From nobody Sun Dec  2 20:27:24 2018
Return-Path: <abbypan@gmail.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29BA9130DF7 for <dnssd@ietfa.amsl.com>; Sun,  2 Dec 2018 20:27:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level: 
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6oSCwetEcKVo for <dnssd@ietfa.amsl.com>; Sun,  2 Dec 2018 20:27:20 -0800 (PST)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 631FC130DFF for <dnssd@ietf.org>; Sun,  2 Dec 2018 20:27:20 -0800 (PST)
Received: by mail-ed1-x52d.google.com with SMTP id f23so9559987edb.3 for <dnssd@ietf.org>; Sun, 02 Dec 2018 20:27:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;  h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NyLZN03pO4ZpNaqCi7qmQi6TKRlmAb7mh0C6OqX/uPc=; b=uSrASibPEVxc4yaWPcXX8Zc7amscgCjfSIKqZCFN7YBYCT3PdE6RSL1NlNlpAnMvhk knmKLo4Di2pdf4H91rQ9ARnli2AwYn+1NWaKupYVmBcAec6PN46sv2OpTvcQYTK8smaI I45Mr9n6Uwx4NIA7rTFKWRmFJ7ApMyistZoK+Ot+yN/F5Zhmr3cCj0gY2JfbHbufiivK ic3pnra5LXEOoyasWCkRUPPx+qF9Pe3/Bv4GnT6oudo9wOF3FdN1T5QFuZ0fFpc52GHu D+QmwgTbPOd5JmT2OUs1YQYMf/gmx1Uo9sqbkdg8B+hC5BTzMmM7+SyJUWriovK+8q2Q HT0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NyLZN03pO4ZpNaqCi7qmQi6TKRlmAb7mh0C6OqX/uPc=; b=BTN6lLbA5uD3jasj1ssfrX0TufRWbDgL+w3J7HN6nFQFBZdu6IpLH9j6C+x9ExNIHu AYZcE19SDpnm6mpq2WM7XNyESnxL501Que2zqxHtc+kavQdtCI2V0/gwtYfw0Sn30cPZ Trc0NeOZovf0MkXo8vmEKHmIVwbxDsa1DWeU803h1/2mcUOYZoOuMtu1VartLX+wxy1K NnEBV3zIfR8fJkgbtCc8sO1GWBbHTaglpYz/Jgs9+7nAEntaivFoOujOIphu3x23RqGE xA+6Z/2SajtzOPA7YAMkNCLzFKjAxEmqiUxbETxeEGN9Vit1jDhCfpIwh9hW7kSEeDpi 0qJQ==
X-Gm-Message-State: AA+aEWbiz6Rpr85sDQCKj0LIJHAHaOW4jcDJQZMfCw0uXbrKGD+wNFCx XGp2VZhkUPlof3vLEmo0L1fP2fBMxm1e6FB6iox/6w==
X-Google-Smtp-Source: AFSGD/U7k3BrbbMV91/Qk59VUYMKGB0Q4xRG7m9sAgEc8wNv0bxMUEw2cgJo7RXSQqT1qwT6w55SyUvx4gyDx0BZKAk=
X-Received: by 2002:a17:906:b799:: with SMTP id dt25-v6mr11854337ejb.217.1543811238846;  Sun, 02 Dec 2018 20:27:18 -0800 (PST)
MIME-Version: 1.0
References: <48bc4612-018e-7aac-6492-05657c466313@huitema.net> <CANLjSvXkQS3hGYCHoXu-jNP0Hvad02XBw4AsPMwTM02BvQkKKQ@mail.gmail.com> <0f32e79a-447a-f308-4888-4037a41716dd@huitema.net>
In-Reply-To: <0f32e79a-447a-f308-4888-4037a41716dd@huitema.net>
From: Lanlan Pan <abbypan@gmail.com>
Date: Mon, 3 Dec 2018 11:25:28 +0700
Message-ID: <CANLjSvVHwjnYXeNkb59r1h5VbrfTyfpXo2OFJjhqqmJ3iipg+Q@mail.gmail.com>
To: Christian Huitema <huitema@huitema.net>
Cc: dnssd <dnssd@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007de756057c16908c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/G3xXWn_P0mz2nw2TBKAYj_rCz3E>
Subject: Re: [dnssd] Next steps for privacy discovery
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Dec 2018 04:27:23 -0000

