Re: [DNSOP] my dnse vision

"Hosnieh Rafiee" <ietf@rozanak.com> Thu, 06 March 2014 17:37 UTC

Return-Path: <ietf@rozanak.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27EC71A0051 for <dnsop@ietfa.amsl.com>; Thu, 6 Mar 2014 09:37:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id blki_pHQ_Ms9 for <dnsop@ietfa.amsl.com>; Thu, 6 Mar 2014 09:37:26 -0800 (PST)
Received: from mail.rozanak.com (mail.rozanak.com [IPv6:2a01:238:42ad:1500:aa19:4238:e48f:61cf]) by ietfa.amsl.com (Postfix) with ESMTP id 2638D1A014D for <DNSOP@ietf.org>; Thu, 6 Mar 2014 09:37:26 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by mail.rozanak.com (Postfix) with ESMTP id 905C623E2D59; Thu, 6 Mar 2014 17:37:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at rozanak.com
Received: from mail.rozanak.com ([127.0.0.1]) by localhost (mail.iknowlaws.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Y19IU1hYwwc; Thu, 6 Mar 2014 18:37:20 +0100 (CET)
Received: from kopoli (f052010124.adsl.alicedsl.de [78.52.10.124]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.rozanak.com (Postfix) with ESMTPSA id 6DD4623E2D58; Thu, 6 Mar 2014 18:37:20 +0100 (CET)
From: "Hosnieh Rafiee" <ietf@rozanak.com>
To: "'Evan Hunt'" <each@isc.org>
References: <201403051107.s25B7ext069332@givry.fdupont.fr> <02410136-DFE2-42C8-A91E-AA84641AFFCF@ogud.com> <20140305144213.GA19170@laperouse.bortzmeyer.org> <alpine.LSU.2.00.1403051637160.18502@hermes-1.csi.cam.ac.uk> <20140306145020.GA5976@laperouse.bortzmeyer.org> <20140306173132.GD22321@isc.org>
In-Reply-To: <20140306173132.GD22321@isc.org>
Date: Thu, 6 Mar 2014 18:37:17 +0100
Message-ID: <00c401cf3962$b8290cf0$287b26d0$@rozanak.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQJiS6q6T1tlkOYN1eNhaY5UvPV96AGdmQwGAyJUWeIBj2IX7AGSR5chAcOmy/uZYQPxgA==
Content-Language: en-us
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/k7MjdlrAj8D2acDa3l63hcIOzFE
Cc: DNSOP@ietf.org
Subject: Re: [DNSOP] my dnse vision
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Mar 2014 17:37:34 -0000

> -----Original Message-----
> From: DNSOP [mailto:dnsop-bounces@ietf.org] On Behalf Of Evan Hunt
> Sent: Thursday, March 06, 2014 6:32 PM
> To: Stephane Bortzmeyer
> Cc: Tony Finch; dnsop@ietf.org
> Subject: Re: [DNSOP] my dnse vision
> 
> On Thu, Mar 06, 2014 at 02:50:20PM +0000, Stephane Bortzmeyer wrote:
> > The only place where server authentication could be useful is between
> > a stub and the first resolver.
> 
> I think that's exactly the point that was under discussion, though:
> How can people who don't want their DNS traffic snooped and analyzed, but
> have decided for some reason to use 8.8.8.8 anyway, be sure they're
talking
> to the "real" 8.8.8.8? :)
> 
> --


This is actually addressed in CGA-TSIG draft (a secure authentication) and
also confidentiality