Re: [DNSOP] [External] Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00

On Mon, Jul 15, 2019 at 8:52 PM Andy Grover wrote: > To speak more concretely, right now some existing filtering DNS > providers have ways for users to know if things are working as desired. > OpenDNS has internetbadguys.com for examplle, and other providers have > similar. These are useful, but

Re: [DNSOP] Fwd: [Add] new draft: draft-grover-add-policy-detection-00

On Mon, Jul 15, 2019 at 8:14 AM Paul Vixie wrote: > On Monday, 15 July 2019 02:17:04 UTC Rob Sayre wrote: > > On Sun, Jul 14, 2019 at 6:59 PM Paul Vixie wrote: > > > ... > > > > I'm surprised that you seem to view DoH as a problem. I mean, everyone > knows > > that TLS and IPSEC are compromised

Re: [DNSOP] [External] Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00

On 7/15/19 8:21 PM, Rob Sayre wrote: > Mozilla's intent is to deploy a set of trusted recursive resolvers, as > Ekr explained back in March on the DoH list: > > > And also to supply a domain name that disables everything? That's what > the draft does, right? Although the draft talks

Re: [DNSOP] [External] Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00

On Mon, Jul 15, 2019 at 10:18 AM Peter Saint-Andre wrote: > On 7/15/19 10:54 AM, Andrew M. Hettinger wrote: > > > Arguably there's actually a decrease in security over DoT as, rather > > then your network provider being the one who knows what DNS lookups > > you're doing, now some third party

Re: [DNSOP] Call for Adoptions: draft-lhotka-dnsop-iana-class-type-yang

On Jul 15, 2019, at 19:13, Tim Wicinski wrote: > Also, the current draft enumerates DLV > which needs to be removed. Can you explain this? I can understand a forthcoming clarification on the use of DLV that might make it ill-advised to publish such an RRType, but it's not obvious that a

[DNSOP] Agenda IETF105

Hi We posted an initial Agenda for DNSOP earlier today (thanks Benno!) which you can find here: https://datatracker.ietf.org/doc/agenda-105-dnsop/ Make sure we didn't forget someone who asked for a speaking slot. Also, for Presenters - you can save us from badgering you for slides by trying the

Re: [DNSOP] Call for Adoptions: draft-lhotka-dnsop-iana-class-type-yang

Also, the current draft enumerates DLV which needs to be removed. On Mon, Jul 15, 2019 at 5:36 PM Paul Wouters wrote: > > See also: https://marc.info/?l=ietf=154416657729620=2 > > An example of using IANA registries: > >

[DNSOP] The DNSOP WG has placed draft-lhotka-dnsop-iana-class-type-yang in state "Call For Adoption By WG Issued"

The DNSOP WG has placed draft-lhotka-dnsop-iana-class-type-yang in state Call For Adoption By WG Issued (entered by Benno Overeinder) The document is available at https://datatracker.ietf.org/doc/draft-lhotka-dnsop-iana-class-type-yang/ ___ DNSOP

Re: [DNSOP] Call for Adoptions: draft-lhotka-dnsop-iana-class-type-yang

See also: https://marc.info/?l=ietf=154416657729620=2 An example of using IANA registries: https://tools.ietf.org/html/draft-ietf-i2nsf-sdn-ipsec-flow-protection-05 eg: typedef encryption-algorithm-type { type uint32; description

Re: [DNSOP] Call for Adoptions: draft-lhotka-dnsop-iana-class-type-yang

On Mon, 15 Jul 2019, Benno Overeinder wrote: The draft YANG Types for DNS Classes and Resource Record Types, draft-lhotka-dnsop-iana-class-type-yang, has been presented at the IETF 103 and IETF 104. During the IETF 104 meeting, the authors asked for adoption by the DNSOP WG. The feedback from

[DNSOP] Call for Adoptions: draft-lhotka-dnsop-iana-class-type-yang

Dear DNSOP WG, The draft YANG Types for DNS Classes and Resource Record Types, draft-lhotka-dnsop-iana-class-type-yang, has been presented at the IETF 103 and IETF 104. During the IETF 104 meeting, the authors asked for adoption by the DNSOP WG. The feedback from the DNSOP WG room was positive

