Re: [DNSOP] some random dnse-triggered thoughts
Stephane Bortzmeyer <bortzmeyer@nic.fr> Wed, 05 March 2014 14:14 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B58D41A0450 for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 06:14:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XIXdQUGAorXw for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 06:14:38 -0800 (PST)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fece:1902]) by ietfa.amsl.com (Postfix) with ESMTP id DE02E1A0462 for <dnsop@ietf.org>; Wed, 5 Mar 2014 06:14:35 -0800 (PST)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 827463BD29; Wed, 5 Mar 2014 14:14:30 +0000 (UTC)
Received: by tyrion (Postfix, from userid 1000) id CB829F00AF7; Wed, 5 Mar 2014 15:12:35 +0100 (CET)
Date: Wed, 05 Mar 2014 14:12:35 +0000
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Joe Abley <jabley@hopcount.ca>
Message-ID: <20140305141235.GA17117@laperouse.bortzmeyer.org>
References: <B63680DF-C56B-4AEB-9F76-A01FA2625D32@hopcount.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <B63680DF-C56B-4AEB-9F76-A01FA2625D32@hopcount.ca>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 13.10 (saucy)
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/aCSeHDYv4yZOoFA90KsxwUgSt4w
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Subject: Re: [DNSOP] some random dnse-triggered thoughts
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 14:14:40 -0000
On Tue, Mar 04, 2014 at 06:15:37PM +0000, Joe Abley <jabley@hopcount.ca> wrote a message of 34 lines which said: > EDNS0 options are hop-by-hop. It's not obvious this is what we need, > since that makes every intermediate DNS server a potential > interception point. But perhaps that's ok anyway, if we imagine the > 80% solution involves stub -> resolver -> authority where each arrow > is a separate privacy domain anyway. More generally, we need to decide whether we want a truly end-to-end solution (which would be very much at odds with the architecture of the DNS) or if we are happy to protect only the messages in transit, leaving the issues of syping by intermediate servers to other solutions (QNAME minimization, local caching resolvers...).
- [DNSOP] some random dnse-triggered thoughts Joe Abley
- Re: [DNSOP] some random dnse-triggered thoughts Stephane Bortzmeyer
- Re: [DNSOP] some random dnse-triggered thoughts João Damas
- Re: [DNSOP] some random dnse-triggered thoughts Jelte Jansen
- Re: [DNSOP] some random dnse-triggered thoughts Tim Wicinski