[DNSOP] Review of draft-ietf-dprive-dtls-and-tls-profiles-03
"Paul Hoffman" <paul.hoffman@vpnc.org> Sat, 23 July 2016 03:18 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66CB212D951 for <dnsop@ietfa.amsl.com>; Fri, 22 Jul 2016 20:18:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MqvcpFiOGd6Z for <dnsop@ietfa.amsl.com>; Fri, 22 Jul 2016 20:18:49 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14CEF12D74E for <dnsop@ietf.org>; Fri, 22 Jul 2016 20:18:49 -0700 (PDT)
Received: from [10.47.60.28] (142-254-101-201.dsl.dynamic.fusionbroadband.com [142.254.101.201]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id u6N3IkOe071327 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <dnsop@ietf.org>; Fri, 22 Jul 2016 20:18:48 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 142-254-101-201.dsl.dynamic.fusionbroadband.com [142.254.101.201] claimed to be [10.47.60.28]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: IETF DNSOP WG <dnsop@ietf.org>
Date: Fri, 22 Jul 2016 20:18:46 -0700
Message-ID: <26AB4E09-E95C-48EF-A1CD-ED70C38C7A04@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/xcE6gKsbkx4O9Z_3X-wGTQf8EOM>
Subject: [DNSOP] Review of draft-ietf-dprive-dtls-and-tls-profiles-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jul 2016 03:18:50 -0000
This document seems ready for WG Last Call. The comments I have hear can be dealt with before or during WG Last Call. --Paul Hoffman ===== The following text from section 4.2 still seems wrong: Since Strict Privacy provides the strongest privacy guarantees it is preferable to Opportunistic Privacy. Strict Privacy is only preferable to users who would rather have an unusable Internet connection: an Internet connection where every DNS lookup in every application fails. Currently, that size of that set of users is incredibly small, although it might grow over time. The sentence above could lead developers to implement Strict Privacy without also implementing Opportunistic Privacy to the detriment of the vast majority of current Internet users. Proposed replacement: Strict Privacy provides the strongest privacy guarantees and therefore should always be implemented along with Opportunistic Privacy. The negative implications of the two types of privacy are so radically different (a possibly-unusable Internet service for Strict Privacy; complete control of DNS responses for Opportunistic Privacy) that neither option can be considered a good default for all users. ===== I have a significant concern about the discussion of draft-ietf-dprive-dnsodtls, which is listed as an informational reference. That document seems to be stalled again, which is unfortunate. If, during IETF review, someone insists that the DTLS document is in fact a normative reference (which would make sense if that document were finished), draft-ietf-dprive-dtls-and-tls-profiles will be blocked from publication. Proposal: remove any mention of draft-ietf-dprive-dnsodtls from draft-ietf-dprive-dtls-and-tls-profiles. When (if?) draft-ietf-dprive-dnsodtls goes through WG Last Call, it can have a paragraph that says that the RFC that draft-ietf-dprive-dtls-and-tls-profiles has become applies to it.
- Re: [DNSOP] Review of draft-ietf-dprive-dtls-and-… Paul Hoffman
- Re: [DNSOP] Review of draft-ietf-dprive-dtls-and-… Stephane Bortzmeyer
- [DNSOP] Review of draft-ietf-dprive-dtls-and-tls-… Paul Hoffman