IETF Logo Mail Archive

Re: [Add] Mozilla's DoH resolver policy

Daniel Stenberg <daniel@haxx.se> Thu, 11 April 2019 09:49 UTC

Return-Path: <daniel@haxx.se>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99FF31202B1 for <add@ietfa.amsl.com>; Thu, 11 Apr 2019 02:49:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UPQ7fjdcA6F8 for <add@ietfa.amsl.com>; Thu, 11 Apr 2019 02:49:48 -0700 (PDT)
Received: from giant.haxx.se (www.haxx.se [IPv6:2a00:1a28:1200:9::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65EE61201B2 for <add@ietf.org>; Thu, 11 Apr 2019 02:49:48 -0700 (PDT)
Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x3B9ngOJ016310 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 11 Apr 2019 11:49:42 +0200
Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x3B9nf2b016304; Thu, 11 Apr 2019 11:49:42 +0200
X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs
Date: Thu, 11 Apr 2019 11:49:41 +0200
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: Ralf Weber <dns@fl1ger.de>
cc: Valentin Gosu <valentin.gosu@gmail.com>, add@ietf.org, Martin Thomson <mt@lowentropy.net>
In-Reply-To: <ED802588-CD5D-4F80-914D-CA25EE234424@fl1ger.de>
Message-ID: <alpine.DEB.2.20.1904111144200.31156@tvnag.unkk.fr>
References: <297C80CE-F017-4F4A-80E2-79941E8B9E02@icann.org> <b64761dc-dfab-e4e1-4bfb-82d607efa590@riseup.net> <alpine.LRH.2.21.1904101324530.9940@bofh.nohats.ca> <64aeff58-6d68-4c4f-b991-2b2f62d193a0@www.fastmail.com> <90A5C5C4-373C-4B39-80C2-C115CD23CB4D@fl1ger.de> <CACQYfiJa1i2LVgQDcHi_OknmDDKZiaw=++Y6imn34LcPULP3bQ@mail.gmail.com> <E0CA1520-74D4-4A41-9B44-10946FAB4534@fl1ger.de> <CACQYfiKeh=FgmB9RN=eJ-2tq4jyTg55fep4au9SeGe3U5VkMBQ@mail.gmail.com> <ED802588-CD5D-4F80-914D-CA25EE234424@fl1ger.de>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/6FkmMLxURX9fI8bl6o2Md4XRpzI>
Subject: Re: [Add] Mozilla's DoH resolver policy
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 09:49:50 -0000

On Thu, 11 Apr 2019, Ralf Weber wrote:

>> To prevent disruptions to the user's browsing.
> Again why do you think it will get better asking unencrypted? It is a nice
> way to find out if someone is using DoH though ;-).

How about not discussing application specific design decisions?

I don't think anyone suggests it is better to ask unencryped, but when the DoH 
server you have configured slowly dies or get DoS'ed or whatever, users will 
appreciate a "way out". In this specific application being discussed, it has a 
soft-fail mode that works like this.

I'm convinced several of us would prefer switching to a different DoH server 
instead, or we even use the hard-fail mode.

The good thing here is that we can all write our own applications to work the 
way we want!

-- 

  / daniel.haxx.se

v2.23.0 | Report a Bug | By Email