[DNSOP] DNS Resolver Identification and Use (DRIU) BoF.
Warren Kumari <warren@kumari.net> Mon, 07 May 2018 21:37 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6928F12D7EC for <dnsop@ietfa.amsl.com>; Mon, 7 May 2018 14:37:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OkyVQh9dICvm for <dnsop@ietfa.amsl.com>; Mon, 7 May 2018 14:37:06 -0700 (PDT)
Received: from mail-wr0-x231.google.com (mail-wr0-x231.google.com [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE892124234 for <dnsop@ietf.org>; Mon, 7 May 2018 14:37:05 -0700 (PDT)
Received: by mail-wr0-x231.google.com with SMTP id v60-v6so30184356wrc.7 for <dnsop@ietf.org>; Mon, 07 May 2018 14:37:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=jbvrcyVDsrXEj7wvMZGwoiC3z2RDZR2IRt7xN4khNzU=; b=IUdmUbCGvU+HvxTi9sK8vl6nsa5q3FD2gjd55FBWwOqMtZlD+SQKeHh9i0jI/W2cdd 3rfxgc56qX8ZNzjz2P1q8NayigdWoWU6vFbly6VNsq/ol/5CGyYCe5EIQ+HJ4G/Z2VVi TZmC3+/kVN/0O2dZObSwbFAfYjjc5LxQfgo7781bi+ngT5K66r3CJwkGYHGXGTYIWpqs 9Br8K3VXDPxFvlJv9SKutkhaKnhDYi4h19pZT8dFCWr/V/vp7MDdUifPxRWWFGP2zNTn qhMXIWMso6npdhixupk91sDxT7FBZlUOb0SWENvKFpysh63tCm2dj5dwelIqZei/cezH R5xQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=jbvrcyVDsrXEj7wvMZGwoiC3z2RDZR2IRt7xN4khNzU=; b=NKTcN70IVfFpCfkdCzkWgCLnAMKPQPs9kJuS3DVgZ+8du+OVFYpItjEBBytvM5ZQ6X dPi0O3NOqh6TBrPqKKEcdGoGCttJ8uKGlPF6gIB5vqn9MVZIz19e2LMtPbB2mASB1ycE bkdnbbFIf/pSQDeuq+kaaduscsyJUA2OJz7sspcuPAuehcGBxcXe18rycIKOqT1PzB4p lr9hb7HCMShZGiu5lSyy+4heoJlspUBGt4E8b707qjDUa6dSNFNm+LcK9vgNkuTuiPcs KBfZeulHgdVNZ5mt+8TEnHYEgglUwmLzYVm+RzkjfWgjlfld+JIRfGdJbqS8bJ7sH068 d/fw==
X-Gm-Message-State: ALQs6tD6HNnsO8P+liinhGWz3GwI/FvZJLyKTJz2Z/M6MjpeTkhUBE3b LIgQnOowWr3COoFlDiqgZlE/PLofmlFAkHrf0aX4iFwvtYY=
X-Google-Smtp-Source: AB8JxZof90myfHIBJlPPQBb+uhUP30fEpgndFJMlFfWlPpWVr/EB4PwHkRBpoKZ6f5jFsBHlFSQxJDtM7E6+SnioLOY=
X-Received: by 2002:adf:bbce:: with SMTP id z14-v6mr32485869wrg.183.1525729023922; Mon, 07 May 2018 14:37:03 -0700 (PDT)
MIME-Version: 1.0
From: Warren Kumari <warren@kumari.net>
Date: Mon, 07 May 2018 21:36:28 +0000
Message-ID: <CAHw9_i+hwcg6PSWwsH4V_uW8rew4LMzAe1fj9g_sAMvMSnxFkw@mail.gmail.com>
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/oBjSMYjlLa4s6ECgx961TSQxkDw>
X-Mailman-Approved-At: Mon, 07 May 2018 14:39:25 -0700
Subject: [DNSOP] DNS Resolver Identification and Use (DRIU) BoF.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 May 2018 21:37:08 -0000
[ BCCed to DNSOP, DOH, DPRIVE (to stop cross-posting issues) ] Hi all, I wanted to mention a proposed (non-WG forming) BoF -- DNS Resolver Identification and Use (DRIU). The description is below, and the mailing list is: https://www.ietf.org/mailman/listinfo/driu I think that this will be of interest to many... -------- The IETF has added additional methods for DNS stub resolvers to get to recursive resolvers (notably DNS-over-TLS, RFC 7858), and is about to add another (DNS-over-HTTPS, from the DOH Working Group). As these have been developed, questions have been raised about how to identify these resolvers from protocols such as DHCP and DHCPv6, what the security properties these transports have in various configurations (such as between strict security and opportunistic security), and what it means for a user who has multiple resolvers configured when the elements of the configured set have different transports and security properties. This BoF is not intended to form a Working Group. Instead, it is meant to bring together authors of various WG and individual drafts to prevent overlap and to garner interest in particular topics. Because many people are thinking of writing documents covering various related topics, it would be good to have a mailing list and a BoF to help cross-pollinate the ideas. Some of the topics that would be on-topic would be: * How to identify DNS-over-different-transport in protocols such as DHCP, and in user-accessible configuration * Security properties of the various flavors of transport-secured DNS * TLS authentication when the identifier is an IP address (which is most common for identifying DNS resolvers) * How resolvers can express their capabilities to clients who might care (such as "this resolver does DNSSEC validation" or "this resolver passes client subnet information to authoritative servers") * Identifying a resolver in the "dns:" URI scheme in RFC 4501. A related question is whether there should be a "dnss:" URI scheme whose semantics mean "Look up this name, but only use a secure DNS server", where "secure" would need to be defined. * There are likely additional related topics that the BoF and mailing list might delve into. ----- W -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [DNSOP] DNS Resolver Identification and Use (DRIU… Warren Kumari