IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: WG Adoption Call draft-schwartz-add-ddr-forwarders

Vittorio Bertola <vittorio.bertola@open-xchange.com> Wed, 20 April 2022 09:05 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 702793A16F7 for <add@ietfa.amsl.com>; Wed, 20 Apr 2022 02:05:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a28g1aicPcbd for <add@ietfa.amsl.com>; Wed, 20 Apr 2022 02:05:38 -0700 (PDT)
Received: from mx3.open-xchange.com (mx3.open-xchange.com [87.191.57.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC5433A16F1 for <add@ietf.org>; Wed, 20 Apr 2022 02:05:37 -0700 (PDT)
Received: from imap.open-xchange.com (imap.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx3.open-xchange.com (Postfix) with ESMTPSA id 5109C6A0D7; Wed, 20 Apr 2022 11:05:34 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1650445534; bh=h3xuW5PNHb+12Nzo0gktah0GFtW1J+2ajws3IDSCTvg=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=j+HDC64W03KMhr/P/AG0+AT4/bTvv7cImXMDw9M1zQdfZMmHTG9Pak0B3OW8gtVQU guuV4h7wTJxQFnp7g0qVCL+OY2ChDR2jtWlwXtBmzdvCx7oV0F3D/eNAJ/aozTvjxa 1ymVj993QL8M9xBFAtaOZOHI2iYiEqHgIYeu53V02innVSWywQs/xG0dqVHcn1zEfo T9xsCp+1F0zcHXT+u2Xhhf+DnjJUaM5ew1/WrSuSVEMsAB53mf6oantDr4Z1UArE3B 1i4gt5edCNpqSFie5ZMZt2a7Jn/bnN17QhH7PjVKzbDb4MeHu2Pi5Mu2Ym8kkwqw7b 7J1Bq/MO+w1Hw==
Received: from appsuite-gw1.open-xchange.com ([10.20.28.81]) by imap.open-xchange.com with ESMTPSA id ODlSEd7MX2I4LQAA3c6Kzw (envelope-from <vittorio.bertola@open-xchange.com>); Wed, 20 Apr 2022 11:05:34 +0200
Date: Wed, 20 Apr 2022 11:05:34 +0200
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, "add@ietf.org" <add@ietf.org>
Cc: "Deen, Glenn" <Glenn_Deen=40comcast.com@dmarc.ietf.org>
Message-ID: <273738230.10947.1650445534230@appsuite-gw1.open-xchange.com>
In-Reply-To: <SA1PR00MB13129F9723867B537828E79FFAEE9@SA1PR00MB1312.namprd00.prod.outlook.com>
References: <9BE5F92B-4F58-46F7-9A55-A740E58DA2F8@comcast.com> <ABAB733A-743E-4E5C-9E71-104D9DF5E24F@apple.com> <SA1PR00MB13129F9723867B537828E79FFAEE9@SA1PR00MB1312.namprd00.prod.outlook.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_10945_525613165.1650445534217"
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.6-Rev12
X-Originating-Client: open-xchange-appsuite
Autocrypt: addr=vittorio.bertola@open-xchange.com; prefer-encrypt=mutual; keydata= mQENBFhFR+UBCACfoywFKBRfzasiiR9/6dwY36eLePXcdScumDMR8qoXvRS55QYDjp5bs+yMq41qWV9 xp/cqryY9jnvHbeF3TsE5yEazpD1dleRbkpElUBpPwXqkrSP8uXO9KkS9KoX6gdml6M4L+F82WpqYC1 uTzOE6HPmhmQ4cGSgoia2jolxAhRpzoYN99/BwpvoZeTSLP5K6yPlMPYkMev/uZlAkMMhelli9IN6yA yxcC0AeHSnOAcNKUr13yXyMlTyi1cdMJ4sk88zIbefxwg3PAtYjkz3wgvP96cNVwAgSt4+j/ZuVaENP pgVuM512m051j9SlspWDHtzrci5pBKKFsibnTelrABEBAAG0NUJlcnRvbGEsIFZpdHRvcmlvIDx2aXR 0b3Jpby5iZXJ0b2xhQG9wZW4teGNoYW5nZS5jb20+iQFABBMBAgAqBAsJCAcGFQoJCAsCBRYCAwEAAp 4BAhsDBYkSzAMABQMAAAAABYJYRUflAAoJEIU2cHmzj8qNaG0H/ROY+suCP86hoN+9RIV66Ej8b3sb8 UgwFJOJMupZfeb9yTIJwE4VQT5lTt146CcJJ5jvxD6FZn1Htw9y4/45pPAF7xLE066jg3OqRvzeWRZ3 IDUfJJIiM5YGk1xWxDqppSwhnKcMOuI72iioWxX0nGQrWxpnWJsjt08IEEwuYucDkul1PHsrLJbTd58 fiMKLVwag+IE1SPHOwkPF6arZQZIfB5ThtOZV+36Jn8Hok9XfeXWBVyPkiWCQYVX39QsIbr0JNR9kQy 4g2ZFexOcTe8Jo12jPRL7V8OqStdDes3cje9lWFLnX05nrfLuE0l0JKWEg8akN+McFXc+oV68h7nu5A Q0EWEVH5QEIAIDKanNBe1uRfk8AjLirflZO291VNkOAeUu+dIhecGnZeQW6htlDinlYOnXhtsY1mK9W PUu+xshDq7lXn2G0LxldYwyJYZaJtDgIKqVqwxfA34Lj27oqPuXwcvGhdCgt0SW/YcalRdAi0/AzUCu 5GSaj2kaGUSnBYYUP4szGJXjaK2psP5toQSCtx2pfSXQ6MaqPK9Zzy+D5xc6VWQRp/iRImodAcPf8fg JJvRyJ8Jla3lKWyvBBzJDg6MOf6Fts78bJSt23X0uPp93g7GgbYkuRMnFI4RGoTVkxjD/HBEJ0CNg22 hoHJondhmKnZVrHEluFuSnW0wBEIYomcPSPB+cAEQEAAYkBMQQYAQIAGwUCWEVH5QIbDAQLCQgHBhUK CQgLAgUJEswDAAAKCRCFNnB5s4/KjdO8B/wNpvWtOpLdotR/Xh4fu08Fd63nnNfbIGIETWsVi0Sbr8i E5duuGaaWIcMmUvgKe/BM0Fpj9X01Zjm90uoPrlVVuQWrf+vFlbalUYVZr51gl5UyUFHk+iAZCAA0WB rsmACKvuV1P7GuiX3UV9b59T9taYJxN3dNFuftrEuvsqHimFtlekUjUwoCekTJdncFusBhwz2OrKhHr WWrEsXkfh0+pURWYAlKlTxvXuI7gAfHEQM+6OnrWvXYtlhd0M1sBPnCjbyG63Qws7Rek9bEWKtH6dA6 dmT2FQT+g1S9Mdf0WkPTQNX0x24dm8IoHuD3KYwX7Svx43Xa17aZnXqUjtj1
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/MU6GhcGDhaJhcmuy5etFzGq-AXE>
Subject: Re: [Add] [EXTERNAL] Re: WG Adoption Call draft-schwartz-add-ddr-forwarders
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Apr 2022 09:05:43 -0000


