Re: [dns-privacy] I-D Action: draft-ietf-dprive-early-data-00.txt
On Wed, Apr 22, 2020 at 06:41:39AM -0700, internet-dra...@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange WG of the IETF. > > Title : Using Early Data in DNS over TLS > Author : Alessandro Ghedini > Filename: draft-ietf-dprive-early-data-00.txt > Pages : 6 > Date: 2020-04-22 That RRTYPE whitelist looks quite questionable. Any Data RRTYPE (numbers 1-127 and 256-61439) needs to be safe as QTYPE, or there are major problems already (since servers MUST answer all of them). Meta RRTYPEs (numbers 128-255) might be unsafe (and servers are allowed to reject such queries already). Then there is the unassigned, private use and reserved stuff (numbers 0, 61440-65535) and who knows what is there. Unfortunately there is the special snowflake that is OPT (number 41). Despite being in DATA RRTYPE range, it is special (usually not even used as QTYPE). Now, the base structure absolutely has to be allowed in 0-RTT. The problem with it is that it can carry its own extensions. I have no idea of what most of those even do, and there are probably at least some that are unsafe in 0-RTT, and at least some that are actually useful in 0-RTT. (As sidenote, I discovered that Unbound does not like OPT as QTYPE and answers with FORMERR, but there are servers out there that answer OPT queries like any other datatype they have no records for). -Ilari ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] I-D Action: draft-ietf-dprive-early-data-00.txt
On Wed, Apr 22, 2020 at 9:41 AM wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the DNS PRIVate Exchange WG of the IETF. > > Title : Using Early Data in DNS over TLS > Author : Alessandro Ghedini > Filename: draft-ietf-dprive-early-data-00.txt > Pages : 6 > Date: 2020-04-22 > > Abstract: >This document illustrates the risks of using TLS 1.3 early data with >DNS over TLS, and specifies behaviors that can be adopted by clients >and servers to reduce those risks. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dprive-early-data/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dprive-early-data-00 > https://datatracker.ietf.org/doc/html/draft-ietf-dprive-early-data-00 > > Looks good to me, one nit: 1. Introduction "tecniques" -> "techniques" -- Bob Harold ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
[dns-privacy] I-D Action: draft-ietf-dprive-early-data-00.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the DNS PRIVate Exchange WG of the IETF. Title : Using Early Data in DNS over TLS Author : Alessandro Ghedini Filename: draft-ietf-dprive-early-data-00.txt Pages : 6 Date: 2020-04-22 Abstract: This document illustrates the risks of using TLS 1.3 early data with DNS over TLS, and specifies behaviors that can be adopted by clients and servers to reduce those risks. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dprive-early-data/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-dprive-early-data-00 https://datatracker.ietf.org/doc/html/draft-ietf-dprive-early-data-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] Call for Adoption: draft-ghedini-dprive-early-data
All The call for adoption has ended and we're received feedback on adopting and working on this. Consensus appears the document needs work but is a good starting point thanks tim On Tue, Apr 14, 2020 at 11:45 AM Christopher Wood wrote: > I support adoption and am willing to review. > > Best, > Chris > > On Tue, Apr 14, 2020, at 2:42 AM, Stephen Farrell wrote: > > > > I support adoption. There's work to be done on it, but > > it's a good start and should be a useful document. > > > > S. > > > > On 08/04/2020 18:27, Tim Wicinski wrote: > > > This starts a Call for Adoption for draft-ghedini-dprive-early-data > > > > > > The draft is available here: > > > https://datatracker.ietf.org/doc/draft-ghedini-dprive-early-data/ > > > > > > Please review this draft to see if you think it is suitable for > adoption > > > by DPRIVE, and comments to the list, clearly stating your view. > > > > > > Please also indicate if you are willing to contribute text, review, > etc. > > > > > > This call for adoption ends: 22 April 2020 > > > > > > Thanks, > > > > > > > > > ___ > > > dns-privacy mailing list > > > dns-privacy@ietf.org > > > https://www.ietf.org/mailman/listinfo/dns-privacy > > > > > > > ___ > > dns-privacy mailing list > > dns-privacy@ietf.org > > https://www.ietf.org/mailman/listinfo/dns-privacy > > > > Attachments: > > * 0x5AB2FAF17B172BEA.asc > > * signature.asc > > ___ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy > ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] Call for Adoption: draft-huitema-dprive-dnsoquic
All The call for adoption has ended and strong consensus to adopt. Thanks for all the feedback. tim On Wed, Apr 22, 2020 at 6:18 AM Benno Overeinder wrote: > I support the adoption of the draft and I am willing to contribute/review. > > -- Benno > > > On 08/04/2020 18:41, Tim Wicinski wrote: > > > > This starts a Call for Adoption for draft-huitema-dprive-dnsoquic > > > > The draft is available here: > > https://datatracker.ietf.org/doc/draft-huitema-dprive-dnsoquic/ > > > > Please review this draft to see if you think it is suitable for adoption > > by DPRIVE, and comments to the list, clearly stating your view. > > > > Please also indicate if you are willing to contribute text, review, etc. > > > > This call for adoption ends: 22 April 2020 > > > > Thanks, > > tim/brian > > > > ___ > > dns-privacy mailing list > > dns-privacy@ietf.org > > https://www.ietf.org/mailman/listinfo/dns-privacy > > > > > -- > Benno J. Overeinder > NLnet Labs > https://www.nlnetlabs.nl/ > ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
Re: [dns-privacy] Call for Adoption: draft-huitema-dprive-dnsoquic
I support the adoption of the draft and I am willing to contribute/review. -- Benno On 08/04/2020 18:41, Tim Wicinski wrote: > > This starts a Call for Adoption for draft-huitema-dprive-dnsoquic > > The draft is available here: > https://datatracker.ietf.org/doc/draft-huitema-dprive-dnsoquic/ > > Please review this draft to see if you think it is suitable for adoption > by DPRIVE, and comments to the list, clearly stating your view. > > Please also indicate if you are willing to contribute text, review, etc. > > This call for adoption ends: 22 April 2020 > > Thanks, > tim/brian > > ___ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy > -- Benno J. Overeinder NLnet Labs https://www.nlnetlabs.nl/ ___ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy