IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: Malware adopting DoH

Ted Lemon <mellon@fugue.com> Sat, 14 September 2019 16:15 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC3DA12006F for <add@ietfa.amsl.com>; Sat, 14 Sep 2019 09:15:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pWE97_R4F9U1 for <add@ietfa.amsl.com>; Sat, 14 Sep 2019 09:15:05 -0700 (PDT)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10F2C12006D for <add@ietf.org>; Sat, 14 Sep 2019 09:15:05 -0700 (PDT)
Received: by mail-io1-xd30.google.com with SMTP id m11so69399669ioo.0 for <add@ietf.org>; Sat, 14 Sep 2019 09:15:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=4WryMwdYqxoIhYg2A0BP6VW7K1cncQ+dTajsfIM1eKI=; b=OK/UuEq6HOi9QdpLPLoPJWFPlbwPf8yf1WMs46hMFIEVTo2R/6EX/EP8gyRtGAoKzQ A64vIQldf84Ls/BwuxhVzby3ElI5D8ln9WumK7zAQYotxzoVqZJcI0qcKG5JFDzPuAN7 1hh1xRQwlhCzGqg85gi2AocY/mtXB3bGh0nmNTrxRPcU94SP2Ya0xL7B2TTwIbAoxoBW Z3QlqQBcOyTgDopKiUSlhArKKZ5Emmbk21UfNf6+y/+aas4Q/bb7do+UgNaMWxZAHSWH Olar90rjyFWtzTh94sr39gt2tBeG5ueHpp92Ytx88okCArbjRd5D2tGgs08xkGjnr8ob bQIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=4WryMwdYqxoIhYg2A0BP6VW7K1cncQ+dTajsfIM1eKI=; b=JjJh16F3gLAcue+o0Zc8b8LLVdkvgA9O5Zl/enS4QURmeIKM2RImmpeeSY7ealveAs TkamH2pSxJIOYOIf2kPdduIzrVaWMgyV3dE5jO4pViXbKVDuR+ienTMUBjqiZZdXJKZP C9GIG1r5Zbv+Zu2WNOohjGNJhL38svv4Jar1ZwSBAghCbACy+6ybGWXlPZxyAI2y0w8v Fr2w0Nra5hcKJJfFrwF2AYaSkrxYlncqdrvC2JaeOBAFW3+Sn2rdJrFRUE0MXFllrCRn VhYdjQAjDMGiCauZlXa8nFNVkxsFcFOS1a/2gptev2/Hdv5y17ejEL4KmPjFcAE8PcWD 0w6w==
X-Gm-Message-State: APjAAAWBBFm8bMAP+2W4ETDf8w+dJPMk6ZDJP8sbwcRMpVg90Uh4RbtV iXiecQJUvR1CDJTIz/IBEbDUg1+YOM8=
X-Google-Smtp-Source: APXvYqyRM9tychdpY2JKOdyL+1ELNxebbpe8dzKSHnpetRDAVO1GPns4fb8TGdLAoEPuwDhUUDpegQ==
X-Received: by 2002:a5d:9856:: with SMTP id p22mr6749193ios.231.1568477704254; Sat, 14 Sep 2019 09:15:04 -0700 (PDT)
Received: from [172.20.2.181] (hiltonsuites53.h.subnet.rcn.com. [207.229.133.180]) by smtp.gmail.com with ESMTPSA id z17sm22764942iog.51.2019.09.14.09.15.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Sep 2019 09:15:03 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <2970473C-046A-4FD0-AD01-66DAD3A18B4F@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2E42F70D-A3DF-428D-99C8-8EC2587618D6"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3594.4.5\))
Date: Sat, 14 Sep 2019 11:15:02 -0500
In-Reply-To: <21edfaff-8741-4f4f-a3d4-1aa88ede6935@getmailbird.com>
Cc: add@ietf.org
To: Robert Mortimer <robm=40scramworks.net@dmarc.ietf.org>
References: <66DC417B-23BC-4AF7-916B-5BAE7E5D9635@sky.uk> <ED3464BD-37A7-4B6F-8327-508B0CB76A3E@fugue.com> <21edfaff-8741-4f4f-a3d4-1aa88ede6935@getmailbird.com>
X-Mailer: Apple Mail (2.3594.4.5)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/8IvxvC0rP1OTFUd1RCBMB0DjwNw>
X-Mailman-Approved-At: Sun, 15 Sep 2019 05:43:14 -0700
Subject: Re: [Add] [EXTERNAL] Re: Malware adopting DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2019 16:15:07 -0000

On Sep 14, 2019, at 5:16 AM, Robert Mortimer <robm=40scramworks.net@dmarc.ietf.org> wrote:
> If google or any other TRR DoH provider start blocking malware by default surely that is filtering DNS which is the very problem that DoH is claiming to be solving?

The argument for DoH is that you can 
reliably know who operates the resolver you are talking to
know what the terms of service are
choose your provider based on their terms of service
not be forced to accept whatever terms service provider through which you are connecting at the moment insists upon, possibly with out telling you

v2.23.0 | Report a Bug | By Email