Re: [perpass] DNS confidentiality
Ted Lemon <mellon@fugue.com> Wed, 13 November 2013 14:32 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E62BF21E8158 for <perpass@ietfa.amsl.com>; Wed, 13 Nov 2013 06:32:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tf07+mk4793X for <perpass@ietfa.amsl.com>; Wed, 13 Nov 2013 06:32:40 -0800 (PST)
Received: from toccata.fugue.com (toccata.fugue.com [204.152.186.142]) by ietfa.amsl.com (Postfix) with ESMTP id EEC2F21E8139 for <perpass@ietf.org>; Wed, 13 Nov 2013 06:32:38 -0800 (PST)
Received: from [10.0.10.40] (c-174-62-147-182.hsd1.nh.comcast.net [174.62.147.182]) by toccata.fugue.com (Postfix) with ESMTPSA id C2202238081B; Wed, 13 Nov 2013 09:32:37 -0500 (EST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Ted Lemon <mellon@fugue.com>
In-Reply-To: <335D1A6F-A44C-444A-9379-7D03D873F543@checkpoint.com>
Date: Wed, 13 Nov 2013 09:32:35 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <F106C209-FE3F-43E3-9A3F-5D4917B1D4E2@fugue.com>
References: <20131111121027.GA31723@sources.org> <CEA6999F.25B2C%gwiley@verisign.com> <CA+9kkMDTYZ8tKnGigojWQDuDM3K0uPyoW2fesH1ueAFbTZMBrQ@mail.gmail.com> <CABkgnnVuX3bV1XMKsY1g6GOkZmhfxo=Zt9iUryt0wt+9K8tFkA@mail.gmail.com> <5282D6A3.5060205@cs.tcd.ie> <4AE06389-A46C-4F14-849E-62DC9FA7F128@fugue.com> <335D1A6F-A44C-444A-9379-7D03D873F543@checkpoint.com>
To: Yoav Nir <ynir@checkpoint.com>
X-Mailer: Apple Mail (2.1822)
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] DNS confidentiality
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2013 14:32:46 -0000
On Nov 13, 2013, at 12:22 AM, Yoav Nir <ynir@checkpoint.com> wrote: > I'm one of those that made that argument. I do think we should fix this in TLS, but realistically, browsers are going to continue sending SNI in the clear for at least another 10 years. Yes, we should fix this now, because whenever we start, that's when the 10-year countdown begins. The same is true for any modification to DNS, except the timeframe is likely to be even longer. That doesn't sound *quite* like what I heard Stephen say, and I don't disagree with it, although I don't agree either—it's hard to predict what browser people will do, and ten years is a long time in the browser business. So you might as well fix the spec, and see what happens.
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Andy Wilson
- [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Paul Wouters
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Ben Laurie
- Re: [perpass] DNS confidentiality Mark Handley
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Joseph Lorenzo Hall
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Paul Wouters
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Phillip Hallam-Baker
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality manning bill
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Karl Malbrain
- Re: [perpass] DNS confidentiality Hosnieh Rafiee
- Re: [perpass] DNS confidentiality Christian Huitema
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Ted Hardie
- Re: [perpass] DNS confidentiality Martin Thomson
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Ted Lemon
- Re: [perpass] DNS confidentiality Stephen Farrell
- Re: [perpass] DNS confidentiality Yoav Nir
- Re: [perpass] DNS confidentiality Christian Huitema
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Ondřej Surý
- Re: [perpass] DNS confidentiality Michael Richardson
- Re: [perpass] DNS confidentiality Ted Lemon
- Re: [perpass] DNS confidentiality Dan York
- Re: [perpass] DNS confidentiality Ted Hardie
- Re: [perpass] DNS confidentiality Wiley, Glen
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephane Bortzmeyer
- Re: [perpass] DNS confidentiality Stephen Farrell