Re: [OPSAWG] CALL FOR ADOPTION: RADIUS Extensions for Encrypted DNS

[mohamed.boucadair@orange.com]

Hi Chongfeng,

Thank you for the comments.

Please see inline.

Cheers,
Med

De : OPSAWG <opsawg-bounces@ietf.org> De la part de Chongfeng Xie
Envoyé : samedi 17 septembre 2022 02:21
À : opsawg@ietf.org
Objet : Re: [OPSAWG] CALL FOR ADOPTION: RADIUS Extensions for Encrypted DNS



Hi, folks,
I support the adoption of this document in opsawg and hope it can progress as soon as possible.
As an operator who has deployed IPv6 and its accompaning radius capability, I think this document is very useful, it fills the void of radius support for Encrypted DNS exchange. In addition, I have the following comments for the authors,
-In the introdution section, examples of IPv4 encrypted DNS exchange and IPv6 encrypted DNS exchange are provided,  when encrtyped DNS server is IPv4/IPv6 dual-stack, can the same interaction process support both IPv4 and IPv6?
[Med] This is implementation- and deployment-specific. That’s said, there is no constraint in the RADIUS leg to include a mix of IPv4-IPv6 TLVs in the same exchange. However, it is not allowed to include a distinct address family in DHCP/DHCPv6/RA. These considerations are not specific to these new attributes but apply for DNS-Server-IPv6-Address (RFC6911).

-The second one is about terminalogy, in some place,  "encrypted DNS" is used, but in other places, "encrypted DNS resolver" is used,  can they be unified?
[Med] These two terms are used to refer to distinct things: communication protocol vs. resolver.

-Is there a need to provide a specific section for the Radius behavior illustration after section? Or this has been covered by section 1?
[Med] Yes, this is already provided in Section 1. We may move that text to a separate section if you think this is better.

Best regards
Chongfeng



De : OPSAWG <opsawg-bounces@ietf.org<mailto:opsawg-bounces@ietf.org>> De la part de Joe Clarke (jclarke)
Envoyé : mercredi 14 septembre 2022 16:28
À : opsawg@ietf.org<mailto:opsawg@ietf.org>
Objet : [OPSAWG] [cid:image001.png@01D8CBFD.421645F0] CALL FOR ADOPTION: RADIUS Extensions for Encrypted DNS

Hello, WG.  I like Henk’s subject icon.  Makes for some attention-grabbing.

This work has been discussed previously in opsawg, going back over a year.   The authors have continued to progress the work and would like to gauge WG interest in adopting it.

One might ask, why opsawg?  The radext WG has been concluded, but, like IPFIX, there is interest in continuing to produce extensions for RADIUS.  It was suggested by Benjamin Kaduk that opsawg was a potential fit for this work.

Therefore, this kicks off a two-week CfA for https://datatracker.ietf.org/doc/draft-boucadair-opsawg-add-encrypted-dns/.  Please comment on-list with support and/or discussion of the work.

Thanks.

Joe

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.