--0000000000007de756057c16908c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Christian Huitema <huitema@huitema.net>=E4=BA=8E2018=E5=B9=B410=E6=9C=8830=
=E6=97=A5=E5=91=A8=E4=BA=8C =E4=B8=8A=E5=8D=881:21=E5=86=99=E9=81=93=EF=BC=
=9A

>
>
> On 10/28/2018 6:48 PM, Lanlan Pan wrote:
>
> Christian Huitema <huitema@huitema.net>=E4=BA=8E2018=E5=B9=B410=E6=9C=882=
6=E6=97=A5=E5=91=A8=E4=BA=94 =E4=B8=8B=E5=8D=883:09=E5=86=99=E9=81=93=EF=BC=
=9A
>
> ...
>
>
>>
>> 4) If we kept the current "two phase" structure, use a TLS protocol
>> extension to demonstrate knowledge of the server's public key in the
>> client hello. I think we can build on the work done for SNI encryption,
>> which would fit quite well.
>>
>
> I wonder if we could consider about use tls psk (pre-shared key) ?
> server can assign different key to different client.
>
>
> That's what we were specifying in the current privacy draft. There are tw=
o
> issues. The first one is that if you use TLS-PSK, the Client Hello must
> include a key identifier. If there is a different key for each client, th=
e
> key identifier could become a client identifier. We solved that  by using=
 a
> "predictable nonce" for key identifier.
>
Thanks christian, I get it.

> The second issue is of course that assigning different keys to different
> clients requires extra management at the server, something that is not
> needed in the "private public key" class of solutions.
>
Will the "private public key"  be refresh in period ? How can the clients
get the key ?

