Re: [DNSOP] Proposal for a new record type: SNI
Robert Edmonds <edmonds@mycre.ws> Tue, 14 February 2017 19:16 UTC
Return-Path: <edmonds@mycre.ws>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 062FC129771 for <dnsop@ietfa.amsl.com>; Tue, 14 Feb 2017 11:16:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eYRcZASiJxhK for <dnsop@ietfa.amsl.com>; Tue, 14 Feb 2017 11:16:16 -0800 (PST)
Received: from mycre.ws (mycre.ws [45.33.102.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AE3B12971B for <dnsop@ietf.org>; Tue, 14 Feb 2017 11:16:16 -0800 (PST)
Received: by chase.mycre.ws (Postfix, from userid 1000) id 3923C12C159E; Tue, 14 Feb 2017 14:16:15 -0500 (EST)
Date: Tue, 14 Feb 2017 14:16:15 -0500
From: Robert Edmonds <edmonds@mycre.ws>
To: Ben Schwartz <bemasc@google.com>
Message-ID: <20170214191615.rwawyluf6nf4lfnm@mycre.ws>
References: <CAHbrMsAJ5JRtdjZRkCq4qC3dS_Fx96WBu8DPnJ1sSf=9HErKrw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAHbrMsAJ5JRtdjZRkCq4qC3dS_Fx96WBu8DPnJ1sSf=9HErKrw@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ArPKf91IboTTD4JWJy1sGxd0Pww>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Proposal for a new record type: SNI
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2017 19:16:18 -0000
Ben Schwartz wrote: > Hi dnsop, > > I've written a draft proposal to improve the privacy of TLS connections, by > letting servers use the DNS to tell clients what SNI to send. > > https://tools.ietf.org/html/draft-schwartz-dns-sni-01 > > I've incorporated some helpful feedback [1] from the TLS WG, but now I > could use your help analyzing the DNS side. All comments welcome; this > draft will change based on your feedback. > > One particular issue that I could use advice on: should this be a new > record type, or should it reuse/repurpose an existing type like SRV or PTR? > > Thanks, > Ben > > [1] https://www.ietf.org/mail-archive/web/tls/current/msg22353.html Hi, Ben: I'm kind of curious: your examples are pretty HTTP-centric, and HTTP already has some pretty strong features for origins to persistently modify how clients perform TLS, i.e., HTTP Strict Transport Security and HTTP Public Key Pinning, along with preloading of those settings by the browser vendors. Why not follow that same model for the functionality in your draft? -- Robert Edmonds
- [DNSOP] Proposal for a new record type: SNI Ben Schwartz
- Re: [DNSOP] Proposal for a new record type: SNI Robert Edmonds
- Re: [DNSOP] Proposal for a new record type: SNI Paul Wouters
- Re: [DNSOP] Proposal for a new record type: SNI Wessels, Duane
- Re: [DNSOP] Proposal for a new record type: SNI Ben Schwartz
- Re: [DNSOP] Proposal for a new record type: SNI Robert Edmonds
- Re: [DNSOP] Proposal for a new record type: SNI John Levine
- Re: [DNSOP] Proposal for a new record type: SNI John Levine
- Re: [DNSOP] Proposal for a new record type: SNI Warren Kumari
- Re: [DNSOP] Proposal for a new record type: SNI Adrien de Croy
- Re: [DNSOP] Proposal for a new record type: SNI Ben Schwartz
- Re: [DNSOP] Proposal for a new record type: SNI John Levine
- Re: [DNSOP] Proposal for a new record type: SNI Ben Schwartz
- Re: [DNSOP] Proposal for a new record type: SNI Ben Schwartz
- Re: [DNSOP] Proposal for a new record type: SNI John Levine
- Re: [DNSOP] Proposal for a new record type: SNI Erik Nygren
- Re: [DNSOP] Proposal for a new record type: SNI Ben Schwartz
- Re: [DNSOP] Proposal for a new record type: SNI Ben Schwartz
- Re: [DNSOP] Proposal for a new record type: SNI John R Levine
- Re: [DNSOP] Proposal for a new record type: SNI Ben Schwartz
- Re: [DNSOP] Proposal for a new record type: SNI John R Levine
- Re: [DNSOP] Proposal for a new record type: SNI Tony Finch
- Re: [DNSOP] Proposal for a new record type: SNI Phillip Hallam-Baker
- Re: [DNSOP] Proposal for a new record type: SNI Ben Schwartz
- Re: [DNSOP] Proposal for a new record type: SNI John Levine
- Re: [DNSOP] Proposal for a new record type: SNI Warren Kumari
- Re: [DNSOP] Proposal for a new record type: SNI John R Levine
- Re: [DNSOP] Proposal for a new record type: SNI Robert Edmonds
- Re: [DNSOP] Proposal for a new record type: SNI Phillip Hallam-Baker
- Re: [DNSOP] Proposal for a new record type: SNI John R Levine
- Re: [DNSOP] Proposal for a new record type: SNI Mark Andrews
- Re: [DNSOP] Proposal for a new record type: SNI Phillip Hallam-Baker
- Re: [DNSOP] Proposal for a new record type: SNI Mark Andrews