IETF Logo Mail Archive

Re: [Add] Firefox DoH behaviour

Eric Rescorla <ekr@rtfm.com> Tue, 16 July 2019 17:56 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4D11120BEA for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 10:56:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8JUynBqgkjIe for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 10:56:16 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65E6C120BF1 for <add@ietf.org>; Tue, 16 Jul 2019 10:55:59 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id v18so20835891ljh.6 for <add@ietf.org>; Tue, 16 Jul 2019 10:55:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mgo5ZcT1OjGFoaPzg+DaqdacZKYDDx9krqZ2cXg61EU=; b=JlE7qoTqQDmCSYmKW67t/La+STUoYpaTX3MzrmLNruG6kVWbuBiEj5snW/FwW1PWAA IANJMuY/sHK7N3OI9/v/ipDk3QoPOKbxMADPfCQ/Huz4UJVHpM1so1GANis6O5yHANgI NaJMXo0Cf/rCPzKEUg3aWqrv359VtwqJLsVY+iCSwvjTLHnlLjhPnlF+Is3qAY446vBl xWUlmZaea/yflLHoZfBPD4LyEJ/RJV5WX1n265AWsnt6sV8JgIOpSEOWpN+ebymDtRmK 3YaFNboViu+VViCnNO4Nf1Wd7IIeGKtYSnVc0bKUZYHbx8EGcaXXptRMZZOalEheHkqp LGkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mgo5ZcT1OjGFoaPzg+DaqdacZKYDDx9krqZ2cXg61EU=; b=o9X6Qfq8+UiD/n+giww4Lfyabr0mD9U0rnJ6KI+IoORBqpfDTfliuXiRuq0LpCSqNf J8njzhFNmS7C8ezpyUDTwCx0NoZ6Z/7GlJeWBgsZPNnHMFos9ufoIn0yQ8JpPM6EFrNN 7vs0daXLGMESZWVK2aNMNNrHkBO5lVV/UpeCr6CHm3/cqqNTjga+PyCW0OdVV5Yadgyh VsJNvgo4/tUDg6PHFTLwEhKTLzCKXVqykIB5uekiE7G4zft4paATS6vXu5ed5lg0URao pRWNOFUG3xAwsqk0EU4/H3IKlLcjrvDJvPYsUYGcgLxXfKyJISlFT/pGuIc4kkhAjgJB 8UlA==
X-Gm-Message-State: APjAAAXbfZ3sL0zDfxpwJzITW5e6dXUMk069PPryfIK4AEHLTO6bZHFR M2a3MpSJPJsVp7exBdFovCv+YzSy7PAC8oCk+S0BktUl
X-Google-Smtp-Source: APXvYqyFDiV6VjZlk22RFMx1ZruVE5enoykveDHGyYYfIzTGcanKk0zIX2Es6pK0mGEc2yMDIrrh5TSmIvoVqBzhZ9o=
X-Received: by 2002:a2e:96d0:: with SMTP id d16mr4439620ljj.14.1563299757496; Tue, 16 Jul 2019 10:55:57 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6SwEUz9MrdRA0bnv9f-oNi0oUHkfRKjd9-o6jwhuckLXdw@mail.gmail.com> <CAFWeb9LNdT=EYVKTsYDxcBCQKoQFNShKotYtWujt4U9GA-V1mg@mail.gmail.com> <CAFWeb9+eWKSKY9O2JLn9-0+Zq7hrD48F-y+Y4T-iRaaF0vtdOA@mail.gmail.com> <A45F4F74-D6C1-435A-A52F-C2DEA82E2999@sky.uk> <CAFWeb9JVBj+Yehup5q4v9X-7XDY+02frd-04AQGL2HoSLON2qA@mail.gmail.com> <CABcZeBMY9q9vKGse1svzbvXF_dSHA+9q06j4ugDVCZP9VT1koQ@mail.gmail.com> <CAChr6Sz5Rfz=UxOYuPguSvVK2HCX2ZoA1-FytW7+EOUxN8y46Q@mail.gmail.com> <CABcZeBNB7ASu2U3ZMBZ+OOxEhbSnhDXwFN3Lsex1uzVSDv3R=Q@mail.gmail.com> <c9c83673-c12e-0093-3873-0f2c03155fa5@brokendns.net> <CABcZeBP50XudcymGzTJP7XBZzBNw-SsVHFS07wJ++FxoHMHtNw@mail.gmail.com> <A1B73CC9-0A06-4D7D-8AF0-041AE5719B60@rfc1035.com>
In-Reply-To: <A1B73CC9-0A06-4D7D-8AF0-041AE5719B60@rfc1035.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 16 Jul 2019 10:55:20 -0700
Message-ID: <CABcZeBPo3Li6BTKzWiK+TCmQDOMs07rOTPuXUxiiofK5xgW8pw@mail.gmail.com>
To: Jim Reid <jim@rfc1035.com>
Cc: add@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b92f81058dd016ed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/4c-cA1rAy4ybKVWmh969RAxT41Y>
Subject: Re: [Add] Firefox DoH behaviour
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 17:56:19 -0000

Sorry, this was badly written. Here's an attempt to clarify:

if there is an enterprise policy that is set and it configures or enables
DoH, then when we will respect that. If there is an enterprise policy set
and it says nothing about DoH, then our plan is to disable DoH on the
theory that with high probability the enterprise would want DoH off.

When I refer to enterprise policy I mean:
https://support.mozilla.org/en-US/products/firefox-enterprise/policies-customization-enterprise/policies-overview-enterprise

-Ekr


On Tue, Jul 16, 2019 at 10:35 AM Jim Reid <jim@rfc1035.com> wrote:

>
>
> > On 16 Jul 2019, at 17:49, Eric Rescorla <ekr@rtfm.com> wrote:
> >
> > Firefox will disable DoH entirely if an enterprise policy is in place
> but it
> > doesn't otherwise configure DoH
>
> Could you provide more clarification? How will Firefox know if an
> enterprise policy is in place or what that policy is? If Firefox "doesn't
> otherwise configure DoH", does that mean DoH will always be disabled by
> default unless the end user deliberately and intentionally switches it on?
> Would DNS/DoH filtering policies at say an ISP or coffee shop be considered
> as an enterprise policy?
>
>

v2.23.0 | Report a Bug | By Email