Re: [DNSOP] Fwd: New Version Notification for draft-pwouters-powerbind-02.txt (fwd)

Hi Paul, On 10 Mar 2019, at 23:41, Paul Wouters wrote: > Wes and I updated the powerbind draft. > > We did a lot of rewriting to clarify the concept, so of you were confused, > please give this version another read. I had not noticed the -01 revision of this draft, so apologies if any of my r

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

Please see inline [TR] From: dns-privacy On Behalf Of nalini elkins Sent: Monday, March 11, 2019 11:05 AM To: Paul Vixie Cc: Stephen Farrell ; d...@ietf.org; dnsop@ietf.org; Christian Huitema ; dns-priv...@ietf.org; Vittorio Bertola ; Ackermann, Michael Subject: Re: [dns-privacy] [DNSOP] New

[DNSOP] Proposal for a side-meeting on services centralization at IETF 104 Prague

[Sorry for the long list of working groups but the discussion already started in different places.] There are been some discussion about DoH (DNS-over-HTTPS, RFC 8484) deployment and the risk of centralization of Internet services. (See for instance drafts [this is not an endorsement] draft-bertol

[DNSOP] Proposal for a side-meeting on services centralization at IETF 104 Prague

[Resent with the correct list of working groups.] [Sorry for the long list of working groups but the discussion already started in different places.] There are been some discussion about DoH (DNS-over-HTTPS, RFC 8484) deployment and the risk of centralization of Internet services. (See for instan

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

On Sat, Mar 9, 2019 at 11:03 PM Paul Vixie wrote: > > > Warren Kumari wrote on 2019-03-09 22:48: > > [ + DNSOP] > > > > ... > > > > I think it would be very valuable to not conflate DNS-over-HTTPS (the > > protocol) with the "applications might choose to use their own > > resolvers" concerns. > >

Re: [DNSOP] Call for Adoption: draft-wessels-dns-zone-digest

Am 10.03.19 um 15:31 schrieb Tim Wicinski: > Please review this draft to see if you think it is suitable for adoption by > DNSOP, and comments to the list, clearly stating your view. Hello, The document itself is written clearly. As a user of the mentioned LDNS implementation I find it useful

Re: [DNSOP] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

Hi Stephane, This conflicts with SECDISPATCH, which will have a pretty serious impact on who might attend. Scheduling these things is very hard, obviously. Given this topic, you may have to move outside the normal agenda time to get a reasonable shot at avoiding conflict. Ted On Mon, Mar 11, 20

Re: [DNSOP] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

On Mon, Mar 11, 2019 at 10:06:21AM -0700, Ted Hardie wrote a message of 76 lines which said: > This conflicts with SECDISPATCH, which will have a pretty serious impact on > who might attend. Scheduling these things is very hard, obviously. Given > this topic, you may have to move outside the

Re: [DNSOP] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

On Mon, Mar 11, 2019 at 10:13 AM Stephane Bortzmeyer wrote: > On Mon, Mar 11, 2019 at 10:06:21AM -0700, > Ted Hardie wrote > a message of 76 lines which said: > > > This conflicts with SECDISPATCH, which will have a pretty serious impact > on > > who might attend. Scheduling these things is v

Re: [DNSOP] [hrpc] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

On 3/11/19 9:13 AM, Stephane Bortzmeyer wrote: > I admit I'm not sure that Secdispatch is so important here. The > subject of the side meeting is not security-specific. It also conflicts with irtfopen, which may impact the availability of pearg people, hrpc folk, etc. Melinda -- Software longa,

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

Tiru, Thanks for your comments. > Enterprise networks are already able to block DoH services, We are also concerned about getting threat intelligence so that would impact DoH on the Internet. We are also concerned about being able to block malware, etc. inside the enterprise. Thank you for do

Re: [DNSOP] [dns-privacy] [hrpc] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

I'd appreciate it not conflicting with IRTFOPEN. The ANRP topics include how Facebook manipulates routing and a big study on QUIC, and I think there should be participant overlap. On Mon, 11 Mar 2019 at 13:22, Melinda Shore wrote: > On 3/11/19 9:13 AM, Stephane Bortzmeyer wrote: > > I admit I'm

Re: [DNSOP] Proposal for a side-meeting on services centralization at IETF 104 Prague

> Il 11 marzo 2019 alle 18.02 Stephane Bortzmeyer ha > scritto: > > It was suggested Reference necessary to have a > side meeting in Prague at IETF 104. I propose monday, 1400-1600 in > Tyrolka. The proposal is at > . You > are welcom

Re: [DNSOP] [hrpc] Proposal for a side-meeting on services centralization at IETF 104 Prague

Perfect idea, very good use of the Wednesday slot. On Mon, 11 Mar 2019 at 13:57, Vittorio Bertola wrote: > > Il 11 marzo 2019 alle 18.02 Stephane Bortzmeyer ha > scritto: > > > > It was suggested Reference necessary to have a > > side meeting in Prague at IETF 104. I propose monday, 1400-1600

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Ted Hardie wrote on 2019-03-11 10:02: ... no other off-network RDNS is reachable by malware which somehow gets into my network, I interpret this to mean that you have blocked DNS over TLS's well-known port (853), so that Quad 9 and other services offering it are not accessible.  Is

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

nalini elkins wrote on 2019-03-11 10:26: Tiru, Thanks for your comments. > Enterprise networks are already able to block DoH services, i wonder if everyone here knows that TLS 1.3 and encrypted headers is going to push a SOCKS agenda onto enterprises that had not previously needed one, an

