Re: DNS64, DANE and DPRIV
Andrew Sullivan <ajs@anvilwalrusden.com> Sun, 07 December 2014 01:26 UTC
Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5996F1A6F33 for <ietf@ietfa.amsl.com>; Sat, 6 Dec 2014 17:26:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.141
X-Spam-Level:
X-Spam-Status: No, score=-0.141 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_INFO=1.448, HOST_MISMATCH_NET=0.311] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JRN9F4oEePf for <ietf@ietfa.amsl.com>; Sat, 6 Dec 2014 17:26:51 -0800 (PST)
Received: from mx1.yitter.info (ow5p.x.rootbsd.net [208.79.81.114]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4227D1A6F32 for <ietf@ietf.org>; Sat, 6 Dec 2014 17:26:47 -0800 (PST)
Received: from mx1.yitter.info (unknown [118.143.13.4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.yitter.info (Postfix) with ESMTPSA id 058E18A031 for <ietf@ietf.org>; Sun, 7 Dec 2014 01:26:44 +0000 (UTC)
Date: Sat, 06 Dec 2014 20:26:33 -0500
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: ietf@ietf.org
Subject: Re: DNS64, DANE and DPRIV
Message-ID: <20141207012632.GA21097@mx1.yitter.info>
References: <CAMm+Lwj+KjTVka1M7O+tsp76C_OCGR0bWKH_k5UrZXSYZrF+GA@mail.gmail.com> <20141206213552.2777C2508A06@rock.dv.isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20141206213552.2777C2508A06@rock.dv.isc.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/DMA99B6v3Qp1-udbpIWtGVPR07o
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Dec 2014 01:26:52 -0000
On Sun, Dec 07, 2014 at 08:35:51AM +1100, Mark Andrews wrote: > get the DNS64 parameters securely for which there is no solution > today. You mean, "Get the Pref64 securely"? There is in fact a solution for that, and it is in RFC 7050. Moreover, it can be secured if the ISP is not using the WKP. So, if you're willing to do the DNS64 function yourself and your ISP isn't using the WKP, you can have secure answers. (For all that, if your ISP _is_ using the WKP, then you don't need to look it up securely.) > Can we just give up on DNS64 as a general solution to going IPv6 > only. I should hope so. It was never intended to be a general solution, and I think we who worked on it were crystal clear about that all along. Best regards, A -- Andrew Sullivan ajs@anvilwalrusden.com
- DNS64, DANE and DPRIV Phillip Hallam-Baker
- Re: DNS64, DANE and DPRIV Mark Andrews
- Re: DNS64, DANE and DPRIV Ted Lemon
- Re: DNS64, DANE and DPRIV Randy Bush
- Re: DNS64, DANE and DPRIV Phillip Hallam-Baker
- Re: DNS64, DANE and DPRIV Mark Andrews
- Re: DNS64, DANE and DPRIV Randy Bush
- Re: DNS64, DANE and DPRIV Mark Andrews
- Re: DNS64, DANE and DPRIV Randy Bush
- Re: DNS64, DANE and DPRIV Phillip Hallam-Baker
- Re: DNS64, DANE and DPRIV Andrew Sullivan
- Re: DNS64, DANE and DPRIV Michael Richardson
- Re: DNS64, DANE and DPRIV Andrew Sullivan
- Re: DNS64, DANE and DPRIV Phillip Hallam-Baker