Re: [DNSOP] extension of DoH to authoritative servers
"Henderson, Karl" <KHenderson@verisign.com> Thu, 14 February 2019 23:17 UTC
Return-Path: <KHenderson@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98A3612F1A5 for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 15:17:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0rdsj7ohIx03 for <dnsop@ietfa.amsl.com>; Thu, 14 Feb 2019 15:17:25 -0800 (PST)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2E811289FA for <dnsop@ietf.org>; Thu, 14 Feb 2019 15:17:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=3239; q=dns/txt; s=VRSN; t=1550186245; h=from:to:subject:date:message-id:mime-version; bh=kARUqN8ufnQmY1zgr11s4FKItZxEL299YNyCGdefmCg=; b=h3s6GoanNotTtuvKtTFo3MU/xzk6lixh0YMXsA/TVu/itgY+ra+oZ7YP CKN7NPDhp8N/VUwdS6y2ktZ2KoCqV+TPu2QX0goYVpFQJV2npXFzlAYIF ox/pUcOvUjlZDtuFE/bDLq0eNWwyC611tNNzwXfZvgWOtnS2Oipg+zC0/ HF295yDN5vli/89ooY0CwY/9p8YIcksJa5LrzL00mX24jK95R4oBbS+yf DEPYod2ihON4uWTRlt3UdidkMmUOQOU70foKklxThQoXwHfVYNoLfH2b2 SDv4Z5EWL04DsNHw7qVdmoyJkCzbcBhXZ3k8Ffei/3x1rlNfBZc3fgTt3 Q==;
X-IronPort-AV: E=Sophos;i="5.58,370,1544504400"; d="scan'208,217";a="6965798"
IronPort-PHdr: 9a23:H1RJ7B1kcq2TYZ99smDT+DRfVm0co7zxezQtwd8ZseIVLfad9pjvdHbS+e9qxAeQG9mDu7Qc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPYAhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vza/4KdxUBLmiDkJOSMl8G/ZicJ/gqNbrw6uqBFk2YHYfISVOeBicq7Hf94XQ3dKUMZLVyxGB4Oxd4UDAegfMuZesobyuUEOrQC5BQmqHO/k1zpGiWXs3a0+3egqDAbL0gkiEd0QtnTbscv6NL0JUeCyyqnF1ivDYO1M2Tf884jIcx8hofeWUb1sdsrRzFAiGgXYhVuTsYzoJy6Z2vgXv2SG7edtW/ijh3Mnpgx/uDSiycMhhpHUio4J0FzI6Cd0zJovKdGlR0N2YsSoHIZTui2COYt5XMAvT31ttSs/yLAJpYK3czIPxZg62xHQd/mKfoiV7R39WuacJDN1i294d72hgRu57FKuxffmVsau1VZHti9Fkt7RuX8TzxHT8c2HSudl/kemxDaPyxjf6uFaLkAwkqrWM4MszKIomJYOsUvNBiD4l0TqgKOIbEkk5PSn6+P9YrX+vJOTLZJ7hhvgMqQ0gcy/B/40PRQJX2ie4ei81bvj8lPlQLhSk/E6jrPVvI3YKMkVvKK1Hg9Y34g55xuwCzqqyNEYkmMGLFJBdhKHlY/pO1TWLf79D/mwnVKsnyp1yPDcJb3hBZPNI2PdkLj/Z7Z96lVcyAs8zdBZ/Z5bFrYBIPfrVk/rqNPYFgM5MxCzw+v/Fdp90JgeWWWXAqKCMaPdr0OI5uw1L+mLfo8Vt2W1F/9wrfLolnghsV4QYafv2oEYIjjsEvJ9JF2xYHfwjJEGC2hc7SQkS+m/wn2PVzJefW21WeZ0xTghDMjuWaTjS4ahjaaa2yGTAJBMZ3tHBVbKGnDtIdbXE8wQYT6fd5cy2gcPUqKsHtcs
X-IPAS-Result: A2FSBQBG9mVc/zGZrQpkHgEGBwaBZYEOgUsRgTSDfJVyg3+WNAwBE4Ryg284EgEDAQEBAQEBAgEBAoEGC4I6IoJwBiNoAQgEPgIEMCcEgzMBgQ6sBIEvhUSEcYl8hCA+gTgME4JMiAoxgiYCkCOTCwMGApJrknOKOpFxAgQCBAUCFIFdgXhwegGCQpBckDmBHwEB
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 14 Feb 2019 18:17:23 -0500
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.1713.004; Thu, 14 Feb 2019 18:17:23 -0500
From: "Henderson, Karl" <KHenderson@verisign.com>
To: "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [DNSOP] extension of DoH to authoritative servers
Thread-Index: AQHUxLtwylFtk43zWkmFVUKhRJ+EWw==
Date: Thu, 14 Feb 2019 23:17:23 +0000
Message-ID: <682B531B-11CE-450B-8404-DF575B0E6D66@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.6.190114
x-originating-ip: [10.170.148.18]
Content-Type: multipart/alternative; boundary="_000_682B531B11CE450B8404DF575B0E6D66verisigncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7hUq82aAHhw9b9bfjcbCpq0MqlE>
Subject: Re: [DNSOP] extension of DoH to authoritative servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 23:17:27 -0000
As we discussed during the interim dprive meeting held last December, we need more empirical studies looking at performance as well as attack vectors. I’m aware of Sinodun’s efforts in this area but are there others that address performance and attack vectors specifically for both DoT and DoH at the authoritative?
- [DNSOP] extension of DoH to authoritative servers zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Jeremy Rand
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Wouters
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Wouters
- Re: [DNSOP] extension of DoH to authoritative ser… Joe Abley
- Re: [DNSOP] extension of DoH to authoritative ser… David Conrad
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Patrik Fältström
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… David Conrad
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… David Conrad
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Benno Overeinder
- Re: [DNSOP] extension of DoH to authoritative ser… Vittorio Bertola
- Re: [DNSOP] extension of DoH to authoritative ser… Vladimír Čunát
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… David Conrad
- Re: [DNSOP] extension of DoH to authoritative ser… Henderson, Karl
- Re: [DNSOP] extension of DoH to authoritative ser… Vladimír Čunát
- [DNSOP] DoH vs DoT vs network operators, and requ… Brian Dickson
- Re: [DNSOP] DoH vs DoT vs network operators, and … Warren Kumari
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Wouters
- Re: [DNSOP] extension of DoH to authoritative ser… Jim Reid
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Jim Reid
- [DNSOP] Multiplexing DNS & HTTP over TLS (was: ex… Shane Kerr
- Re: [DNSOP] extension of DoH to authoritative ser… Vladimír Čunát
- Re: [DNSOP] extension of DoH to authoritative ser… Bjørn Mork
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS (was… Joe Abley
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS Klaus Malorny
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS Shane Kerr
- Re: [DNSOP] extension of DoH to authoritative ser… Tony Finch
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS John Levine
- Re: [DNSOP] extension of DoH to authoritative ser… Henderson, Karl
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS Warren Kumari