Re: [dns-privacy] New Version Notification for draft-bretelle-dprive-dot-spki-in-ns-name-00.txt
"A. Schulze" <sca@andreasschulze.de> Tue, 12 March 2019 07:14 UTC
Return-Path: <sca@andreasschulze.de>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5243130EFB for <dns-privacy@ietfa.amsl.com>; Tue, 12 Mar 2019 00:14:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=andreasschulze.de header.b=vWJSBVSp; dkim=pass (2048-bit key) header.d=andreasschulze.de header.b=BJJDNPMA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gbxMSVubL7u4 for <dns-privacy@ietfa.amsl.com>; Tue, 12 Mar 2019 00:14:48 -0700 (PDT)
Received: from mta.somaf.de (mta.somaf.de [IPv6:2001:470:77b3:103::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD385130EE7 for <dns-privacy@ietf.org>; Tue, 12 Mar 2019 00:14:48 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=andreasschulze.de; i=@andreasschulze.de; q=dns/txt; s=ed25519; t=1552374886; h=date : message-id : from : to : cc : subject : references : in-reply-to : content-type : mime-version : from; bh=bSWtq74rgN0BC59yl6XZ2OiSnvelXFhX0wJLf6nCtvs=; b=vWJSBVSpR7YCfDqXt7cI+XqL2BesIm8CNcNUdphl7I+V8x8J9jC6s1Gw Td5d2fk8mbB58BQrTPNwE01bEd/3BA==
Date: Tue, 12 Mar 2019 08:14:45 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=andreasschulze.de; s=20190120-D99A; t=1552374886; x=1557374886; bh=bSWtq74rgN0BC59yl6XZ2OiSnvelXFhX0wJLf6nCtvs=; h=Date:Message-ID:From:To:Cc:Subject:References:In-Reply-To: Content-Type:from:reply-to:subject:date:to:cc:content-type: message-id; b=BJJDNPMAR9ayCJ6m3h+ETNL0ldPpFR/bKgGOcGEUi2hZOzJu4pToJmJQm8Pz6/i6E TXNLI9zEuO+8zhdK0eoo/FvLeCh0enn2lN54yPTTHZa0nHTP6ZpUN9+0mirvfVM3n5 kqgIS2HlhXNl6MDhl12Z4PLPRhbyyoP3k044WlKgqGgKdbadQlDK/yHsw6oO/riKjw tP/O6ziUXuSbRapTzv5BasuZxKAJc/1cL3eyVBa8mz95L/tfrAKahImay3khsl5jfr /rttHocD0MemwrxOCUJtdVvYooHfpQ8WW+WPId/VDS5GX5notEmKssx/grCUErl9rS Q2TazcpdP9HEw==
Message-ID: <20190312081445.Horde.HrYP_yY583uOXncLiKqXGIY@andreasschulze.de>
From: "A. Schulze" <sca@andreasschulze.de>
To: manu tman <chantr4@gmail.com>
Cc: dns-privacy@ietf.org
References: <CAArYzrLkzYgruSwGLuHEBqH-GqhGQOAKnk=m_4QZJRfW1zEeGw@mail.gmail.com> <638529ee-5df0-ad8a-6c2b-859667c94797@andreasschulze.de> <CAArYzrL98Qg0-3yNens3WjGBQBpvLapnDLCtqXzYFg1OUXJmmg@mail.gmail.com>
In-Reply-To: <CAArYzrL98Qg0-3yNens3WjGBQBpvLapnDLCtqXzYFg1OUXJmmg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"; DelSp="Yes"
MIME-Version: 1.0
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/zSF3LFaYm1VeRtNCVwmajW6Ogl8>
Subject: Re: [dns-privacy] New Version Notification for draft-bretelle-dprive-dot-spki-in-ns-name-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2019 07:14:52 -0000
manu tman: > What I meant is roughly around the line of > https://tools.ietf.org/html/draft-bortzmeyer-dprive-resolver-to-auth-01#section-2 > . e.g if you operate a resolver in strict mode, and DoT fails (connection > to port 853, fail to validate SPKI) while the name of the name server > indicates that DoT is supported. The resolver should fail. > In opportunistic mode, the resolver will fallback onto port 53. The > operator of the resolver will be setting the mode of operation. Hello, Ah, that makes sense, my reading was to allow the resolver to use 853 in oportunistic mode even when SPKI validation fail. I've to reread the text... Andreas
- [dns-privacy] New Version Notification for draft-… manu tman
- Re: [dns-privacy] New Version Notification for dr… A. Schulze
- Re: [dns-privacy] New Version Notification for dr… manu tman
- Re: [dns-privacy] New Version Notification for dr… A. Schulze
- Re: [dns-privacy] New Version Notification for dr… Bob Harold
- Re: [dns-privacy] New Version Notification for dr… manu tman