>> Opportunistic encryption from authoritative perspective I was hoping to make it tomorrow but in case I don't, here's my feedback. I want to avoid a DoH here by voicing my concerns too late where this proposal end up a MUST instead of SHOULD to support encryption on authoritative. I'm pretty sure that there are many people that are silent on this proposal, or simply don't have visibility. I think encryption at this level is not addressing the root problem to preserve client privacy. We should look at how clients could round robin their queries to resolvers via DoH, DoT, even D-over-Jabber 😉, there are 10000s of open resolvers, anonymity can be achieved for sure to an authoritative server.
It’s not because we can we should, and I don't see how this level of encryption will enhance the end client’s privacy posture. If you don’t trust the resolver, pick one you trust, because if you run your own, people can see the which authoritative you’re querying… In reading through the draft that there’s going to be unacceptable induced latency on resolver for TLDs and authoritative domains that are (would) not ADoT enabled. Jacques -----Original Message----- From: dns-privacy <[email protected]> On Behalf Of Brian Haberman Sent: January 25, 2021 4:47 PM To: [email protected] Subject: [EXT] Re: [dns-privacy] DNS PRIVate Exchange (dprive) WG Virtual Meeting: 2021-01-27 The agenda and the slides for the opportunistic encryption draft have been posted to the meeting materials page for the upcoming interim. https://datatracker.ietf.org/meeting/interim-2021-dprive-01/session/dprive Regards, Brian On 1/21/21 8:50 AM, Brian Haberman wrote: > Hi all, > As noted in the agenda below, we will have three primary > discussions. The chairs asked Paul to go over the latest version of the > opportunistic encryption draft for recursive to authoritative exchanges. > After that, we would like to focus on how such an approach will work > from the recursive resolver's perspective followed by how such an > approach will work from the authoritative server's perspective. > > The last two discussions will be free form. There will be no slides > as this should be a collaborative discussion. Please review Paul's draft > and come with your good ideas and feedback on its impact on the two ends > of the DNS exchange. > > The chairs would also like to solicit volunteers to keep minutes so > that we have a good record of any decisions and action items from the > meeting. > > Regards, > Brian > > On 1/12/21 4:44 PM, IESG Secretary wrote: >> The DNS PRIVate Exchange (dprive) WG will hold >> a virtual interim meeting on 2021-01-27 from 18:00 to 20:00 UTC. >> >> Agenda: >> Administrivia - 10 minutes >> Opportunistic Encryption (draft-pp-recursive-authoritative-opportunistic) - >> 20 minutes >> Opportunistic encryption from resolvers perspective - 40 minutes >> Opportunistic encryption from authoritative perspective - 40 minutes >> Wrap-up - 10 minutes >> >> DPRIVE Jan 2020 Interim >> Hosted by DPRIVE Working Group >> >> https://ietf.webex.com/ietf/j.php?MTID=m93424bce1283301bf925e9b68826f7c1 >> Wednesday, Jan 27, 2021 1:00 pm | 2 hours | (UTC-05:00) Eastern Time (US >> & Canada) >> Meeting number: 178 706 0933 >> Password: hmRMWcUA758 >> >> Join by video system >> Dial [email protected] >> You can also dial 173.243.2.68 and enter your meeting number. >> >> Join by phone >> 1-650-479-3208 Call-in toll number (US/Canada) >> Access code: 178 706 0933 >> >> Information about remote participation: >> https://ietf.webex.com/ietf/j.php?MTID=m93424bce1283301bf925e9b68826f7c1 >> >> _______________________________________________ >> dns-privacy mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dns-privacy >> _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
