On Mon, Feb 23, 2015 at 1:04 AM, Hosnieh Rafiee <[email protected]> wrote: > > From: dns-privacy [mailto:[email protected]] On Behalf Of Phillip > Hallam-Baker > > > We have to avoid loaded terms like minimal changes. What is a minimal change > is a very subjective question. > > > We have middlebox issues. Since a middlebox can't do anything useful to an > encrypted message and because my objective is to bypass government censorship > schemes, my approach is to bypass the middleboxen wherever possible. So I see > no value in port 53 whether UDP or TCP. > > Changing the port number isn't really a major change in the protocol in my > view. > > Sure we could tunnel e-DNS over DNS. In fact I started off doing that three > years ago. I even wrote code for that. But why bother when there are plenty > of uncluttered UDP ports? > > -------------------------------- > [Hosnieh] Don't make mistake... first of all the discussion is not about > whether this or that proposal is good or bad. The discussion is about having > EQUAL chance for all proposals to present themselves while this haven't > happened at least for CGA-TSIGe and everytime dropped from agenda.
<chair hat on> I'm sorry, but no. The discussion is not about "having EQUAL chance for all proposals to present themselves" - we only give agenda time to proposal that: A: are within our charter and B: that the WG appears to want to work on / discuss. I do not see a reasonable indication that the WG wants to work on this. However, in order to avoid any personal bias (I have previously expressed some views on CGA-TSIG, which *is* related), I'm going to poll the WG. --------- Dear DPRIVE participants, Are you interested on working on CGA-TSIGe and would you like to devote some (10 minutes) of the meeting time in Dallas to a presentation / discussion on CGA-TSIGe? Warren --------- </chair hat> > > [Hosnieh] The similarity of all proposals IMO are as follows: > 1- the purpose of all proposals are to avoid government censorship. > 2- encrypting the DNS messages > > The differences of these proposals are: > 1- How to do the encryption of DNS message > > Now let's back to any proposals with the need of using other ports than DNS. > To be realistic, at the moment in all middle boxes like a firewall , port 53 > have been defined for DNS and open for that purpose. In most large > enterprises there are restricted policies and mostly the keep close all > unnecessary ports. In none of my message I said it is not possible to > re-configure all of these devices, but would say it is not easy not only > technically but also non-technically. I am not talking about a small network > with perhaps one firewall or a router, but large corporates. I know that many > big enterprises have a lot of bureaucracy to change any single things in > their network. furthermore, this Is too much administrative works. > > > I hope it is clear. > Best, > Hosnieh > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
