IETF Logo Mail Archive

Re: [dns-privacy] Please review documents...

"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 30 September 2015 18:57 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 974911A890E for <dns-privacy@ietfa.amsl.com>; Wed, 30 Sep 2015 11:57:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O-icZwIPjZWV for <dns-privacy@ietfa.amsl.com>; Wed, 30 Sep 2015 11:57:15 -0700 (PDT)
Received: from hoffman.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5EC91A890D for <dns-privacy@ietf.org>; Wed, 30 Sep 2015 11:57:14 -0700 (PDT)
Received: from [10.32.60.140] (142-254-17-123.dsl.dynamic.fusionbroadband.com [142.254.17.123]) (authenticated bits=0) by hoffman.proper.com (8.15.1/8.14.9) with ESMTPSA id t8UIvCIS046290 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 30 Sep 2015 11:57:12 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 142-254-17-123.dsl.dynamic.fusionbroadband.com [142.254.17.123] claimed to be [10.32.60.140]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 30 Sep 2015 11:57:11 -0700
Message-ID: <DF622B6B-C666-48AE-9D41-C33B4E04D057@vpnc.org>
In-Reply-To: <CA+9kkMBOuNtG1hFFVuEfTOGRjd8pfQrGXNETE1uW1S=qxeHxEg@mail.gmail.com>
References: <CAHw9_iKDOa8MtJERWqd+0z1eJj8Sx7ybpA_cNuZ+cRFqUovYJQ@mail.gmail.com> <CAHw9_iLXpZRUDuEAK23bTx6qn3+NF8bjYvbtt+VAA63KEpOk1w@mail.gmail.com> <CA+9kkMBOuNtG1hFFVuEfTOGRjd8pfQrGXNETE1uW1S=qxeHxEg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.2r5141)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/zq_ZGyhSMJt37VXe4rqKtzLHHSI>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] Please review documents...
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 18:57:15 -0000

On 30 Sep 2015, at 11:53, Ted Hardie wrote:

> Howdy,
>
> A quick question about  draft-ietf-dprive-dns-over-tls-0:
>
> Some previous drafts used ALPN (RFC 7301) tokens to negotiate the use 
> of
> DNS as an application layer protocol user of TLS.  This draft seems to
> assume that because it is using a well-known port, it does not need to
> specify an ALPN  token to indicate that the protocol being negotiated 
> is
> DNS.
>
> It strike me as utterly harmless to include such a token and possibly
> beneficial (since you might eventually use different tokens for EDNS 
> level,
> for example). Is there a strong objection to using both that I'm 
> missing?

Your proposal would restrict initial deployment to clients and servers 
whose TLS stack has ALPN. Instead of doing this, we could gate the next 
version on ALPN instead, causing more early deployment.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email