[Doh] Clarification re: "Opportunistic DNS"
Dave Lawrence <tale@dd.org> Wed, 28 March 2018 18:42 UTC
Return-Path: <tale@dd.org>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EAA81271DF for <doh@ietfa.amsl.com>; Wed, 28 Mar 2018 11:42:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x4AiHKaE-Mql for <doh@ietfa.amsl.com>; Wed, 28 Mar 2018 11:42:27 -0700 (PDT)
Received: from gro.dd.org (gro.dd.org [207.136.192.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8B311201F2 for <doh@ietf.org>; Wed, 28 Mar 2018 11:42:26 -0700 (PDT)
Received: by gro.dd.org (Postfix, from userid 102) id 41DB23A2BC; Wed, 28 Mar 2018 14:42:24 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <23227.57872.252828.797452@gro.dd.org>
Date: Wed, 28 Mar 2018 14:42:24 -0400
From: Dave Lawrence <tale@dd.org>
To: doh@ietf.org
In-Reply-To: <1a24d4e7-5465-975b-e3c6-3752fb57c779@nostrum.com>
References: <1a24d4e7-5465-975b-e3c6-3752fb57c779@nostrum.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/BGsg6Bhduw7jgUzGtlVzG9TbLTk>
Subject: [Doh] Clarification re: "Opportunistic DNS"
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2018 18:42:29 -0000
Adam Roach writes: > If the DNS experts on this list could expand on the concerns about > poisoning in the context of DNSSEC, it would be greatly appreciated. > Feel free to reply directly to me, or on-list. Honestly, I'm curious what the rationale *in the context of DNSSEC* is as well, since from my point of view, what DNSSEC is giving you is an indication that the records from the authority are authentic no matter which way you got them, whether through your own iteration or on a sheet of paper that that the RFC 2549 pigeon brought you. The Chain Query extension works under the very same principle: you configure a trust anchor as the starting point, and are provided all of the necessary chain-of-trust records necessary to validate the final answer -- records which almost certainly all came from different administrative authorities.
- [Doh] Clarification re: "Opportunistic DNS" Adam Roach
- Re: [Doh] Clarification re: "Opportunistic DNS" Ben Schwartz
- [Doh] Clarification re: "Opportunistic DNS" Dave Lawrence