IETF Logo Mail Archive

Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00

Eric Rescorla <ekr@rtfm.com> Tue, 16 July 2019 16:50 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BEAF12095B for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 09:50:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-7FFV3n4ZyJ for <add@ietfa.amsl.com>; Tue, 16 Jul 2019 09:50:19 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBFAA120956 for <add@ietf.org>; Tue, 16 Jul 2019 09:50:18 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id v85so14210537lfa.6 for <add@ietf.org>; Tue, 16 Jul 2019 09:50:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bTczHMnHVunVihHj9hVdyXeUkVP4PRRVqBxORdbHK9s=; b=j5rwJv4pqf/LBZnx/Abb2FP0V0PVetYsc4d/Gx4IQHdsIXmNBujfPpqkO+QnDgHi0x J5n3EW2OCmwXTsGKyUxiQIc4FSAsASHNIQHunJxhUUYPYPakInc19mxhHLq6Cs+QgbX5 kOzRjPoEjcdfbr00vpb2mGjJ50Hr7Ib+jDmzbYzJO1Ds9yL08YFADEvCxayMD/5zU3HR Gcdg6eUdsKIDDlOa0fJi/wswXnZHvqhd2qD0ioMgtBd8nc18CIskL4YLw8XtxjR1DcYI +sCRNZ/vwiHnqNO+I0jicZIweUZ2tp/uWq1aMjX2wXv4eq3Dp0C3//WwsN8zESxf+oTo yujw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bTczHMnHVunVihHj9hVdyXeUkVP4PRRVqBxORdbHK9s=; b=hk1g0pnSiF9PMPJrYMclXeWnVqLPlLhzLRZA1GmVldT0OnvN2nft4Km5mjwUQr7+8L uVd82ncYRKDLm0WgfhtU4b8eQFPXWkyoxhhipzH5bVmw+aPMciK5ZPcwZYhEX+nVkd84 UdFpz6+U5+1L9Td1rKguxLYdb4G8Sp4xmC7R7HpOmiJYmEknnKHy/inmtB0buf94Kp5t cSdBx0DFVUUfIIeg1n8Wor4/02qeOt7H49js09a73uJANMkJSA97zeyh9p6A5b9O6Y3u VcwaCcOuyU2QVouWXHy6/QrXncG6+K47uUAv/5WNa5UmtKyRp3iOaFI/3XDXOWnKTzOY 9gug==
X-Gm-Message-State: APjAAAX79BGxRrmE/iovnFHBs/GRC23baOhR2Q31tNyjeu+cs6419joO j2R1v4P1CW54fih+ABzeYffUtqHmQX53JTrjfZm3sQ==
X-Google-Smtp-Source: APXvYqzdi1ME7Q9uriqnq+i/R1JVfCSMwqdXL+Gf4ejqG5/VIB/hykbrI2IwdH06m5uT6csjCQvp+SaMMQ+27VPDw0E=
X-Received: by 2002:ac2:4202:: with SMTP id y2mr3403903lfh.178.1563295816894; Tue, 16 Jul 2019 09:50:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAChr6SwEUz9MrdRA0bnv9f-oNi0oUHkfRKjd9-o6jwhuckLXdw@mail.gmail.com> <CAFWeb9LNdT=EYVKTsYDxcBCQKoQFNShKotYtWujt4U9GA-V1mg@mail.gmail.com> <CAFWeb9+eWKSKY9O2JLn9-0+Zq7hrD48F-y+Y4T-iRaaF0vtdOA@mail.gmail.com> <A45F4F74-D6C1-435A-A52F-C2DEA82E2999@sky.uk> <CAFWeb9JVBj+Yehup5q4v9X-7XDY+02frd-04AQGL2HoSLON2qA@mail.gmail.com> <CABcZeBMY9q9vKGse1svzbvXF_dSHA+9q06j4ugDVCZP9VT1koQ@mail.gmail.com> <CAChr6Sz5Rfz=UxOYuPguSvVK2HCX2ZoA1-FytW7+EOUxN8y46Q@mail.gmail.com> <CABcZeBNB7ASu2U3ZMBZ+OOxEhbSnhDXwFN3Lsex1uzVSDv3R=Q@mail.gmail.com> <c9c83673-c12e-0093-3873-0f2c03155fa5@brokendns.net>
In-Reply-To: <c9c83673-c12e-0093-3873-0f2c03155fa5@brokendns.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 16 Jul 2019 09:49:39 -0700
Message-ID: <CABcZeBP50XudcymGzTJP7XBZzBNw-SsVHFS07wJ++FxoHMHtNw@mail.gmail.com>
To: Michael Sinatra <michael@brokendns.net>
Cc: add@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d864a4058dcf2bf8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/PgDsgQmi5oSs37MRbJsay-_DR-M>
Subject: Re: [Add] [EXTERNAL] Re: draft-grover-add-policy-detection-00
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2019 16:50:21 -0000

On Tue, Jul 16, 2019 at 9:33 AM Michael Sinatra <michael@brokendns.net>
wroteil is in the defaults.

>
> Mozilla, with its documented plans to circumvent institutional DNS with
> Mozilla-blessed services running DoH, exemplifies the case where the
> default behavior is going to be incompatible with institutional
> requirements and regulatory frameworks.  The result is predictable:
> Where endpoints are under strict control, Mozilla will be uninstalled
> and effectively banned.


Obviously, I can't control whether people install or uninstall any
particular piece of software,
but I do want to emphasize that (1) enterprise policy can be used to
disable and configure
DoH and (2) Firefox will disable DoH entirely if an enterprise policy is in
place but it
doesn't otherwise configure DoH.

-Ekr

v2.23.0 | Report a Bug | By Email