IETF Logo Mail Archive

Re: [Add] Mozilla's DoH resolver policy

"Ralf Weber" <dns@fl1ger.de> Thu, 11 April 2019 08:59 UTC

Return-Path: <dns@fl1ger.de>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41FAB12013E for <add@ietfa.amsl.com>; Thu, 11 Apr 2019 01:59:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id obAEH1G09rk9 for <add@ietfa.amsl.com>; Thu, 11 Apr 2019 01:59:38 -0700 (PDT)
Received: from smtp.guxx.net (smtp.guxx.net [IPv6:2a01:4f8:a0:322c::25:42]) by ietfa.amsl.com (Postfix) with ESMTP id 2D8FD1200FC for <add@ietf.org>; Thu, 11 Apr 2019 01:59:38 -0700 (PDT)
Received: by nyx.guxx.net (Postfix, from userid 107) id 0595A5F40A42; Thu, 11 Apr 2019 10:59:36 +0200 (CEST)
Received: from [172.19.152.251] (p4FF53610.dip0.t-ipconnect.de [79.245.54.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id 6B8195F40043; Thu, 11 Apr 2019 10:59:36 +0200 (CEST)
From: Ralf Weber <dns@fl1ger.de>
To: Martin Thomson <mt@lowentropy.net>
Cc: add@ietf.org
Date: Thu, 11 Apr 2019 10:59:35 +0200
X-Mailer: MailMate (1.12.4r5594)
Message-ID: <90A5C5C4-373C-4B39-80C2-C115CD23CB4D@fl1ger.de>
In-Reply-To: <64aeff58-6d68-4c4f-b991-2b2f62d193a0@www.fastmail.com>
References: <297C80CE-F017-4F4A-80E2-79941E8B9E02@icann.org> <b64761dc-dfab-e4e1-4bfb-82d607efa590@riseup.net> <alpine.LRH.2.21.1904101324530.9940@bofh.nohats.ca> <64aeff58-6d68-4c4f-b991-2b2f62d193a0@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/OeT-oYuwpzBuqpU_YCMQ7-W5Q1M>
Subject: Re: [Add] Mozilla's DoH resolver policy
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 08:59:39 -0000

Moin!

On 11 Apr 2019, at 5:12, Martin Thomson wrote:
> We don't believe that DNSSEC is essential to our primary goals, which 
> are improving privacy of browsing activity.  As a browser, we can't 
> condition our behaviour on whether DNSSEC was present and valid for a 
> variety of reasons (some of which we might discuss separately), but we 
> do value resolvers that perform DNSSEC validation.
So why not make DNSSEC validation in the resolver a requirement? It 
doesn’t interfere with local policy and offers significant benefits 
for the user. Validation in the client would be nicer, but requiring it 
in the resolver is a good first step.

So long
-Ralf
—--
Ralf Weber

v2.23.0 | Report a Bug | By Email