Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Meeting in Montreal

Tim Wicinski <tjw.ietf@gmail.com> Tue, 10 July 2018 14:03 UTC

Return-Path: <tjw.ietf@gmail.com>
X-Original-To: driu@ietfa.amsl.com
Delivered-To: driu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BC30130E9F; Tue, 10 Jul 2018 07:03:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1qDFlKBAAVtP; Tue, 10 Jul 2018 07:03:10 -0700 (PDT)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com [IPv6:2a00:1450:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1B29130E8C; Tue, 10 Jul 2018 07:03:09 -0700 (PDT)
Received: by mail-wr1-x434.google.com with SMTP id a3-v6so5521821wrt.2; Tue, 10 Jul 2018 07:03:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UBghc4tka6ONj6OZRTSQMjTHhWawF0VRGtuU0L0GCUE=; b=DRkqxf33Xk8Czrc5gZbOocBf2goTWCnXkpOdhfVEwhIA97Qm2oIrQzRRwy5SSckfCU jESICt289qorRQs8ZTTUTZ8jMrWSuAlfqNqWjdcnq5UxG+oFuWSl2cYtqsTO2R5/3kaK tTcBFBq0trpW0Pf0vZZ/JahPudyGL3raPtEtdIS6dtOlodAzfcP5BiSixvd9RW7zcxcm BBmtPMqzt5iS5zuxwLbnHmPVNssnqUwETDZQwykbffPTjOIfdTjCbvw4DUEM/8wiqHEn luGZ/IVeKMJQiKsBEMG7f1YS+YXhH6K1WOgAAsmAaw8cEEIiGBBxs02d0gwj4m7hdYUi KZxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UBghc4tka6ONj6OZRTSQMjTHhWawF0VRGtuU0L0GCUE=; b=X9oBImGQRPIyQIm+96j8OgWUVSCZnykhuAm7XPTAhuIVTX+Xhgoe2BZX3tt48jFiWf R5EryXwTzZkDSTmWXD8FEgLNDpHTxbhXrTo/DdZ770ajMryV9d+oiEq47EZcnLJu5ryh YSkqTYqsDQp+PFcUWeF/X6kQwJ23+af8thhiExHZY1s6vCjDCKH3cvjV12wpANji7lbX AnnqZE1BlLUcuHhSdjzdJnWlEsY0oZkx/YC1ALEu5/D6JdIYBVPHDG2F8K4ko81gxFsc kYN42pXbbqiFauq57+yh/i/QfQfi33HbDQqU3CBdP/twjli/9HH7xqzzU0/2oNCxrY1E fUqg==
X-Gm-Message-State: AOUpUlGlyFrArOVmFQpSKVniZv3dbRqycZJvx31aNhcaqhUOXINADYHw BzxU068uxkB2sn9DVcti4N0b20l7YwC3Gha972s=
X-Google-Smtp-Source: AAOMgpc4ZHdjYs/R+jOVTlPcTioXZlycl/ALApiVPyT8XiYe0HwD+mVVwQ5b84vxyROo9GQNf+iLFSVk8qrf5HKBCrQ=
X-Received: by 2002:adf:e34d:: with SMTP id n13-v6mr10166512wrj.158.1531231388542; Tue, 10 Jul 2018 07:03:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:a414:0:0:0:0:0 with HTTP; Tue, 10 Jul 2018 07:03:08 -0700 (PDT)
In-Reply-To: <m1fcoe5-0000GuC@stereo.hq.phicoh.net>
References: <CAOdDvNp0S5-aEzy4ziqVvL1Kd+V79nD49_Zuo1dLoThXYP7nFg@mail.gmail.com> <m1fcoe5-0000GuC@stereo.hq.phicoh.net>
From: Tim Wicinski <tjw.ietf@gmail.com>
Date: Tue, 10 Jul 2018 10:03:08 -0400
Message-ID: <CADyWQ+GwR4Dm9JfXOEOt3gS4rMjFqdZGf5V04sZGQMXvGK+9nw@mail.gmail.com>
To: Philip Homburg <pch-dnsop-3@u-1.phicoh.com>
Cc: dnsop <dnsop@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>, DoH WG <doh@ietf.org>, Patrick McManus <pmcmanus@mozilla.com>, driu@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fbaa1e0570a59615"
Archived-At: <https://mailarchive.ietf.org/arch/msg/driu/Bwwg3AkmGZ2KLI74XHagyC5KvZ8>
Subject: Re: [Driu] [Doh] [DNSOP] Resolverless DNS Side Meeting in Montreal
X-BeenThere: driu@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "DNS Resolver Identification and Use \(DRIU\)." <driu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/driu>, <mailto:driu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/driu/>
List-Post: <mailto:driu@ietf.org>
List-Help: <mailto:driu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/driu>, <mailto:driu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 14:03:13 -0000

>
> "Are you trying to re-invent DNSSEC for people who don't want to deploy
> DNSSEC?"


My magic 8-ball says "signs point to Yes"

On Tue, Jul 10, 2018 at 5:09 AM, Philip Homburg <pch-dnsop-3@u-1.phicoh.com>
wrote:

> >For example www.example.com pushes you a AAAA record for img1.example.com
> .
> >Should you use it? What if it is for img1.img-example.com ? Do the
> >relationship between these domains matter? What kind of relationship (i.e.
> >it could be a domain relationship, or in the context of a browser it might
> >be a first-party tab like relationship, etc..)? What are the implications
> >of poison? Trackers? Privacy of requests never made? Speed? Competitive
> >shenanigans or DoS attacks?
> >
> >This was out of scope for DoH.
>
> Assuming that in the context of DoH reply size is not an issue, is seems to
> me that this use case is already solved by DNSSEC. Just push all required
> signatures, key material and DS records that allow the receiving side to
> validate the additional information.
>
> Are you trying to re-invent DNSSEC for people who don't want to deploy
> DNSSEC?
>
>
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh
>