> Il 15/04/2022 19:51 Tommy Jensen <jensen.thomas=40microsoft.com@dmarc.ietf.org> ha scritto:
> 
> We do not intend to implement this. We believe that simply using the network’s resolver without encryption would be better than the unverifiable upgrade alternative. However, I respect that others disagree and that it is within our charter to provide a solution for those who do want to take that trade-off.
I can't speak for either of the two groups so perhaps I am wrong, but I think that this should be the subject of a frank discussion between browser makers and ISPs. It may be that some ISPs want "unverified DDR" because they think the opposite of the above, i.e. that DoH via unverified DDR is more secure for their customers than unencrypted DNS on the local network, but it may be that they want it because they think that browsers, at a certain point in the future, will discourage (e.g. via warnings) or even prevent the user from ever using unencrypted DNS, and so they need some form of automated discovery to make sure that browsers will still use DoH to their resolver for their customers that presently fall into the very common "forwarding CPE with private IP" case.



In other words, a commitment by browsers that they will still make use of unencrypted DNS in the long term in the "forwarding CPE with private IP" case, and that they will not try to push users to move to encrypted DNS servers run by other parties, could perhaps make the above draft redundant. But I do want to stress the "could", because I can also see a number of reasons why ISPs may want to upgrade their customers to DoH automatically in that case as well, even if this implies accepting some risk. Even just keeping up with the general "encrypted is better" marketing push in front of their customers would be a valid one.




--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com <mailto:vittorio.bertola@open-xchange.com>
Office @ Via Treviso 12, 10144 Torino, Italy

v2.23.0 | Report a Bug | By Email