Re: [Fwd: Re: request for info: unbound via https / tls]

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [Fwd: Re: request for info: unbound via https / tls]
Date: Mon, 10 Dec 2018 00:21:03 +0000	[thread overview]
Message-ID: <B67AE78C-1139-483E-A47D-4F9576CC0CEC@ipfire.org> (raw)
In-Reply-To: <1a6da97b7616f5d73650ad6ed6f89a2cc8d2775c.camel@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 2312 bytes --]

Hi,

> On 5 Dec 2018, at 07:35, ummeegge <ummeegge(a)ipfire.org> wrote:
> 
> Hello Peter,
> and thanks for your response.
> 
> Am Dienstag, den 04.12.2018, 17:19 +0100 schrieb Peter Müller:
>> I am pretty sure there is still huge interest in adding DoT support
>> to
>> IPFire - in my point of view, yesterdays telephone conference showed
>> this again.
>> 
> Good to here. Wanted to be part of the last conference but my jobsite
> have had other plans.
> 
>> Our problem seems to be a lack of coordination: You are developing
>> pretty much (OpenSSL 1.1.1 comes to my mind), which is simply great.
> I do not really see a lack of coordination here or are somebody else
> working on DoT currently ? 
> OpenSSL-1.1.1 might be a good/important
> addition to DoT --> 
> 
> https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-02
> --> https://blog.cloudflare.com/encrypted-sni/ which brings also some 
> other interesting side affects --> 
> https://www.dnsthingy.com/2018/10/encrypted-sni-death-blow-to-transparent-filtering/ 
> ...
> 
>> I can only speak for myself here, but do not have any overview about
>> what these are in detail. :-)
>> 
> Not 100% sure what you mean, are you mean an overview of other projects
> which i am currently working one ?
> 
> 
>> Maybe joining a telco might help (nudge, nudge). :-)
>> 
> I hear you :D .
> Looking forward for more_action/more_people or in general for more
> response/help in this topic.

I am not sure what you are looking for. But I just wanted to say that I am following this conversation.

So far I think that there are indeed many people interested in DoT. However, I have not received any feedback on what I was mailing before.

I think what is best now is to get this into small patches. What needs to be done to get this UI ready so that people can add those DNS servers? What will the default behaviour be? How will we make sure that the system does not fall back (to unauthenticated DNS)?

I think that we can leave OpenSSL 1.1.1 aside for this for now, because it works perfectly fine with TLS 1.2. We should not mix multiple things together when they have no strict dependency (although I am really looking forward to see TLS 1.3 in IPFire soon).

Best,
-Michael

> Best,
> 
> Erik
>

next prev parent reply	other threads:[~2018-12-10  0:21 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1525184928.3530.13.camel@gmail.com>
2018-05-01 14:33 ` Paul Simmons
2018-05-01 14:40   ` Peter Müller
2018-05-01 17:16     ` Paul Simmons
2018-05-03 16:03       ` Michael Tremer
2018-12-02 19:10     ` ummeegge
2018-12-02 20:23       ` Paul Simmons
2018-12-04 14:01         ` ummeegge
2018-12-04 16:19           ` Peter Müller
2018-12-05  7:35             ` ummeegge
2018-12-09 20:08               ` ummeegge
2018-12-10  0:21                 ` Michael Tremer
2018-12-10 11:30                   ` ummeegge
2018-12-10  0:21               ` Michael Tremer [this message]
2018-12-10 12:14                 ` ummeegge
2018-12-10 12:32                   ` ummeegge
2018-12-10 13:26                     ` Michael Tremer
2018-12-10 14:37                       ` ummeegge
2018-12-11 19:22                         ` Michael Tremer
2018-12-11 19:43                           ` ummeegge
2018-12-11 19:54                             ` Michael Tremer
2018-12-12 13:42                               ` ummeegge
2018-12-12 15:25                                 ` Michael Tremer
2018-12-12 17:44                                   ` ummeegge
2018-12-13  6:52                                     ` ummeegge
2018-12-13 16:26                                       ` Michael Tremer
2018-12-10 13:37                   ` Michael Tremer
2018-12-11  2:01                   ` Paul Simmons
2018-12-11 20:09                     ` ummeegge

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=B67AE78C-1139-483E-A47D-4F9576CC0CEC@ipfire.org \
    --to=michael.tremer@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox