Re: [DNSOP] New draft, seeking comments: draft-sah-resolver-information
"John Levine" <johnl@taugh.com> Thu, 02 May 2019 20:59 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2005C1204AE for <dnsop@ietfa.amsl.com>; Thu, 2 May 2019 13:59:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Q15K4yUN; dkim=pass (1536-bit key) header.d=taugh.com header.b=iCYqYYkf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iMkRbLQI2Vwp for <dnsop@ietfa.amsl.com>; Thu, 2 May 2019 13:59:40 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EA1D12007A for <dnsop@ietf.org>; Thu, 2 May 2019 13:59:40 -0700 (PDT)
Received: (qmail 34803 invoked from network); 2 May 2019 20:59:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=87ee.5ccb5a3b.k1905; i=johnl-iecc.com@submit.iecc.com; bh=W7IR0NM2AWpdqmXmumVerwFKBQHKMeVP0HOTOkhts+o=; b=Q15K4yUNOw5+BkDm2EzBM1HM02L5CuZcQs6GJn25X/MsEQNlgQmjjzZxKS6HXljyZSld2Sw3Ba1uKI8NWnMMHrhjtqORaV5WZ/tO6JHM/+BjpRTNXY8AwbZDq+ZiS7HWOEEAL+81BwTZ8sPc46xu+OPTrFyV+PBIeTqdQUkTVUX/jYyegRhrJKV6AZ3YLxhoua8hsseMOMjl7G1IVwLnAgyg5904T8ji8qtB5RG/SDluJC76dy1LgdIDzgVPkgxi
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=87ee.5ccb5a3b.k1905; olt=johnl-iecc.com@submit.iecc.com; bh=W7IR0NM2AWpdqmXmumVerwFKBQHKMeVP0HOTOkhts+o=; b=iCYqYYkf7mUcNYtos8cPuEFDQ9IFBSa7jzcFazCMwCie1rElcILJ1aqNELZZS+duGnT2y7JbDrB0TrhWMrvdFXzXpEY7YnfinvMn2uFIdW7Vwdz8Z0ruNEUqvd5TtGvUHFQAoBvsgDVLhQqfbBUFL7UQ7dm3U3TdgB55jpxrINDOkipiwk0I+coYzpsmwvfatjJx5tGVzo6GGUwqUwJTdcQsAaeNqsqQnSki9c+tZgfqLThjdYhZh7kGHo2fUVQs
Received: from ary.qy ([64.246.232.221]) by imap.iecc.com ([64.57.183.75]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP; 02 May 2019 20:59:38 -0000
Received: by ary.qy (Postfix, from userid 501) id 604982013404D1; Thu, 2 May 2019 16:59:38 -0400 (EDT)
Date: Thu, 02 May 2019 16:59:38 -0400
Message-Id: <20190502205938.604982013404D1@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: paul.hoffman@icann.org
In-Reply-To: <6B112B6B-A8B3-46EA-8DE9-8A0535A7B878@icann.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7RYX_87ZY7c_9vsfq4AcpWz6cfw>
Subject: Re: [DNSOP] New draft, seeking comments: draft-sah-resolver-information
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 20:59:42 -0000
In article <6B112B6B-A8B3-46EA-8DE9-8A0535A7B878@icann.org> you write: > Title : DNS Resolver Information Self-publication > Authors : Puneet Sood > Roy Arends > Paul Hoffman > Filename : draft-sah-resolver-information-00.txt > Pages : 9 > Date : 2019-04-30 ]] Having now read it, I sympathize with its goals, but it's two separate things lashed together. One is sort of the 21st century version of the old CH version.bind hack, ask the server a special funky question and it tells you about itself. The other is a well-known URL on a web server at the same IP address as the DNS cache. Both have issues -- the DNS approach is a dns-camel hack and there's no obvious way to sign or secure it. The web page is straightforward give or take practical issues of running a web server on the same IP as a DNS cache, and that getting a signed SSL certificate for an IP can be from moderately to extremely painful depending on your budget, the difficulty of doing an OV validation on your organization, and your relationship with the RIR contact for your IP address. I believe that DoT and DoH have the same certificate issues as the web server. I suppose you could find your DoH server by name, but if you can do that, you could equally well find your DoT or .well-known server by name and define the problem out of existence. My inclination would be to put this on hold and advance the web server part if ACME adds a way to do IP address certs. I don't see any reason to prefer DoH or DoT over .well-known, since it uses same TLS channel and has a much simpler encoding of the content.
- [DNSOP] New draft, seeking comments: draft-sah-re… Paul Hoffman
- Re: [DNSOP] New draft, seeking comments: draft-sa… Paul Vixie
- Re: [DNSOP] New draft, seeking comments: draft-sa… Erik Kline
- Re: [DNSOP] New draft, seeking comments: draft-sa… Ralf Weber
- Re: [DNSOP] New draft, seeking comments: draft-sa… Brian Dickson
- Re: [DNSOP] New draft, seeking comments: draft-sa… John Levine
- Re: [DNSOP] New draft, seeking comments: draft-sa… Puneet Sood
- Re: [DNSOP] New draft, seeking comments: draft-sa… John Levine
- Re: [DNSOP] New draft, seeking comments: draft-sa… Vladimír Čunát
- Re: [DNSOP] New draft, seeking comments: draft-sa… John R Levine
- Re: [DNSOP] New draft, seeking comments: draft-sa… Vladimír Čunát
- Re: [DNSOP] New draft, seeking comments: draft-sa… Töma Gavrichenkov
- Re: [DNSOP] New draft, seeking comments: draft-sa… John R Levine
- Re: [DNSOP] New draft, seeking comments: draft-sa… John Levine