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

Hi Paul, > On 11 Mar 2019, at 19:12, Paul Vixie wrote: > > > > nalini elkins wrote on 2019-03-11 10:26: >> Tiru, >> Thanks for your comments. >> > Enterprise networks are already able to block DoH services, > i wonder if everyone here knows that TLS 1.3 and encrypted headers is going > to pus

[DNSOP] I-D Action: draft-ietf-dnsop-multi-provider-dnssec-01.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : Multi Provider DNSSEC models Authors : Shumon Huque Pallavi Aras

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

On Mon, Mar 11, 2019 at 11:06 AM Paul Vixie wrote: > > DoH will moot that approach. > Any system that actually checks the credentials presented by the responding server will also moot that approach. Given how easy it is to pin credential characteristics in applications distributed as binaries,

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

>i wonder if everyone here knows that TLS 1.3 and encrypted headers is >going to push a SOCKS agenda onto enterprises that had not previously >needed one I have, ahem, some familiarity with the enterprises and TLS1.3 issue. (These past few years have aged me terribly!) I frankly feel that we have

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Mon, 11 Mar 2019, Paul Vixie wrote: CF has so far only supported DoH on 1.1.1.0/24 and 1.0.1.0/24 If that's what you believe and block, then you're not blocking Cloudflare DoH very effectively... =) -- / daniel.haxx.se ___ DNSOP mailing list

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

(Apologies for top-replying) I think, from squinting at this a bit, that what is missing is some kind of policy/service discovery, and coming to some kind of agreement (between DNSOP and DOH, and any/all other interested parties) on what default behavior should be (and under what conditions/circum

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Mon, Mar 11, 2019 at 11:13 AM Paul Vixie wrote: > > > nalini elkins wrote on 2019-03-11 10:26: > > Tiru, > > > > Thanks for your comments. > > > > > Enterprise networks are already able to block DoH services, > i wonder if everyone here knows that TLS 1.3 and encrypted headers is > going to p

[DNSOP] I-D Action: draft-ietf-dnsop-extended-error-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : Extended DNS Errors Authors : Warren Kumari Evan Hunt

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-04.txt

Hi Petr, Sorry for the delay in responding to your excellent review. You raised a large number of good suggestions and clarifications. Attached are my more detailed actions and responses to your points. Look for "results:" and "response:" for my/our responses to each item. [Warren and I dis

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-04.txt

Hi Stephane, Thanks for your great review (and support of the draft). We've made a number of changes based on your suggestions, and I'm including a more detailed accounting below of steps taken based on your review. Sorry for the delay in getting a response back to you. 6 Stephane Bortzmeyer

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-04.txt

"Michael J. Sheldon" writes: Brian and Michael both, > > Rationale : the current text seems to imply this code is only when > > there is no DNSKEY at all. > I disagree. There are going to be cases where DS and DNSKEY are not > fully in sync due to key rollovers, prestaging, etc. This is not a

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

That's what they told me. On Mar 11, 2019, 14:20, at 14:20, Daniel Stenberg wrote: >On Mon, 11 Mar 2019, Paul Vixie wrote: > >> CF has so far only supported DoH on 1.1.1.0/24 and 1.0.1.0/24 > >If that's what you believe and block, then you're not blocking >Cloudflare DoH >very effectively... =) >

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

(This distribution list is too scattered and diverse. Be great if some AD or someone just picked one list for this. In the meantime...) On 11/03/2019 20:43, nalini elkins wrote: > impact assessment that certain changes such as > DoH and TLS1.3 will have on enterprises, TLS1.3 will, I expect, no

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

Stephen, > TLS1.3 will, I expect, noticeably improve security for an awful lot of enterprises in time. I am sure you are right. There is also likely to be quite a bit of pain ahead for many. Also, this is exactly why I propose a neutral observer who might tease out the nuances. Or say someth

Re: [DNSOP] Last Call: (Algorithm Implementation Requirements and Usage Guidance for DNSSEC) to Proposed Standard

On Tue, Mar 5, 2019 at 1:34 AM Warren Kumari wrote: > > > On Mon, Mar 4, 2019 at 11:05 AM Paul Wouters wrote: > >> On Mon, 4 Mar 2019, Warren Kumari wrote: >> >> > So, my plan is to 1: ask the authors to please swap the Y to an N as >> below and 2: progress the document with the hope that this >

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 12/03/2019 01:54, nalini elkins wrote: > Stephen, > >> TLS1.3 will, I expect, noticeably improve security for an awful lot of >> enterprises in time. > > I am sure you are right. Great. > There is also likely to be quite a bit of pain > ahead for many. I don't agree at all about that, d

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

> -Original Message- > From: Stephen Farrell > Sent: Tuesday, March 12, 2019 5:30 AM > To: Paul Vixie ; d...@ietf.org > Cc: nalini elkins ; Konda, Tirumaleswar Reddy > ; dnsop@ietf.org; Ackermann, > Michael ; Christian Huitema > ; dns-priv...@ietf.org; Vittorio Bertola > > Subject: Re: [d

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

> -Original Message- > From: Eliot Lear > Sent: Monday, March 11, 2019 11:49 PM > To: Paul Vixie > Cc: nalini elkins ; Konda, Tirumaleswar Reddy > ; d...@ietf.org; dnsop@ietf.org; > Ackermann, Michael ; Christian Huitema > ; dns-priv...@ietf.org; Vittorio Bertola > ; Stephen Farrell > >

Re: [DNSOP] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

On Tue, Mar 12, 2019 at 1:58 AM Stephane Bortzmeyer wrote: > [Sorry for the long list of working groups but the discussion already > started in different places.] > > There are been some discussion about DoH (DNS-over-HTTPS, RFC 8484) > deployment and the risk of centralization of Internet servic