Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

2019-03-10 Thread Stephane Bortzmeyer
On Sun, Mar 10, 2019 at 03:48:52PM +0900, Warren Kumari wrote a message of 281 lines which said: > I think it would be very valuable to not conflate DNS-over-HTTPS > (the protocol) with the "applications might choose to use their own > resolvers" concerns. I fully agree. Applications using t

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

2019-03-10 Thread Stephane Bortzmeyer
On Sat, Mar 09, 2019 at 11:01:33PM -0800, Paul Vixie wrote a message of 32 lines which said: > i have been away as long as possible, which means i was surprised > that the IESG was willing to allow a document to standardize I'm not surprised, since, in the last years, there have been a strong

[DNSOP] Call for Adoption: draft-wessels-dns-zone-digest

2019-03-10 Thread Tim Wicinski
The chairs feel the document has been updated to address several issues raised from the last meeting, including some implementations. If there is pushback during this call for adoption, we can take the topic up in Prague. This starts a Call for Adoption for draft-wessels-dns-zone-digest The draf

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

2019-03-10 Thread Ask Bjørn Hansen
> On Mar 9, 2019, at 10:48 PM, Warren Kumari wrote: > > Also, I think that this topic would be better discussed in the DNSOP WG - > the DoH charter (https://datatracker.ietf.org/wg/doh/about/ > ) talks about: > "The primary focus of this working gr

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

2019-03-10 Thread Vittorio Bertola
> Il 10 marzo 2019 alle 20.15 Ask Bjørn Hansen ha scritto: > > > > > > > On Mar 9, 2019, at 10:48 PM, Warren Kumari < > war...@kumari.net mailto:war...@kumari.net > wrote: > > > > Also, I think that this topic would be better discussed in the > > DNSOP WG - the DoH

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

2019-03-10 Thread nalini elkins
> Similarly, putting DNS in user space allows for immediate adoption of DNSSEC and privacy enhancements, even when the operating system or the local network does not support them At enterprises (banks, insurance, etc) on their internal networks, people run their own DNS servers which may resolve

[DNSOP] Fwd: New Version Notification for draft-pwouters-powerbind-02.txt (fwd)

2019-03-10 Thread Paul Wouters
Wes and I updated the powerbind draft. We did a lot of rewriting to clarify the concept, so of you were confused, please give this version another read. It clarifies a few issues based on the responses we had so far, such as the limitations of RRTYPE's for DELEGATION_ONLY zones (and how to deal

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

2019-03-10 Thread Christian Huitema
On 3/10/2019 8:25 PM, nalini elkins wrote: >  > Similarly, putting DNS in user space allows for immediate adoption > of DNSSEC and privacy enhancements, even when the operating system or > the local network does not support them   > > At enterprises (banks, insurance, etc) on their internal networ

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

2019-03-10 Thread nalini elkins
BTW, I am reading the draft Tiru et al just posted on DPRIVE about this issue to see if we have any comments. > 4) I am using my work laptop on the enterprise network, and using application-X This could be an internal application or on the Internet. Enterprises have connections to: - Internal L

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

2019-03-10 Thread Paul Vixie
Christian Huitema wrote on 2019-03-10 21:14: There are a bunch of conflicting requirements here, and it would be good to tease out the contradictions. Consider the following cases: 1) I am using my phone, and using application-X. 2) I am at home, using application-X on my home computer.

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

2019-03-10 Thread nalini elkins
Paul, > (yes, i will be part of a major new project to identify and block all DoH services, so > that behavioural security policies can still work, because you may have > noticed that the internet has never become MORE secure from new tech, > but it occasionally becomes LESS secure more slowly bec

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

2019-03-10 Thread Christian Huitema
On 3/10/2019 10:24 PM, Paul Vixie wrote: > if you are using my network, then it makes no difference which of us > bought you that laptop. you will use the RDNS i allow you to use. RDNS > is part of the control plane, and i use it for both monitoring and > control. sometimes that's so that i can se

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

2019-03-10 Thread Paul Vixie
Christian Huitema wrote on 2019-03-10 23:05: On 3/10/2019 10:24 PM, Paul Vixie wrote: if you are using my network, then it makes no difference which of us bought you that laptop. you will use the RDNS i allow you to use. RDNS is part of the control plane, and i use it for both monitoring and