Hiya,
On 17/08/2021 13:16, Brian Haberman wrote:
All,
I want to start working through the details of what Stephen is
proposing below; beginning to do operational experiments to determine
which approach, or approaches, may be viable in the long term. To carry
out such experiments, I believe we need the following:
1. A stable I-D for an approach to providing privacy between recursive
resolvers and authoritative servers,
More than one I-D seems likely and is fine I reckon.
2. An implementation of the stable I-D in a recursive resolver and in an authoritative server implementation,
IIUC, that exists?
3. At least one authoritative server operator willing to deploy the experimental implementation, 4. At least one recursive resolver operator willing to deploy the experimental implementation, 5. An agreed upon set of metrics to assess the operational behavior of the approach,
Not sure a final/agreed version of that's needed before someone starts to run an experiment. Nice to have it of course but I suspect initial experiments will throw up bits of data we'd not considered (e.g. maybe relating to the diversity of partnerships that authoritative servers have and how those affect partial rollout).
Is there a major item missing from the list above? Other aspects of carrying out such an experiment? Are there any volunteers to start working on details of such an experiment?
I'm game. (But not this week, taking a few days away:-) Cheers, S.
Regards, Brian On 8/2/21 9:22 AM, Stephen Farrell wrote:Hiya, On 02/08/2021 05:21, Martin Thomson wrote:If we decided on a single answer for the first and in the negative for the second, would that make authentication viable?IMO we ought not just "decide" on most of the tricky ADoX issues but we should rather document the options sufficient to allow people to do experiments and then wait and see how those experiments go. I'd say a stable I-D is probably enough documentation to allow for experiments and I'd hope such experiments could be done in 6-12 months. I'd expect we might still be left with a few tricky issues, but that a number of those (where we might make wrong choices now) would be resolved once people try 'em out. So my suggestion is to review the I-Ds we have with a view to figuring out what's missing that's needed to allow such experiments, fix that and then "park" those I-Ds 'till we get results. That could be similar to how drafts are declared to be "interop drafts" in other WGs or could be a WGLC-like process. If we decided to try go that way, I'd be happy to try help get some such experiment going. Cheers, S. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
