Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00
Rob Sayre <sayrer@gmail.com> Tue, 16 July 2019 20:54 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9DE01200F9 for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 13:54:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02htG69zfbDD for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 13:54:15 -0700 (PDT)
Received: from mail-io1-xd42.google.com (mail-io1-xd42.google.com [IPv6:2607:f8b0:4864:20::d42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D4201200C1 for <add@ietf.org>; Tue, 16 Jul 2019 13:54:15 -0700 (PDT)
Received: by mail-io1-xd42.google.com with SMTP id i10so42176743iol.13 for <add@ietf.org>; Tue, 16 Jul 2019 13:54:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zr4jV+4myDLA/A3SFFn82CQqPPxVadG+ikcrH5rb7r4=; b=qXxQQe4D/Ia9M4/Q6vmMuhn8aBN47CLOh3gFqLeDBnTiRn4Rm0i5DTEdhIZFNXNyOf uMKkglGcFlrB8xVbt+XZNwbpLcBx5lRxxRKLL2Ip0k+Czv9sM1Dbn4Gj75EBO+uOcuj4 OhW4igRKPWbxc8FSnxaBwGmZm/X8D/8kHVMxmNYSPaURF0lQUU3u0e3GLyJDklXCVjrq g38+nTwCe7ffklZEG0t4G/zcwJrQXOlBlRt8s9JwGU5EHCPk/c9pbwgKtUGZIByLBxyb yjXa9tapC6Q7cRBYglGKq9KS6/AE5nM4vVpWVNOmNtrzKbKJyEopebBm+PIKH8N/zvNz x7Dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zr4jV+4myDLA/A3SFFn82CQqPPxVadG+ikcrH5rb7r4=; b=WeUkpEYN87gaPn/MibJbGTGJXslzk+mL5p7kSfVpnVwo4ZAu7jrv21NwcgP6Dl7hbc 17cdzW7fvbI5eiOQIzPFo0NYr4Y3VPD2ynDYMebV2T44w5WjTCW4DUCDR7P2n6ij0Ah+ Ls8f9huzUOYkOl48BiTYwwTbM+x8/Nzc7qBz9K6u54sMq2ItldpQuH/bIHc558ZfPnJl pG47KfLERd7orU+ScQhcbPLxkbzJSLnIMQRH8ap0RinJftpt+I/vAa6T9nGhRPIpaebA 7K83lsQ8r3iv03H0r4+67J+fR4/3r6CMH/Rzyzp0f8dNCWABKg5oNVJwWMLrzVrT6dRT vcRA==
X-Gm-Message-State: APjAAAVCXS3XpEn3WHueWVgbWQwj1SISWHdfiD/ARHNa6FIKjMe9Yhwh lKWuoU8FSjPEoGDOAGKZgoShzEnqFg/wILyu2dQ=
X-Google-Smtp-Source: APXvYqwVo4113DemUruwBKTADZAqQpXCGrcLKDes9YPRbjgvKNwbUysk4ZzzVzj4GvQAzZMr4r3MkUt+0e0M6167/dA=
X-Received: by 2002:a5e:d618:: with SMTP id w24mr32992626iom.73.1563310454227; Tue, 16 Jul 2019 13:54:14 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6SwEUz9MrdRA0bnv9f-oNi0oUHkfRKjd9-o6jwhuckLXdw@mail.gmail.com> <CAFWeb9LNdT=EYVKTsYDxcBCQKoQFNShKotYtWujt4U9GA-V1mg@mail.gmail.com> <CAFWeb9+eWKSKY9O2JLn9-0+Zq7hrD48F-y+Y4T-iRaaF0vtdOA@mail.gmail.com> <A45F4F74-D6C1-435A-A52F-C2DEA82E2999@sky.uk> <CAFWeb9JVBj+Yehup5q4v9X-7XDY+02frd-04AQGL2HoSLON2qA@mail.gmail.com> <CABcZeBMY9q9vKGse1svzbvXF_dSHA+9q06j4ugDVCZP9VT1koQ@mail.gmail.com> <CAChr6Sz5Rfz=UxOYuPguSvVK2HCX2ZoA1-FytW7+EOUxN8y46Q@mail.gmail.com> <CABcZeBNB7ASu2U3ZMBZ+OOxEhbSnhDXwFN3Lsex1uzVSDv3R=Q@mail.gmail.com> <CAChr6SwEwRRX7BA6ZCeBuC93hFxbfi3d7G_3G3VA7Lm09yuneg@mail.gmail.com> <CABcZeBNa97Vb6Fw-fMhoZnMezGtm3nJODENN4=XXsz7GWxf2Cg@mail.gmail.com> <CAChr6Sxm__NroZ92v4HL_6iCa62fwYgNw9r8ZDAxCdzVwNoDGw@mail.gmail.com> <CABcZeBMxQgDZJs3BQkb7xiN6Gm=joBqLmTnHCO+TMdKQyUepOg@mail.gmail.com> <CAChr6SxN+72tY6_6tw-TeBWeYh4XQr-VRip_2LQh3Mnsk85GPw@mail.gmail.com> <CABcZeBPNevTZDXXXuRS87+YpZ8xY+Y79inW2x0AmPL2Hd9xNmQ@mail.gmail.com> <CAChr6SwYv66zuxCQv0FOjuqqsLxmVL++bK37x9G1S24XUKVgYg@mail.gmail.com> <CABcZeBOXfR0a+j0KF0FZPt=9ahNE0JsqO4=tg6Dr80TcBi895A@mail.gmail.com> <CAChr6Sz06FsM_ongo=kVgn5AO3ziawijFqBCRkmjOBXheggh2A@mail.gmail.com> <CABcZeBM99i_rrq7NM2bdkKt+N8n3R8qAPv3yUgOpSkpd69a3=Q@mail.gmail.com>
In-Reply-To: <CABcZeBM99i_rrq7NM2bdkKt+N8n3R8qAPv3yUgOpSkpd69a3=Q@mail.gmail.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Tue, 16 Jul 2019 13:54:02 -0700
Message-ID: <CAChr6Swc87D5s2H0J8u3J=2tXguPbENQJkNvro=AUHHebEH_4w@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Alec Muffett <alec.muffett@gmail.com>, add@ietf.org, "Dixon, Hugh" <Hugh.Dixon@sky.uk>
Content-Type: multipart/alternative; boundary="0000000000004c4a9d058dd294c7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/BsLuTgS4NAlSFs5TfyAZkLw9Lms>
Subject: Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 20:54:17 -0000
