Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator
Ted Hardie <ted.ietf@gmail.com> Tue, 12 March 2019 20:52 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11998131192; Tue, 12 Mar 2019 13:52:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0qiFDUoodKTX; Tue, 12 Mar 2019 13:52:55 -0700 (PDT)
Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 250BE13119D; Tue, 12 Mar 2019 13:52:55 -0700 (PDT)
Received: by mail-io1-xd2b.google.com with SMTP id f6so3384156iop.3; Tue, 12 Mar 2019 13:52:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8uH74dwKq3luot1c08dsoo/wGRBhptHqxMOb9b3SuKE=; b=OmAbfMAa9zbJNy3DeFuHzcxkuNhJy6I5qPGoarOrfYaJ+7nA5Ierb5wSW5Q8+zdJSM zJ8AWSjZ//tvOOjbXDiAOERatxdKz1fhDqoNWmfsGS94RZrvSqheogyyz3T1VLGqQfXY hcpXDEPFUGdm/vxH8mRQOfm7OW9V2ksyb2A6kiFHw3iOrHO+b0EWaS9QoNAn/8wjzwu4 u7FtUueSbouvuaveEXBOXGhXMb9XAf5B4Sjx+LPzzNuqdQosBr45Mo9aXmSLM98TmogX 63DsV5WHYqyLiZX6oH0SaPHSSo2UlHaVpdH5WwFTZEssj0WMG0+wh9KnphMcn7KdNnZc ZM6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8uH74dwKq3luot1c08dsoo/wGRBhptHqxMOb9b3SuKE=; b=bFSdZtuxTdUTXUH2eWkvyUA502pr/eLhrDSHtgkkIehKwpno6Y5gHnN7A59t5tPgpF Vgp0H2vkaCUfqBrWHZdXEitoplQyS/vOxm/EqZ2X7tqHhhQEIncAxgZ06AG9WC6487WH C6F4XlWBjruuzOse/HjPS5thIeOaqZwMNA3bIz7Jzd93fLJy0CaEDuxDLrIci5qVLUUD n96jH7hsEEItgU1IQzljeU80Mf9icKNC3P3KC8qYKHnLUsavtf4/iob416MebitDDpsY njDkp4ZBpFPmpPCwgsC6v3QscjRp1a4zvebJ2DktrvDMlyLzqQL7rVwNBi0ld1ArL1Hf zGfw==
X-Gm-Message-State: APjAAAW1CBpsSggOiOeq5ohQIZ82c5dzYiSWaOCkFo0h1xAQFWDdwQwZ kDA75PdrcKpDjCNs9reBlJJTwhvTfqKhlVATO3hrHMhxcOk=
X-Google-Smtp-Source: APXvYqxiEN5URCVuSS+o06pI5ACDA2kRcNCONQiH84ArfOGikirQt2ULduEkKhwm3ozuvK6Z2yKI6aitkewJ0BD3l3I=
X-Received: by 2002:a6b:abc2:: with SMTP id u185mr22429856ioe.145.1552423974167; Tue, 12 Mar 2019 13:52:54 -0700 (PDT)
MIME-Version: 1.0
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <3457266.o2ixm6i3xM@linux-9daj> <CA+9kkMDkKQtBDrXx9h8331_6zDtcChUTfqFe0W3JByxyB=4xLw@mail.gmail.com> <1914607.BasjITR8KA@linux-9daj>
In-Reply-To: <1914607.BasjITR8KA@linux-9daj>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Tue, 12 Mar 2019 13:52:27 -0700
Message-ID: <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: dnsop <dnsop@ietf.org>, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008568b90583ebdfdb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/wjAJrnlqJKPkWPU7Ob5VvnQd2hU>
Subject: Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2019 20:53:03 -0000
Paul, Since it is apparent our disagreement is at a more fundamental level, I will make only two further comments. The first is that you recently chided someone for using the word "rant", saying that it would "diminish and disrespect" someone's words. In the note below you use terms like "warfare" to characterize the work of the authors; that is both inflammatory and disrespectful. The authors worked on a chartered working group item throughout the IETF process. You disagree with the security trade-offs made in the chartering and execution of that work, and discussion of that disagreement will hopefully be fruitful. But if you want their respect of your opinion, according them the respect due theirs will go a long way; they did not make these choices arbitrarily. My second comment is to point out that the IETF has been heading this way for about five years now. The IAB formalized its early support of this approach in November of 2014 with this text: The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic. We believe that each of these changes will help restore the trust users must have in the Internet. We acknowledge that this will take time and trouble, though we believe recent successes in content delivery networks, messaging, and Internet application deployments demonstrate the feasibility of this migration. We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. For many of these activities there are no solutions yet, but the IAB will work with those affected to foster development of new approaches for these activities which allow us to move to an Internet where traffic is confidential by default. By that point, the IETF working groups were already in formation. Moving the DNS toward encryption has been going on since DPRIVE and has been accompanied by the rise of transports like QUIC which are encrypted by default. You have been working around that, rather than developing new practices. I invite you instead to consider how you can accomplish what you need to in an Internet where all traffic is confidential. Enterprises are currently doing that via managed software and environments, and that approach seems to be well in-line with your practices below. Using resolution systems for this will not accomplish what you need now, nor will it do so going forward; it is time for a different approach, rather than seeking to return to cleartext. The situation that moved this community to that stance was well-laid out in IETF 88. We must acknowledge that not all devices which are on-path are controlled by entities known to the user or network