Re: [Doh] Authoritative DNS-over-TLS Operational Considerations

Ben Schwartz <bemasc@google.com> Thu, 11 July 2019 16:24 UTC

Return-Path: <bemasc@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1605A120271 for <doh@ietfa.amsl.com>; Thu, 11 Jul 2019 09:24:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.204
X-Spam-Level:
X-Spam-Status: No, score=-16.204 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v2NcRSsYi7FZ for <doh@ietfa.amsl.com>; Thu, 11 Jul 2019 09:24:32 -0700 (PDT)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 525AD120172 for <doh@ietf.org>; Thu, 11 Jul 2019 09:24:32 -0700 (PDT)
Received: by mail-io1-xd33.google.com with SMTP id u19so13787318ior.9 for <doh@ietf.org>; Thu, 11 Jul 2019 09:24:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4NSbDGImgHZfS47awkHo6ykfRNwtaWEgzxvtGOcmgaM=; b=VrQi0DhxdZns0nobBBZYzH/yTIsegWMOjPYXflAjmocEy9vKuGzr2W9Xq+5Z8JktAP SkNYucmK7awPs3yFWs0vWKx9/V/UwRgo+2u1rZNWQ6k5v3SA4mSQKJ/MSCt2V+gLZvPs bKtW1itsoxjYGFBKY3lFsYD6hOTMQczUP8qE6ArzPDiqvYjNyYp0bGCtnayDGvGK9Ea4 9l00241Z0RbEz3p/xCOOFz5xhvoPx735XIM4LO0qC2sNN7Bq6icv8DtYGoxQwvICejwG xk2S9KdjYHDwrd/IEhHPtAB7fgb/ShkNO/jtvhsBeTdut+h4NjSLQhHwF+NjHNcioHDI olDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4NSbDGImgHZfS47awkHo6ykfRNwtaWEgzxvtGOcmgaM=; b=dV9BR8n9msAHrIvh1i1y/KrQ4/39gp606Z5UOsKpHYx3t6b71c5at5haN/sqykDXpz r5kmLByrxZinD5zBzIQzrPoG8gBud3DFVydAFuq7IS7a7fJV/czOBk9i1ertUWKsjHdo 1ZvkwpTBERyPlSO+v58L9xxbMWKl7oleY5pl9YEHWBSRTxd7gCF2+8XK7sY3VYHXYSmX I0szaAZsKwQswwV+q0N/y13AMXW5jSWyewvicgn8LKSSiFewwu+cQ6vf7iVK+6Iv7m2z c8+6PQCtFFRbM7WCtrEcP30RdVNmb4PwYRFH6c4x+6Tz0/bcRyIJCWy24iSgmUI7QoPd vfrA==
X-Gm-Message-State: APjAAAX7mgzK+pN9HUHVeo+sEyrspZDI5Jwycrc2IcJ3xeOQ4Vz75qep MOrulAxdgESLaBv2CtCE520Omz2Ac9V6i6iXv/lEdQ==
X-Google-Smtp-Source: APXvYqzrQGjT7cL5A+3725k6SWE1KAm6QIdctjn+kk4HRmng6D178CiMSoDup7LPacaobRxirZJXd0Ecahn1Q+KPzu4=
X-Received: by 2002:a02:ca19:: with SMTP id i25mr5786029jak.6.1562862271389; Thu, 11 Jul 2019 09:24:31 -0700 (PDT)
MIME-Version: 1.0
References: <cff114f2d9cf4d46a4014c3a44d72060@ustx2ex-dag1mb3.msg.corp.akamai.com>
In-Reply-To: <cff114f2d9cf4d46a4014c3a44d72060@ustx2ex-dag1mb3.msg.corp.akamai.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 11 Jul 2019 12:24:19 -0400
Message-ID: <CAHbrMsA3gec1xt+9ZodmAoUVAX7GKPgVTx8bqaBFhcG+fJ3epg@mail.gmail.com>
To: "Hewitt, Rory" <rhewitt@akamai.com>
Cc: "doh@ietf.org" <doh@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000008b4b5a058d6a3a05"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/6kcKw5NFyhe2--tI3Q1YlfzBNdw>
Subject: Re: [Doh] Authoritative DNS-over-TLS Operational Considerations
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 16:24:34 -0000

The DOH charter says:

The primary focus of this working group is to develop a mechanism that
> provides confidentiality and connectivity between DNS clients (e.g.,
> operating
> system stub resolvers) and recursive resolvers.


Thus, while recursive->authoritative connections are not specifically
excluded from our discussion, they are not a "primary focus".

The DPRIVE working group is (re)chartered to improve privacy between
recursive and authoritative servers.  If you're interested in discussing
DoH in that context, I recommend starting in DPRIVE, and only moving to DOH
if there is positive interest and significant required work that is
specific to DoH.


On Thu, Jul 11, 2019 at 11:19 AM Hewitt, Rory <rhewitt@akamai.com>; wrote:

> Does the DoH WG have any input on whether 'we' should be looking into DoH
> for resolver->authority requests - similar to
> https://datatracker.ietf.org/doc/draft-hal-adot-operational-considerations/?
> Or does it not really apply, since we're only interested in
> client->resolver?
>
>
>
> Rory
>
>
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh
>