Re: [DNSOP] [Ext] Call for Adoption: draft-sah-resolver-information
"John Levine" <johnl@taugh.com> Tue, 06 August 2019 05:30 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC279120133 for <dnsop@ietfa.amsl.com>; Mon, 5 Aug 2019 22:30:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.799
X-Spam-Level:
X-Spam-Status: No, score=-1.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.201, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=X4ahXyHT; dkim=pass (1536-bit key) header.d=taugh.com header.b=d+xhT9Gk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0G-OVBZkbTls for <dnsop@ietfa.amsl.com>; Mon, 5 Aug 2019 22:30:36 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7671812012B for <dnsop@ietf.org>; Mon, 5 Aug 2019 22:30:36 -0700 (PDT)
Received: (qmail 18335 invoked from network); 6 Aug 2019 05:30:35 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=479d.5d49107b.k1908; i=printer-iecc.com@submit.iecc.com; bh=NF1J0ZLFGb8z74r661HWc4qUgh5ue4EY4cYBNBf/8PA=; b=X4ahXyHTHMreDc6QB7KkwQOSFoHfRoUlDc6x9riWhjdq1JukleDYFnpPwAvTU/G5Se9gZ8Kz6UKg2HCe47dnFeCW5l6qqqjODIQ9LxdEoB62Mdx7UgiPxGwC4dv6sBDa8vyocygr/i6Q9OGqz3rsU09HTbBW05cZ8enkR5yBdb9u7un1yiHMcEmNYHdmBCs2MEBOu+KT2011K5ncgkBKh2QCn74KpR4fPzvzTvRBYTFU7BDIbF3eqeG4zVvKw6iH
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=479d.5d49107b.k1908; olt=printer-iecc.com@submit.iecc.com; bh=NF1J0ZLFGb8z74r661HWc4qUgh5ue4EY4cYBNBf/8PA=; b=d+xhT9GkUP2rWS8ZsJoDnpK3h7tc91yTUY8/Nzw62uGotciRer4oVCH7zPjcR+dYwII6pqYc5g3clBfFJ/umKEre4ZoHSRlUkc3D52tFTR+fLWSYmwNWftpN0Yaxf1knmtf0J5qN/QlCrQq70F7ECySEeRNBA7rN3nXF53uhQ63TU0hot0fVSK3CF9hTDlWunNmc3udniZK7jSH56lAhZEySNPuYNz40reldlWd69Utw3L54qaXueCVm700EArGE
Received: from ary.qy ([64.246.232.221]) by imap.iecc.com ([64.57.183.75]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP; 06 Aug 2019 05:30:34 -0000
Received: by ary.qy (Postfix, from userid 501) id 692E17AD4E4; Tue, 6 Aug 2019 01:30:33 -0400 (EDT)
Date: Tue, 06 Aug 2019 01:30:33 -0400
Message-Id: <20190806053034.692E17AD4E4@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
Cc: bemasc@google.com
In-Reply-To: <CAHbrMsAodx8Q67_zWPDH6uH1Rdy9qbkLELoh0yWS4w1B0_Zjiw@mail.gmail.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/H0g3MM87Sn4ETu8APzccFiJsuJg>
Subject: Re: [DNSOP] [Ext] Call for Adoption: draft-sah-resolver-information
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 05:30:38 -0000
In article <CAHbrMsAodx8Q67_zWPDH6uH1Rdy9qbkLELoh0yWS4w1B0_Zjiw@mail.gmail.com> you write: >I support adoption, but I think we should consider a substantial >simplification of the design, focusing on a consensus core of basic >functionality. Agreed. While I understand the motivation for this draft, the more I look at it the less I understand the security model. Like Joe I don't understand the implications of the assumption that http and DNS servers on the IP address are under the same management, or will return consistent information. I also don't understand how this relates to DNSSEC, since the RESINFO results are likely to be synthesized in the cache and are unlikely to be signed. To some extent DoH and DoT can mitigate MITM attacks since their SSL certs may be able to tell you who you're talking to, but I don't understand the downgrade and other attacks against whatever security the certs provide. R's, John
- [DNSOP] Call for Adoption: draft-sah-resolver-inf… Tim Wicinski
- Re: [DNSOP] Call for Adoption: draft-sah-resolver… Martin Thomson
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Paul Hoffman
- Re: [DNSOP] Call for Adoption: draft-sah-resolver… Rob Sayre
- Re: [DNSOP] Call for Adoption: draft-sah-resolver… Paul Wouters
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Martin Thomson
- Re: [DNSOP] Call for Adoption: draft-sah-resolver… Ralf Weber
- Re: [DNSOP] Call for Adoption: draft-sah-resolver… tirumal reddy
- Re: [DNSOP] Call for Adoption: draft-sah-resolver… tirumal reddy
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Joe Abley
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Paul Hoffman
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Paul Ebersman
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Ben Schwartz
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Ralf Weber
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Brian Dickson
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… John Levine
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… tirumal reddy
- Re: [DNSOP] [Ext] Call for Adoption: draft-sah-re… Tim Wicinski