Re: [DNSOP] draft-hzhwm-start-tls-for-dns-00: Starting TLS over DNS
Paul Wouters <paul@nohats.ca> Sat, 15 February 2014 19:58 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E6C31A0306; Sat, 15 Feb 2014 11:58:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.548
X-Spam-Level:
X-Spam-Status: No, score=-2.548 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i8fW6AWf0jNz; Sat, 15 Feb 2014 11:58:04 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) by ietfa.amsl.com (Postfix) with ESMTP id 69E1B1A0303; Sat, 15 Feb 2014 11:58:03 -0800 (PST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id B3610800AA; Sat, 15 Feb 2014 14:57:59 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1392494279; bh=9mh2ZIZlShm8q0flcPX5viluoyb+uQ+lUmdJwUPgh38=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=ZDBTOqjfnDiaxP5yPt7SYd7kZo+bt9BIPTseBi7BD++Xhd8xc4xIYjoasivChPj2q R5aKS69Oj5kRyRD60l6PvnyW+XetZNaHwZEcy4RpVgQDVE//UuN7eWINAbEsx5QnNy SsauxGfThAWla0c3IrotnMgCSj+WgjvpbX7CwtfY=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.14.7/8.14.7/Submit) with ESMTP id s1FJvwd3021513; Sat, 15 Feb 2014 14:57:59 -0500
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Sat, 15 Feb 2014 14:57:58 -0500
From: Paul Wouters <paul@nohats.ca>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
In-Reply-To: <20140215140133.GA6990@sources.org>
Message-ID: <alpine.LFD.2.10.1402151449280.23619@bofh.nohats.ca>
References: <CAESS1RPh+UK+r=JzZ9nE_DUqcvNtZiS6TNt1CDN-C0uiU7HP=A@mail.gmail.com> <52FEF407.30405@redbarn.org> <20140215140133.GA6990@sources.org>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/z0dIP-wrshjvrzrgafuN5BSvBz4
Cc: dnsop@ietf.org, Paul Vixie <paul@redbarn.org>, perpass@ietf.org, Zi Hu <zihu@usc.edu>
Subject: Re: [DNSOP] draft-hzhwm-start-tls-for-dns-00: Starting TLS over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Feb 2014 19:58:08 -0000
On Sat, 15 Feb 2014, Stephane Bortzmeyer wrote: (D)TLS for DNS makes a lot of sense to me. > I fully agree. But do note we did not discuss yet the alternatives > (draft-wijngaards-dnsop-confidentialdns, DNScrypt or simply > IPsec). The BoF "DNS encryption" in London seems a good start "simply IPsec"? bootstrapping DNS from IPsec which relies on DNS is not trivial (and the versign proposal seems to only deal with nameservers with access to their reverse dns, which excludes the DNS servers that really need the protection, those supplied by DHCP in coffeeshops, and completely lacks understanding of IPsec realities such as NAT-T) > <http://trac.tools.ietf.org/bof/trac/wiki/WikiStart> and > <https://datatracker.ietf.org/wg/dnse/charter/>. > >> i recommend it be adopted by the working group, > > DNSOP? Some people say it is outside the charter since it is a > modification of the protocol. I myself are not favorable to an > ultra-strict interpretation of the charter so I'll hummmmmm with you. At ietf87 it was planned to have a discussion at dnsop about this continued problem of drafts that fall between operations and extensions and the fact that dnsext closed down. Nothing happened at ietf87 or ietf88. I hope to see this as agenda item for dnsop this meeting. We need a WG to discuss DNS innovation. Paul
- [DNSOP] draft-hzhwm-start-tls-for-dns-00: Startin… Zi Hu
- Re: [DNSOP] draft-hzhwm-start-tls-for-dns-00: Sta… Paul Vixie
- Re: [DNSOP] draft-hzhwm-start-tls-for-dns-00: Sta… Stephane Bortzmeyer
- Re: [DNSOP] draft-hzhwm-start-tls-for-dns-00: Sta… Tony Finch
- Re: [DNSOP] draft-hzhwm-start-tls-for-dns-00: Sta… Stephane Bortzmeyer
- Re: [DNSOP] [perpass] draft-hzhwm-start-tls-for-d… Stephane Bortzmeyer
- Re: [DNSOP] draft-hzhwm-start-tls-for-dns-00: Sta… Tony Finch
- Re: [DNSOP] [perpass] draft-hzhwm-start-tls-for-d… Paul Vixie
- Re: [DNSOP] draft-hzhwm-start-tls-for-dns-00: Sta… Paul Wouters
- [DNSOP] meta issue: WG to discuss DNS innovation … David Conrad
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Patrik Fältström
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Dave Crocker
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Patrik Fältström
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Paul Hoffman
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Christian Grothoff
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Dave Crocker
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Patrik Fältström
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Patrik Fältström
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Joe Abley
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Paul Vixie
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Paul Wouters
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Tim Wicinski
- Re: [DNSOP] [perpass] draft-hzhwm-start-tls-for-d… Watson Ladd
- Re: [DNSOP] [perpass] draft-hzhwm-start-tls-for-d… Paul Hoffman
- Re: [DNSOP] [perpass] draft-hzhwm-start-tls-for-d… Paul Hoffman
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… John Levine
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Jay Daley
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Ted Lemon
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Andrew Sullivan
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… joel jaeggli
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Joe Abley
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Ted Lemon
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… David Conrad
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Ted Lemon
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Paul Hoffman
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Ted Lemon
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Andrew Sullivan
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… David Conrad
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Suzanne Woolf
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Tim Wicinski
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Olafur Gudmundsson
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Ted Lemon
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Ted Lemon
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… SM
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Suzanne Woolf
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… SM
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Ted Lemon
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Joe Abley
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Mark Andrews
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Patrik Fältström
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Mark Delany
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Mark Andrews
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Mark Delany
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… George Michaelson
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… Mark Andrews
- Re: [DNSOP] meta issue: WG to discuss DNS innovat… SM