Re: [Add] Mozilla's DoH resolver policy
"Martin Thomson" <mt@lowentropy.net> Thu, 11 April 2019 03:12 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E83431201AC for <add@ietfa.amsl.com>; Wed, 10 Apr 2019 20:12:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=CJLy6ABz; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=rLz55eDu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bo4ipMZUevRb for <add@ietfa.amsl.com>; Wed, 10 Apr 2019 20:12:04 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 502841201A9 for <add@ietf.org>; Wed, 10 Apr 2019 20:12:04 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 7CD0F2129D for <add@ietf.org>; Wed, 10 Apr 2019 23:12:03 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Wed, 10 Apr 2019 23:12:03 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=d8+X9/i/k4/RAqECeLsCE1wbLGHljIo X3ZnLAWX0jL8=; b=CJLy6ABz7JxbE+/6KlgRRdJXhvtYqiPQqwUl5BovPp45mcU khB1oxm1fOFjczss/z/cvYFf+risaj0Xm0PNUzmjIebbxxINkRkTJAfGPULPCgeB 40k7Ttzm83SRDPK1JO5vMgG/YWAeZ1p+UFx0QcSDRMFOilmDFogE/KFC7oWNUVWL Z/+ni5W4DHFPu+6KuuEQpe1WsHFAwKV0swUaHYmu2TUXMndoaMZin/33KocrGN08 dnanal5tXP3yMSztXllo/6F8z+/JlaaFzHhILNw602ftuuL4+nbxdnNVVv6pcaSa ffJive0A4ZNY2LgTwaXEnbMYkS3EIRfTmdeXCaQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=d8+X9/ i/k4/RAqECeLsCE1wbLGHljIoX3ZnLAWX0jL8=; b=rLz55eDuoYgXFJXz/WKvfQ W2VIvsL8ynh6odFmevvKTPS1ZEwwgdyLOCrnBf9U24hypu0Crr68vGgZGnhrFCu8 PY9wIEU76TF2luOBRkHUOm2pDIj4j40+0ZV7nNdiYu7X95/pkpm8KTDidMF/ofri 2dsCBF3Wewm0E1/9w3BzwihNTReI1rBmPgcgkGE6JuTu8WSu6yJ229jp2hSmvz3r JTCqZYogCfaYgfAY4SMqVq2i+7CagM8P7K7EB4UavwuKJf3rMJvpaQqLJIGQ2Pvw ryWgkWlnYVPZQxUTHycIJXyLsJo3du1nJ0p0tPsJ4is9jH4O8c7GpQ1oOGhFvPlA ==
X-ME-Sender: <xms:g7CuXCO8qEApIcM2fskjFlYtX8E_5qWoh4dj6cQ17q94_bh5KkQNUw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrudekgdeiudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecuffhomhgrihhnpehmohiiihhllhgrrdhorhhgnecurf grrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvghtnecuvehl uhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:g7CuXB4LXCfbplh1aYoe_vVjpOqmu89-NwZnKbuiQm3qniZ4RYxfMA> <xmx:g7CuXJm1gpbxcc48Ovd3OHypt8cnnGT7nYUoLkKuTvmEzyPSJCHl-Q> <xmx:g7CuXBKSXEkZk450re0E4-f6DDQOmCeb62faz6c2i0QcFWE_w-PzjQ> <xmx:g7CuXPaQ-fCxKjsoG621Syj4Iox8eP_dWEdgK1_ozcn9PnpjDyXgrg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3804B7C130; Wed, 10 Apr 2019 23:12:03 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-329-gf4aae99-fmstable-20190329v1
Mime-Version: 1.0
X-Me-Personality: 92534000
Message-Id: <64aeff58-6d68-4c4f-b991-2b2f62d193a0@www.fastmail.com>
In-Reply-To: <alpine.LRH.2.21.1904101324530.9940@bofh.nohats.ca>
References: <297C80CE-F017-4F4A-80E2-79941E8B9E02@icann.org> <b64761dc-dfab-e4e1-4bfb-82d607efa590@riseup.net> <alpine.LRH.2.21.1904101324530.9940@bofh.nohats.ca>
Date: Wed, 10 Apr 2019 23:12:06 -0400
From: Martin Thomson <mt@lowentropy.net>
To: add@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/HzpOrG02kWGQbbRP77usBHSNdJY>
Subject: Re: [Add] Mozilla's DoH resolver policy
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 03:12:06 -0000
On Thu, Apr 11, 2019, at 03:27, Paul Wouters wrote: > On Wed, 10 Apr 2019, nusenu wrote: > > > Paul Hoffman wrote: > >> Of likely interest to this group: > >> https://wiki.mozilla.org/Security/DOH-resolver-policy > > > > I'm surprised they don't include DNSSEC in their requirements > > for DoH server operators aiming to join their TRR program > > Same here, although one can argue DNSSEC is just core standard DNS so > they do not need to mention it. Where as query minimalization is still > fairly new. We don't believe that DNSSEC is essential to our primary goals, which are improving privacy of browsing activity. As a browser, we can't condition our behaviour on whether DNSSEC was present and valid for a variety of reasons (some of which we might discuss separately), but we do value resolvers that perform DNSSEC validation. Requiring query minimization is in keeping with the privacy goal, whereas DNSSEC requirements would expand the scope more than we were comfortable with.
- [Add] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Martin Thomson
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Jim Reid
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Manabu Sonoda
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Ray Bellis
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Daniel Stenberg
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] [Ext] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] [Ext] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] [Ext] Mozilla's DoH resolver policy Brian Dickson
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] Mozilla's DoH resolver policy Mark Andrews
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Salz, Rich
- Re: [Add] Mozilla's DoH resolver policy Ben Schwartz
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Geoff Huston
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] ECS privacy concerns, alternatives? Erik Nygren
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Paul Hoffman
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Hollenbeck, Scott
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] ECS privacy concerns, alternatives? Puneet Sood
- Re: [Add] ECS privacy concerns, alternatives? Erik Kline
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson