[DNSOP] Re: draft-hinden-v6ops-dns

Shane Kerr <shane@time-travellers.org> Thu, 20 June 2024 07:21 UTC

Return-Path: <shane@time-travellers.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6CD7C1519A2 for <dnsop@ietfa.amsl.com>; Thu, 20 Jun 2024 00:21:18 -0700 (PDT)
X-Quarantine-ID: <MnA6Zk5FaLKQ>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Improper folded header field made up entirely of whitespace (char 20 hex): X-Spam-Report: ...T_ADDRESS@@ for details. Content previ[...]
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MnA6Zk5FaLKQ for <dnsop@ietfa.amsl.com>; Thu, 20 Jun 2024 00:21:17 -0700 (PDT)
Received: from saturn.zonnestelsel.tk (2a02-a44f-3999-1-201-2eff-fe78-8b0.fixed6.kpn.net [IPv6:2a02:a44f:3999:1:201:2eff:fe78:8b0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE049C14CE22 for <dnsop@ietf.org>; Thu, 20 Jun 2024 00:21:15 -0700 (PDT)
Received: from earth.fritz.box ([2a02:a44f:3999:1:2785:3678:3ff5:a33b]) by saturn.zonnestelsel.tk with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <shane@time-travellers.org>) id 1sKC6Y-002Np1-2r for dnsop@ietf.org; Thu, 20 Jun 2024 07:21:12 +0000
Message-ID: <83d4190f-61ee-46a6-8efe-aed9ef2a71d3@time-travellers.org>
Date: Thu, 20 Jun 2024 09:21:09 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: dnsop@ietf.org
References: <CADyWQ+EZuwj_YeddGbF=_+FU3Zu9T+n_2a2t1qit62mSsJaiUQ@mail.gmail.com> <m18qz1jqrj.fsf@narrans.de> <5d188534-b428-3093-7a06-8d7cfa32339d@redbarn.org> <CADyWQ+GfY05m2ZU_mvdq1hNFamDX57RG74_2aHyv_KoY9McrQg@mail.gmail.com> <95d1f9f6-1d8a-35de-e345-1b86f4c6f43c@nohats.ca>
Content-Language: en-US
From: Shane Kerr <shane@time-travellers.org>
Autocrypt: addr=shane@time-travellers.org; keydata= xsFNBFgDj8oBEACUm+ujzTIUk8+EdWGSymrZ0xJdINhXX2mMTxeSdND4Z0C/LjhUB5qcqlPS V5UnRjVRTFVaKFYc7uRCHbVrgglsSuAaAtfXh6OMCLX6+jJ+uIm8YBLWZkfPh7yqlGckqM7B /VU9Km0D9zYncIcp9u65bH4Yi6pm32hVKNwMVOvqUHcAPZwjvYpw7exthc8bDeW4jdqHZgFf CzFobD+FwzHCMLh7Tw6nPFMC473oj9G3+ufTW9uce8jb9SN+lDbOwA0PnYjvpe6CDeBO4OYx MVJo8YUA2YMIlf4kBnG2ETodnpWLI8ofi2KiXgnWi2p4nrNa+vchbuNtT8RwOf1AhPC3ejgP WMgdAevFp6R+XGS7oXzdFcaYuJAjzhyrwk5XnX7Un9+xZpR1FG6UNSM0FHXdih3tcaIqZmNC milRl2fQhFcPxZ9b2FBUGZqW0u74e5HaG5zt69x0edp3FT1904h7aC+AxzJHo4/pRFvyBL9g 4AfntkHZ1HpIj40ntf2t/WitBMHM9WpoZf1VW+y+2zv6OScZYd8DWSMe+8rOMMdFrS0atI63 LkjQWAm4hhGvMaO+uHdqQUqpAata2GjBChPo9GZxRuGZ26aUiVEECSR9MHcwJBaTkRoqkkza 4z3EzXb3h3JOK2+ixM8ew0NVbCSwEl8f+fVswpcERORgkBfG5QARAQABzSZTaGFuZSBLZXJy IDxzaGFuZUB0aW1lLXRyYXZlbGxlcnMub3JnPsLBfQQTAQgAJwIbAwULCQgHAgYVCAkKCwIE FgIDAQIeAQIXgAUCWAOZQgUJEswMeAAKCRA3Mpec+WezBpysD/929BehaVaxh2pZN5YR4e9n VmCtXqENDfJD7wYYoFmp8ovmW9TB9RoZhwcMVgImIYZBnr/W9v7bIzY3yLF75TTI235Pvwi+ QFeouU2G7/SB4pDFN0EkCC7EmnLpqMxavKhOJ/TMS5+/hXFAEE1dzqahaId377QliAoR6fGa a3YPKfW3h0zfCLRMg58yJfT/FAbWg7/G0x88Lw3JN2bN23lL++i4qOS4W99uEMet4yIcmA7j h+v0N8MPaZRP6IYt7YhZY+ll52yUWa8HR7ywNVrA5yca23YRzz+Znk8qiA/L7FWZ1+rsm056 HRV5XVvc86T9t1YW2tHT2YwUG/9ZITc9RnmbjnmxeOu2ce6i1V4abaBYZjCUJ46Ujh/Tqsy9 diUM59vcoN5zfG80MsjB+KzBC+uT2x28pKaDU9stIBu0ILT4T/dEkZ1iT4l44a657rY3a44S 6/s3raOm8BypKFlE1rMtZVybAsaSdZ/jL3Dnl2V20hHqhg4oimnBcvUmMp34P/tq+UCE9yO1 8nVTPtQG4SGZpRObGq0e0LjbCt7dC81YCZR7OdZTXPW9MDQ6RMxsArFYdCwZX6uW3YvWVZLI AzCdobqiKakFgojsGLqxgjxlXQ0zqWTVmMc07f1uT3wLoxAPKNgTic5sVzSvins+hDS16Fg9 F2+ZcPGHwgbetc7BTQRYA5d6ARAArj8za6APGlD9gCskzjZ+RsEK+e8Y7UL62yeZFn+QAFtD 7ByMRWBjdchvyMc1pqXh/44hYQ91gor63qTymK/qDHPmXpSOCsgfnqzjSqk5AUW85VVvX8bv fywfNvo1j1xUSu9YylTe8BC9Dla541KFCVi97HcCzPNqjMLTDUfFfOVF2ysUXDixRUNisjC6 zv1yjhgn415+t9HX0NE6DvAFu7MF9Z1SNWGLo+AOKdGIiXbMA1V301mxssJwXTvZ6Q4KGmGS achJEF29t1S8LPtJWgkTd2r8cJtZ3MI4E8/MixHY/plXU/4V4Tt8dUnPjcpQW5iqyx1EHahM 49/rl8EcRHSVLs10kIYK3HGtVJ/sOJq3BFn1D4GFCPmcDtgEkpGcESaK4EUWpKztMrGjYOjH 5t998xq4HedYzNwFNTJX4LwlFY0PoBW69elox6LqjEY6Z+vCb/HvToDWBSYnKkqp/tLH8eKu qNoicspCF9NQQEqYMt0im2PNbIorSnxPKJH/kqS8Bbva78i9kk8cwq6EUP/YmCl70sonlbjV 3l7troNMMLSRXU4690zLDoUV/m68GGzq9SrZCDH3bC6AqxrED/HWJLmbD+ldjpzsYNAFasVz Yo/qV4AQIucEmZJfZSErB/4gSCV1SEMWFCbZxAp9phhNVdiV+Ijcj7BPIoyX76cAEQEAAcLB ZQQYAQgADwUCWAOXegIbDAUJEswDAAAKCRA3Mpec+WezBnqVD/0XqTpMYnCGwBJwjq5q98sh ug+qfoW+zrwih9CfSzX9TRbS3GSuvm7Cydrt34oJOIdlrmGEXAHcm4xGHgSl8Cf1qkTfsjvb AL1xI2RnYAK3uomdyUbbe5SC4M5zY45RZRTxXzEeDTjOkGZaa77dYXQJPqGNlsKZ66Hy6zg6 XFwgkfwALN+xYRZaJPBquuSTbUnK7ikGZES+FNZeSVgJzf6A9HOCwouWFuIj/BOLDm1yagWs uJo3ZHVWXSKLeMpYLD2Vtz1UVHiHhL6DsHUX6hcFVthqKuZDYHxcWQER4Fevkf62KYcl2DCj TyfV+jLk/kBudDk6sWRGFv0QBPQJ/3j/xtIJIjTqbrtq/3Wdm/EhlLNm0/D1WGDOexlazc2N NA5DgoYKyQU1pOBrZGurJZWZFnwJH7Zzw6QuqM9GxDBPhQyJ31o2SX/Z6o7Hwj1uCrovtZp5 GnTX130ShUbmTwT9V50T4DuNuJQuTdRe401A/49yxCaTxFuIbbEX4Mwe01yP1Fii5CUSzAV8 HDsxmaSigT/9UuzF73lRzKy9GKXhFoxvdGILaXlQU/QBQ9U/KOD0Pov4U/AbWwCSlI2YTPet px9LJxBw14phZufEmORKcYprsh2zL0Wh5J5NUaxXlnTOm2liGJgjbG/QOE+JzwzhhA76U/DF bwpJ36QB2uM2Hw==
In-Reply-To: <95d1f9f6-1d8a-35de-e345-1b86f4c6f43c@nohats.ca>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------lhIhXPg9KQFUShkZ096FeRCE"
X-Spam-Score-Int: -28
X-Spam-Bar: --
Message-ID-Hash: ARQ7HKCFGIVCNMS5MUB62IEPSK73S2EZ
X-Message-ID-Hash: ARQ7HKCFGIVCNMS5MUB62IEPSK73S2EZ
X-MailFrom: shane@time-travellers.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: draft-hinden-v6ops-dns
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/t4hYGkSHwDFqPR8vruEKvmCrJPc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Paul,

On 20/06/2024 03.31, Paul Wouters wrote:
> On Wed, 19 Jun 2024, Tim Wicinski wrote:
> 
>> On Wed, Jun 19, 2024 at 2:49 PM Paul Vixie 
>> <paul=40redbarn.org@dmarc.ietf.org> wrote:
>>       This document makes the argument that because of how things work 
>> at the
>>       moment, we should limit our aspirations.
>>
>>       I completely disagree.
>>
>> I agree with Paul.  We deserve nice things - we may not be there 
>> today, but we should strive to get there.
>>
>> tim
> 
>> (with no hats)
> 
> Also with no hats, I agree with Tim and PaulV. Additionally, I find the
> handwaving of "use QUIC" very dangerous. QUIC means TLS which means you
> need a working DNS, so you can't always do DNS over QUIC until you have
> a working DNS connection.

As a DNS weenie I find the relationship between TLS and DNS to be 
unclear and confusing.

I guess you are talking about the names embedded in the X.509 
certificates when you say that TLS means you need a working DNS? Is this 
something that is strictly true, or only practically? And in either 
case, how?

Certainly there are circular referencing issues here, which I think 
we're going to run into full-force in the DELEG work, as one goal of 
DELEG is to allow domains to bootstrap recursive-to-authoritative 
queries over TLS.

I'm happy to do homework here, if you or anyone else has good references 
to a document or something else describing how DNS and TLS interact.

Cheers,

--
Shane