Re: [DNSOP] [External] Re: Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00

"DNSOP" wrote on 07/15/2019 12:18:15: > From: "Peter Saint-Andre" > To: "Andrew M. Hettinger" , "Rob Sayre" > > Cc: dnsop@ietf.org, "Paul Vixie" , "DNSOP" boun...@ietf.org> > Date: 07/15/2019 12:18 > Subject: [External] Re: [DNSOP] Re: Fwd: [Add] new draft: draft- >

Re: [DNSOP] [External] Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00

On 7/15/19 10:54 AM, Andrew M. Hettinger wrote: > Arguably there's actually a decrease in security over DoT as, rather > then your network provider being the one who knows what DNS lookups > you're doing, now some third party with whom you have no relationship. You, as a lone user, have zero

Re: [DNSOP] [External] Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00

"DNSOP" wrote on 07/14/2019 21:17:04: > From: "Rob Sayre" > To: "Paul Vixie" > Cc: dnsop@ietf.org > Date: 07/14/2019 21:17 > Subject: [External] Re: [DNSOP] Fwd: [Add] new draft: draft-grover- > add-policy-detection-00 > Sent by: "DNSOP" > > On Sun, Jul 14, 2019 at 6:59 PM Paul Vixie wrote:

Re: [DNSOP] draft-fujiwara-dnsop-avoid-fragmentation-00

Fujiwara-san, IHMO, as long as we use UDP, fragmentation is inevitable in heterogeneous IP network (“the internet”). We could avoid IP fragmentation as possible with some techniques, but should prepared for case which fragmentation is really needed. > o Full-service resolvers MAY drop

Re: [DNSOP] Fwd: [Add] new draft: draft-grover-add-policy-detection-00

On Monday, 15 July 2019 02:17:04 UTC Rob Sayre wrote: > On Sun, Jul 14, 2019 at 6:59 PM Paul Vixie wrote: > > ... > > I'm surprised that you seem to view DoH as a problem. I mean, everyone knows > that TLS and IPSEC are compromised by determined attackers, ... if you know a way that modern TLS

Re: [DNSOP] fragmentation itself (Re: FYI: draft-andrews-dnsop-defeat-frag-attack)

The chairs can work with kazunori on a Monday night discussion (okay, I'll sign up). On Mon, Jul 15, 2019 at 10:49 AM Paul Vixie wrote: > On Monday, 15 July 2019 13:35:33 UTC Tim Wicinski wrote: > > The chairs felt that fujiwara-san's draft was one that needed in person > > discussion in

Re: [DNSOP] fragmentation itself (Re: FYI: draft-andrews-dnsop-defeat-frag-attack)

On Monday, 15 July 2019 13:35:33 UTC Tim Wicinski wrote: > The chairs felt that fujiwara-san's draft was one that needed in person > discussion in Montreal. hopefully kazunori will suggest a bar bof for monday night. i leave tuesday morning and so will miss the WG meeting. my own concern is more

Re: [DNSOP] fragmentation itself (Re: FYI: draft-andrews-dnsop-defeat-frag-attack)

The chairs felt that fujiwara-san's draft was one that needed in person discussion in Montreal. Also, if folks did not see his presentation at OARC, here are the slides: https://indico.dns-oarc.net/event/31/contributions/692/attachments/660/1115/fujiwara-5.pdf Tim On Wed, Jul 10, 2019 at

Re: [DNSOP] [Add] new draft: draft-grover-add-policy-detection-00

On Jul 14, 2019, at 7:09 PM, Rob Sayre wrote: > Was DNS intentionally designed to be insecure? What’s your definition of “secure”? DNS had clear design elements for availability. DNSSEC added integrity. Confidentiality wasn’t a design goal. Regards, -drc signature.asc Description: Message

Re: [DNSOP] a CDN perspective on ANAME challenges

Hi Erik, Thanks for sharing this perspective. On 7/12/19 7:52 PM, Erik Nygren wrote: > One of the intended goals of ANAME is to improve interoperability of > onboarding onto CDNs for URLs at a zone apex, such as > “http(s)://example.com ”.   > > > The TL;DR is that ANAME is