Re: [dns-privacy] [Ext] Erik Kline's No Objection on draft-ietf-dprive-unilateral-probing-12: (with COMMENT)

> > ### S4.6.3 or S8 > > > > * I think a very important caveat here is when a node running its own > > recursive resolver has just joined a network and not yet completed any > > captive portal probes. Initiating encrypted transport connections prior > > to satisfying the captive portal testing

[dns-privacy] Erik Kline's No Objection on draft-ietf-dprive-unilateral-probing-12: (with COMMENT)

Erik Kline has entered the following ballot position for draft-ietf-dprive-unilateral-probing-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please

[dns-privacy] Erik Kline's Yes on draft-ietf-dprive-dnsoquic-10: (with COMMENT)

Erik Kline has entered the following ballot position for draft-ietf-dprive-dnsoquic-10: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https

Re: [dns-privacy] Erik Kline's Yes on draft-ietf-dprive-xfr-over-tls-11: (with COMMENT)

Sara, Thanks very much! (After listening to Allison's talk at DNS OARC 35 tonight, I wonder if there should be an appendix section with the pronunciation guideline that "XoT" is pronounced "zot". ;-) ) ___ dns-privacy mailing list dns-privacy@ietf.org

Re: [dns-privacy] Martin Duke's Discuss on draft-ietf-dprive-xfr-over-tls-11: (with DISCUSS and COMMENT)

g/arch/msg/tls-reg-review/JHoSPXIITFZx43PePWu2Kw-yAOs/ > et seq. > > -Ben > > On Tue, May 04, 2021 at 09:33:03PM -0700, Erik Kline wrote: > > When I went to go find where the "dot" ALPN came from I couldn't find it > > easily. > > > > The IANA reg

Re: [dns-privacy] Martin Duke's Discuss on draft-ietf-dprive-xfr-over-tls-11: (with DISCUSS and COMMENT)

When I went to go find where the "dot" ALPN came from I couldn't find it easily. The IANA registry said 7858, but when we did DoT for Android I didn't remember any ALPN text, and I couldn't find it in 7858. Nor could I find it in 8310. Perhaps I just wasn't paying close enough attention. ___

[dns-privacy] Erik Kline's Yes on draft-ietf-dprive-xfr-over-tls-11: (with COMMENT)

Erik Kline has entered the following ballot position for draft-ietf-dprive-xfr-over-tls-11: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https

Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

On Tue, Mar 30, 2021 at 5:33 PM Stephen Farrell wrote: > > Hiya, > > On 31/03/2021 01:24, Eric Rescorla wrote: > > As I said earlier, this seems overly conservative given our experience > with > > large scale TLS-based services. > > For the root servers, I don't get why QNAME minimisation > isn't

Re: [dns-privacy] Root Server Operators Statement on DNS Encryption

On Tue, Mar 30, 2021 at 5:01 PM Rob Sayre wrote: > On Tue, Mar 30, 2021 at 7:49 AM Hollenbeck, Scott 40verisign@dmarc.ietf.org> wrote: > >> This is worth reading: >> >> https://root-servers.org/media/news/Statement_on_DNS_Encryption.pdf > > > I am not sure I agree it is worth reading. > > Wh

[dns-privacy] Erik Kline's Yes on draft-ietf-dprive-rfc7626-bis-06: (with COMMENT)

Erik Kline has entered the following ballot position for draft-ietf-dprive-rfc7626-bis-06: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https

Re: [dns-privacy] Operating System API support for DNS security policy

On Tue, 20 Aug 2019 at 03:13, Iain Sharp wrote: > Thanks for the informative replies. > > The use cases I was thinking of are similar to those outlined by Bob and > Stephen. Hypothetically, there might also be scenarios where the > application wishes the DNS to be done without security (e.g. for

Re: [dns-privacy] Fwd: New Version Notification for draft-peterson-dot-dhcp-00.txt

On Tue, 7 May 2019 at 14:07, Thomas Peterson wrote: > If a mechanism that facilitates certificate validation is important then > the only two options I believe we have are: > > A: Providing a host name only within the option, and expect clients to > use Do53 to resolve it, performing host name va

Re: [dns-privacy] DoT between recursive and authoritative pilot

On Thu, 27 Dec 2018 at 08:33, Stephane Bortzmeyer wrote: > On Fri, Dec 21, 2018 at 06:59:43PM -0800, > manu tman wrote > a message of 43 lines which said: > > > As some you already know, Cloudflare and Facebook have been running a > pilot > > on using DoT between Cloudflare DNS and Facebook au

Re: [dns-privacy] Maybe a new URI scheme dnss: ?

On 13 April 2018 at 02:23, Paul Hoffman wrote: > On 12 Apr 2018, at 9:59, Brian Haberman wrote: > >> Erik Kline posted about this about a month ago on this list. In general, >> I think this appears to have some interest behind it. > > > Gh, I can't believe I

Re: [dns-privacy] Potential re-charter text

Charter 2.1 looks fine to me. On 5 April 2018 at 12:44, Brian Haberman wrote: > Tim & I are still looking for feedback on this updated charter. Please > chime in or we will have to close the WG down. > > Brian > > > On 3/21/18 9:44 AM, Brian Haberman wrote: >> Slightly updated text to capture a m

[dns-privacy] representation of DNS transport in use?

I'm expecting to die a thousand deaths for this question, but... TL;DR: Should we have some kind of URI schemes for encrypted DNS protocols (i.e. identifying the transport)? -- The motivation for this comes from working on adding DNS-over-TLS support into Android. Background: an app can always