operator and not all of them are acting in the interests of those parties. Protecting against that threat requires us to change our ways. Please help, rather than working around the effort. regards, Ted Hardie (wearing no hats) On Tue, Mar 12, 2019 at 1:22 PM Paul Vixie <paul@redbarn.org> wrote: > On Tuesday, 12 March 2019 19:15:16 UTC Ted Hardie wrote: > > ... > > > that's precisely the goal, because very few network operators can > > > preordain the users and apps that will connect through their networks. > > > > I do not believe this goal is met by what you describe, since an > > application can use a proprietary resolution service in its flows. > > rogue flows have their own accounting. my problem isn't with one-off's, > because traditional security is anomaly-based. DoH, by folding control > plane > data into previously non-anomalous flows, presents a new problem. if CF > and G > and IBM and Cisco decide to offer DoH on the same IP address that they > offer > API's and services i actually do need or want to permit, i'm going to have > to > increase my investment. > > this equation, where something is created which is a danger to me, which > blends in with the crowd of things that are not dangerous to me, is the > method > by which DoH achieves its stated aim, "prevent on-path interference in DNS > operations." all war is economics. they are increasing my costs, > deliberately. > > i am on-path and i intend to interfere. at whatever cost that may be. i > also > reserve the right to re-externalize some or all of those new imposed costs. > > > Imagine for a moment an application on a smart TV that wants to provide > > content from the closest server which contains that content. ... > Blocking > > destinations for which you have seen no resolution events will work for a > > subset of these cases, but it won't work when the resolution points to a > > common CDN destination. That approach will, of course, also have a wide > > variety of failure modes when the resolution event data is incomplete for > > timing or other reasons; it will also block all of the flows which MUD > > would handle. > > generally speaking, security policies break down into two categories. > allow > all except some, or deny all except some. which one an operator chooses > will > depend on their goals, budgets, and in particular, the cost of anomaly > detection. it's the change in cost of anomaly detection, deliberately > intended > by the authors of RFC 8484, which is at the root of some very expensive > policy > choices that the rest of us must now make. > > your smart-tv example is not involved in that causalality path. noting > also, i > have a TV which offers the kind of feature you describe, but only if i > accept > its software license. (something to do with GDPR, i suspect.) so i did not > accept that license, and as a result, i have a disconnected device whose > flaws, both now known and not yet known, will pose no threats here. my TV, > my > rules. > > > > to the extent that monitoring ('dnstap') and controlling (DNS RPZ) dns > > > lookups by connected users and apps is considered a vital local > security > > > policy, attempts at such "pass through" must be made to fail. > > > Those are security mechanisms, rather than policy, and it may be worth > > teasing apart what the actual desired security policy is. You may find > > that it is more easily implemented at the routing layer than the > resolution > > system in the light of proprietary resolution systems and DoH. > > to be clear, the policy is, "allow all, except some". i implement as much > of > this policy as possible at the routing layer, and i do my research on > proprietary resolution systems to decide whether i can tolerate the risks > of > devices which use such things. (so, no nest thermostats here, the TV's are > not > smart, and the apple home pods are in their not-logged-in state.) > > it is the standards nature of DoH that amplifies its imposed costs. i > could > simply outlaw by IP or port# a proprietary or otherwise bespoke protocol. > (working out with my kids what online games require what permissions, has > been > burdensome on both me and them.) DoH, by _intending to bypass_ network > operator policy DNS, and my seamlessly hiding in the crowd of TCP/443 > transactions now made indiscernible by TLS 1.3 and ESNI, is an act of > economic warfare against all RDNS control plane owners. (deliberately.) > > vixie > > >
- [Doh] New I-D: draft-reid-doh-operator Jim Reid
- Re: [Doh] New I-D: draft-reid-doh-operator Warren Kumari
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
- Re: [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
- Re: [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
- Re: [Doh] New I-D: draft-reid-doh-operator Jim Reid
- Re: [Doh] New I-D: draft-reid-doh-operator Ask Bjørn Hansen
- Re: [Doh] New I-D: draft-reid-doh-operator Livingood, Jason
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Vittorio Bertola