>
>
> -- Christian Huitema
>
--=20
=E8=87=B4=E7=A4=BC  Best Regards

=E6=BD=98=E8=93=9D=E5=85=B0  Pan Lanlan

--0000000000007de756057c16908c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><br><div class=3D"gmail_quote"><div dir=3D"ltr">Christ=
ian Huitema &lt;<a href=3D"mailto:huitema@huitema.net">huitema@huitema.net<=
/a>&gt;=E4=BA=8E2018=E5=B9=B410=E6=9C=8830=E6=97=A5=E5=91=A8=E4=BA=8C =E4=
=B8=8A=E5=8D=881:21=E5=86=99=E9=81=93=EF=BC=9A<br></div><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex"><div text=3D"#000000" bgcolor=3D"#FFFFFF">
    <p><br>
    </p>
    <br>
    <div class=3D"m_7003139937819672426moz-cite-prefix">On 10/28/2018 6:48 =
PM, Lanlan Pan
      wrote:<br>
    </div>
    </div><div text=3D"#000000" bgcolor=3D"#FFFFFF"><blockquote type=3D"cit=
e"><div dir=3D"ltr"><div class=3D"gmail_quote">
          <div dir=3D"ltr">Christian Huitema &lt;<a href=3D"mailto:huitema@=
huitema.net" target=3D"_blank">huitema@huitema.net</a>&gt;=E4=BA=8E2018=E5=
=B9=B410=E6=9C=8826=E6=97=A5=E5=91=A8=E4=BA=94
            =E4=B8=8B=E5=8D=883:09=E5=86=99=E9=81=93=EF=BC=9A<br>
          </div>
          </div></div></blockquote></div><div text=3D"#000000" bgcolor=3D"#=
FFFFFF"><blockquote type=3D"cite"><div dir=3D"ltr"><div class=3D"gmail_quot=
e"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left=
:1px #ccc solid;padding-left:1ex">...</blockquote></div></div></blockquote>=
</div><div text=3D"#000000" bgcolor=3D"#FFFFFF"><blockquote type=3D"cite"><=
div dir=3D"ltr"><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote=
" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><=
br>
            <br>
            4) If we kept the current &quot;two phase&quot; structure, use =
a TLS
            protocol<br>
            extension to demonstrate knowledge of the server&#39;s public
            key in the<br>
            client hello. I think we can build on the work done for SNI
            encryption,<br>
            which would fit quite well.<br>
          </blockquote></div></div></blockquote></div><div text=3D"#000000"=
 bgcolor=3D"#FFFFFF"><blockquote type=3D"cite"><div dir=3D"ltr"><div class=
=3D"gmail_quote">
          <div><br>
          </div>
          <div>I wonder if we could consider about use <span class=3D"m_700=
3139937819672426inbox-inbox-st">tls psk (pre-shared key) ?=C2=A0 server
              can assign different key to different client.</span><br>
          </div>
        </div></div></blockquote></div><div text=3D"#000000" bgcolor=3D"#FF=
FFFF"><blockquote type=3D"cite"><div dir=3D"ltr"><div class=3D"gmail_quote"=
></div>
      </div>
    </blockquote>
    <br>
    That&#39;s what we were specifying in the current privacy draft. There
    are two issues. The first one is that if you use TLS-PSK, the Client
    Hello must include a key identifier. If there is a different key for
    each client, the key identifier could become a client identifier. We
    solved that=C2=A0 by using a &quot;predictable nonce&quot; for key iden=
tifier. </div></blockquote><div>Thanks christian, I get it. <br></div><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #cc=
c solid;padding-left:1ex"><div text=3D"#000000" bgcolor=3D"#FFFFFF">The
    second issue is of course that assigning different keys to different
    clients requires extra management at the server, something that is
    not needed in the &quot;private public key&quot; class of solutions.</d=
iv></blockquote><div>Will the &quot;private public key&quot;=C2=A0 be refre=
sh in period ? How can the clients get the key ?<br></div><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex"><div text=3D"#000000" bgcolor=3D"#FFFFFF"><br>
    <br>
    -- Christian Huitema<br>
  </div></blockquote></div></div>-- <br><div dir=3D"ltr" class=3D"gmail_sig=
nature" data-smartmail=3D"gmail_signature"><div dir=3D"ltr">=E8=87=B4=E7=A4=
=BC=C2=A0 Best Regards<br><br>=E6=BD=98=E8=93=9D=E5=85=B0=C2=A0 Pan Lanlan<=
br></div></div>

--0000000000007de756057c16908c--


From nobody Thu Dec 20 14:45:18 2018
Return-Path: <session-request@ietf.org>
X-Original-To: dnssd@ietf.org
Delivered-To: dnssd@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 72CB2131258; Thu, 20 Dec 2018 14:45:14 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: IETF Meeting Session Request Tool <session-request@ietf.org>
To: <session-request@ietf.org>
Cc: dschinazi.ietf@gmail.com, dnssd@ietf.org, dnssd-chairs@ietf.org, terry.manderson@icann.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.89.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154534591443.19067.4522305423126376112.idtracker@ietfa.amsl.com>
Date: Thu, 20 Dec 2018 14:45:14 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/5VmilsCGa0YCYZ6CdUvPEtww7S0>
Subject: [dnssd] dnssd - New Meeting Session Request for IETF 104
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Dec 2018 22:45:14 -0000

A new meeting session request has just been submitted by David Schinazi, a Chair of the dnssd working group.


---------------------------------------------------------
Working Group Name: Extensions for Scalable DNS Service Discovery
Area Name: Internet Area
Session Requester: David Schinazi

Number of Sessions: 1
Length of Session(s):  2 Hours
Number of Attendees: 75
Conflicts to Avoid: 
 First Priority: 6man dnsop doh dprive homenet quic mls core anima babel
 Second Priority: ipsecme intarea v6ops



People who must be present:
  Terry Manderson
  Barbara Stark
  David Schinazi

Resources Requested:

Special Requests:
  
---------------------------------------------------------