IETF Logo Mail Archive

Re: [Add] Mozilla's DoH resolver policy

Manabu Sonoda <manabu-s@iij.ad.jp> Thu, 11 April 2019 13:42 UTC

Return-Path: <manabu-s@iij.ad.jp>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD471202D3 for <add@ietfa.amsl.com>; Thu, 11 Apr 2019 06:42:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iij.ad.jp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FWmKbD8FcHHq for <add@ietfa.amsl.com>; Thu, 11 Apr 2019 06:42:08 -0700 (PDT)
Received: from omgo.iij.ad.jp (mo1500.iij.ad.jp [203.180.38.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D96A1202D1 for <add@ietf.org>; Thu, 11 Apr 2019 06:42:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iij.ad.jp; h=Date:From:To: Message-Id:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding;i= manabu-s@iij.ad.jp; s=omgo2; t=1554990126; x=1556199726; bh=GInTDs1Lbn/6sUueRMMq0 wChvi7Uqb6wtxwoSjbPR9M=; b=YJE79m3lQm1m+sg1B+rF44XKrswyk3X/ct4Mdbph8BoG4EWsUt9 Eyx8NmM7fpCobl6n8PomhQ/hgjxTrQM0uFeMNWP9Q95mITx5xRaZ0jYCAga43kx2BN/dyaQv01mmK s7b+FfFF2f3fO2Pcp9SienyWdta3ijVjzXqGXvpgbSpZQ/g5SyJ2QC7ZxDMTXPDojd9AxRntDEP5Z aJLkDgLe0pjRQFb4V6fp7gSyxfrgj5YPWFLQZjsa+d/fcTRUEESUN/TSphUcoF2F16ws59zWVrQ37 3nPDkj2FnrBrOx2YbA/B80ZVKgJpyagkCCfNlfHG8ABSx0VHerhi6suL9Kew==;
Received: by omgo.iij.ad.jp (of-mo1500) id x3BDg6gC025218; Thu, 11 Apr 2019 22:42:06 +0900
X-Iguazu-Qid: 33PugyMzGtv3g2mii8
X-Iguazu-QSIG: v=2; s=0; t=1554990126; q=33PugyMzGtv3g2mii8; m=JSYKPnztfDRI2y02Jj+wvXDQi0LNKE+4JbuGGhVW8G0=
Date: Thu, 11 Apr 2019 22:42:06 +0900
From: Manabu Sonoda <manabu-s@iij.ad.jp>
To: add@ietf.org
Message-Id: <370088565.0.1554990126264@laocoon.iiji.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Laocoon
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/FY7cx_fRPRycsMa8cX14k1XzZDc>
Subject: Re: [Add] Mozilla's DoH resolver policy
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 13:42:10 -0000

I read DOH-resolver-policy.
(https://wiki.mozilla.org/Security/DOH-resolver-policy)

I can't understand that not need DNSSEC Validation.
Why you define "TRUSTED" even though you don't know response is not trusted.
Mozilla will be validation  by client ? It welcome  !!

> 2. For any filtering that does occur under the above requirement,
> the party must maintain public documentation of all domains that are
> blocked and a log of when particular domains are added and removed from any blocklist.

I agree it if blocked reason are security, copyright, and no problem for public.
But I think MUST NOT publish domains if human rights are infringed.
(ex. child porn site domain..)


-- 
Manabu Sonoda <manabu-s@iij.ad.jp>
Internet Initiative Japan Inc.
DNSOPS.JP board

v2.23.0 | Report a Bug | By Email