Ilari Liusvaara ilari.liusva...@elisanet.fi writes:
I'll update my position on WG adoption a bit:
I support adopting DNS-over-TLS but urges the WG to adopt DNS-over-DTLS
at the same time, and make consistency between them a requirement.
Having both with different TLS-related security
On Mon, Apr 27, 2015 at 05:15:32PM +0200, Simon Josefsson wrote:
Ilari Liusvaara ilari.liusva...@elisanet.fi writes:
- Does DNS-over-DTLS need some sort of channel identifier in queries
(taking place of the 5-tuple)? To deal with things like client IP
address/portrange changes or
On Thu, Apr 23, 2015 at 6:46 AM, Warren Kumari war...@kumari.net wrote:
On Wed, Apr 22, 2015 at 8:43 PM, Watson Ladd watsonbl...@gmail.com wrote:
I agree that DNSCurve is the best solution.
... which a: was not one of the options, b: is recursive to auth and
c: has not been written up in a
On Thu, Apr 23, 2015 at 10:44 AM, Watson Ladd watsonbl...@gmail.com wrote:
On Thu, Apr 23, 2015 at 6:46 AM, Warren Kumari war...@kumari.net wrote:
On Wed, Apr 22, 2015 at 8:43 PM, Watson Ladd watsonbl...@gmail.com wrote:
I agree that DNSCurve is the best solution.
... which a: was not one of
I agree that DNSCurve is the best solution.
I didn't say that. I believe DNSCurve and DNS-over-(D)TLS are somewhat
different, and which is best depends on what you appreciate.
DNS-over-(D)TLS is to me clearly the best answer for stub resolvers
talking to an iterative resolver, which appears to
On Wed, Apr 22, 2015 at 8:43 PM, Watson Ladd watsonbl...@gmail.com wrote:
I agree that DNSCurve is the best solution.
... which a: was not one of the options, b: is recursive to auth and
c: has not been written up in a draft and brought to the WG.
Please see the threads from October 2014 on
On 4/23/15 7:11 AM, Ilari Liusvaara wrote:
Also, it occurs to me that if there is NAT with non-sticky behaviour
with UDP DNS (UDP DNS might very well be special-cased), things are not
going to work at all without channel identifier (because the ports
change constantly).
Dunno if such
-Original Message-
From: Ilari Liusvaara [mailto:ilari.liusva...@elisanet.fi]
Sent: Thursday, April 23, 2015 4:41 PM
To: Tirumaleswar Reddy (tireddy)
Cc: Simon Josefsson; Watson Ladd; dns-privacy@ietf.org; Warren Kumari
Subject: Re: [dns-privacy] Call for Adoptions on the 3 documents
On Wed, Apr 15, 2015 at 09:08:44AM -0400,
Warren Kumari war...@kumari.net wrote
a message of 35 lines which said:
3) TLS for DNS: Initiation and Performance Considerations:
http://datatracker.ietf.org/doc/draft-hzhwm-dprive-start-tls-for-dns/
I think it should be adopted because:
* It
I didn’t mention this before but since you ask…
I wrote a DNS server from scratch as a DNS Hybrid Proxy (DNS-SD). It was UDP
only. I wanted to add TLS support so I first added TCP on the Thursday of IETF
in about 7 hours (no meetings I was interested in). Then I added TLS support on
top of TCP
I agree that DNSCurve is the best solution. Many of the proponents of
TLS based solution haven't adequately considered how this affects
anycast, DOS resistance, etc. Confidential-DNS can only be fixed by
essentially becoming DNSCurve.
It's clear that deployed, working solutions need to be
There are two sets of issues:
1) Discovery
2) Presentation
I suggest dividing the drafts into two parts and considering these
separately. DNS currently has two transports. The idea that all uses
can be addressed over TCP is currently unproven as far as the majority
of the stakeholders whose
[ Top-post ]
A reminder to please send over views.
We'd really really like a bunch more feedback - we have had many
discussions, and I *know* folk have views -- please express them!
W
On Wed, Apr 15, 2015 at 9:08 AM, Warren Kumari war...@kumari.net wrote:
Hi all,
So, the big day has finally
On Apr 15, 2015, at 9:08 AM, Warren Kumari war...@kumari.net wrote:
Hi all,
So, the big day has finally arrived -- we are initiating calls for
adoption on the three documents. http://i.imgur.com/SKX3P8J.gif
For *each* of the below documents, please **clearly** state if you
would
On Sun, Apr 19, 2015 at 07:38:18AM -0700, Paul Hoffman wrote:
[BJust to clarify: draft-hzhwm-dprive-start-tls-for-dns does not
propose to switch 100% of DNS to TCP. It only proposes switching the
traffic between stubs and recursives that agree to the new TCP-based
protocol.
Even that at
At Wed, 15 Apr 2015 09:08:44 -0400,
Warren Kumari war...@kumari.net wrote:
For *each* of the below documents, please **clearly** state if you
would like DPRIVE to adopt it, or if you think that it will be a
distraction / not helpful.
1) Confidential DNS:
On Apr 19, 2015, at 5:19 AM, Ralf Weber d...@fl1ger.de wrote:
On Fri, Apr 17, 2015 at 03:48:59PM -0700, manning wrote:
exercising line item veto…
I think #3 is ready to proceed. The other two suggest fundamental
changes to the DNS which need more thought.
I disagree. Switching DNS
exercising line item veto…
I think #3 is ready to proceed. The other two suggest fundamental changes to
the DNS which need more thought.
manning
bmann...@karoshi.com
PO Box 12317
Marina del Rey, CA 90295
310.322.8102
On 15April2015Wednesday, at 6:08, Warren Kumari war...@kumari.net
18 matches
Mail list logo