- Re: [Doh] New I-D: draft-reid-doh-operator Warren Kumari
- Re: [Doh] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] New I-D: draft-reid-doh-operator Jim Reid
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- [Doh] GDPR and IETF protocols (Was: New I-D: draf… Stephane Bortzmeyer
- Re: [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
- Re: [Doh] GDPR and IETF protocols Jim Reid
- Re: [Doh] New I-D: draft-reid-doh-operator Livingood, Jason
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Michael Sinatra
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Raymond Burkholder
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Raymond Burkholder
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Winfield, Alister
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Vittorio Bertola
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Brian Dickson
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ralf Weber
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Lemon
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Christian Huitema
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Ted Hardie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Martin Thomson
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Winfield, Alister
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eric Rescorla
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Adam Roach
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Christian Huitema
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Stephen Farrell
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Brian Dickson
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Stephen Farrell
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator nalini elkins
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Brian Dickson
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Stephen Farrell
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Joe Abley
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jacques Latour
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Adam Roach
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator 神明達哉
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jacques Latour
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Vittorio Bertola
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jacques Latour
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Brian Dickson
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jim Reid
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Wes Hardaker
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Christian Huitema
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Vittorio Bertola
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eric Rescorla
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Winfield, Alister
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator sthaug
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Joe Abley
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Winfield, Alister
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Joe Abley
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Eliot Lear
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Bill Woodcock
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Livingood, Jason
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Joe Abley
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Stephen Farrell
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Puneet Sood
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Richard Bennett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Wes Hardaker
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Jared Mauch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Matthew Pounsett
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Paul Vixie
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Patrick McManus
- Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-r… Patrick McManus
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Vittorio Bertola
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Paul Wouters
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Olli Vanhoja
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Daniel Stenberg
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Mark Andrews
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Ian Swett
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… sthaug
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Valentin Gosu
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Martin Thomson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Stephen Farrell
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
- Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator Puneet Sood
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Petr Špaček
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… tirumal reddy
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… Paul Vixie
- Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-r… tirumal reddy