following CNAMEs.

--Vladimir | knot-resolver.cz