On Tue, Jul 16, 2019 at 1:23 PM Eric Rescorla <ekr@rtfm.com> wrote: > > I'm not saying it does. I'm just trying to work through the entire > problem. What I'm arguing here is that absent external configuration (e.g., > DoH/TRR), there's no real way to get encrypted DNS that is secure against > active attack. > I'm not arguing against DoH--it's great. I think browsers should enable it, and then gradually start enforcing its use. I'm not sure what the best way to solve the bootstrapping problem is, but installing some initial name servers doesn't seem so bad. After all, it's already required that autocomplete resolves to the right search engine, the update server is the right one, etc. Of course, companies should be able install their own, etc. I can't square that with a feature that automatically disables DoH in the clear, as proposed. Bootstrapping secure DNS does change the power dynamics of the internet a little bit (but not really that much... see VPNs etc), so some people might get angry. thanks, Rob
- [Add] draft-grover-add-policy-detection-00 Rob Sayre
- Re: [Add] draft-grover-add-policy-detection-00 Andy Grover
- Re: [Add] draft-grover-add-policy-detection-00 Rob Sayre
- Re: [Add] draft-grover-add-policy-detection-00 Eric Rescorla
- Re: [Add] draft-grover-add-policy-detection-00 Rob Sayre
- Re: [Add] draft-grover-add-policy-detection-00 Eric Rescorla
- Re: [Add] draft-grover-add-policy-detection-00 Rob Sayre
- Re: [Add] draft-grover-add-policy-detection-00 Vittorio Bertola
- Re: [Add] draft-grover-add-policy-detection-00 Alec Muffett
- Re: [Add] draft-grover-add-policy-detection-00 Alec Muffett
- Re: [Add] draft-grover-add-policy-detection-00 Alec Muffett
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Dixon, Hugh
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Dixon, Hugh
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Alec Muffett
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Dixon, Hugh
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Tommy Jensen
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Michael Sinatra
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Jim Reid
- [Add] Firefox DoH behaviour Jim Reid
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Michael Sinatra
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] Firefox DoH behaviour Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Alec Muffett
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Michael Richardson
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Michael Sinatra
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: Firefox DoH behaviour Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Paul Ebersman
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: Firefox DoH behaviour Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Barry Greene
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Jim Reid
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Erik Kline
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Michael Sinatra
- Re: [Add] [EXTERNAL] Re: Firefox DoH behaviour Erik Kline
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… tirumal reddy
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Ted Hardie
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Neil Cook
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Ted Hardie
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Neil Cook
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Neil Cook
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Alec Muffett
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Neil Cook
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Eric Rescorla
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Alec Muffett
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Evan Hunt
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Paul Ebersman
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Paul Ebersman
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Brian Dickson
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Alec Muffett
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Paul Ebersman
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Ted Hardie
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Brian Dickson
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Ted Hardie
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Brian Dickson
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Alec Muffett
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Rob Sayre
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Ralf Weber
- Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-… Livingood, Jason