Re: [Add] Mozilla's DoH resolver policy
Geoff Huston <gih@apnic.net> Tue, 16 April 2019 22:40 UTC
Return-Path: <gih@apnic.net>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13269120243 for <add@ietfa.amsl.com>; Tue, 16 Apr 2019 15:40:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=apnic.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ltQFRl8tAZWP for <add@ietfa.amsl.com>; Tue, 16 Apr 2019 15:40:13 -0700 (PDT)
Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-eopbgr1310045.outbound.protection.outlook.com [40.107.131.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 250A3120241 for <add@ietf.org>; Tue, 16 Apr 2019 15:40:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.onmicrosoft.com; s=selector1-apnic-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P3wDuywdO254oBDwoDs/lI0t9vOmlBCdCGMtMICjMUc=; b=obUo+T9wIq+TiU/mibnaXryd0bL3ak8StBAzt4P6oTB20mTY1/wVSdlLJ1KlXjvMm0qT/lLriF9qx6ZMZwACaMcy4ykJK1zBTQiXdQwzFV9kRX96XIiWhNNQctT9ySeix9EHcuDTKuxtlc9+BqhwKwRnDIyVoybk0N8870sW4UY=
Received: from HK0PR04MB2660.apcprd04.prod.outlook.com (20.177.29.11) by HK0PR04MB3236.apcprd04.prod.outlook.com (20.177.160.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.17; Tue, 16 Apr 2019 22:40:09 +0000
Received: from HK0PR04MB2660.apcprd04.prod.outlook.com ([fe80::218c:c614:767:6fcd]) by HK0PR04MB2660.apcprd04.prod.outlook.com ([fe80::218c:c614:767:6fcd%5]) with mapi id 15.20.1813.011; Tue, 16 Apr 2019 22:40:09 +0000
From: Geoff Huston <gih@apnic.net>
To: "add@ietf.org" <add@ietf.org>
CC: Peter Saint-Andre <stpeter@mozilla.com>
Thread-Topic: [Add] Mozilla's DoH resolver policy
Thread-Index: AQHU9KVY5LK2ZSiLR0KzB1rN7lEtJA==
Date: Tue, 16 Apr 2019 22:40:09 +0000
Message-ID: <E9BB23D5-E054-41E7-8B75-54E9E8730BF1@apnic.net>
References: <297C80CE-F017-4F4A-80E2-79941E8B9E02@icann.org> <b64761dc-dfab-e4e1-4bfb-82d607efa590@riseup.net> <alpine.LRH.2.21.1904101324530.9940@bofh.nohats.ca> <64aeff58-6d68-4c4f-b991-2b2f62d193a0@www.fastmail.com> <90A5C5C4-373C-4B39-80C2-C115CD23CB4D@fl1ger.de> <994839978.18707.1554973716877@appsuite.open-xchange.com> <af5f5c76-0095-65a0-39d1-d29d4bb0e906@mozilla.com> <ybl36mn8b54.fsf@w7.hardakers.net> <f9d0cd98-db0c-7f42-d351-d9a5002c4765@mozilla.com> <21C5261E-9DE0-4CFD-A949-6E91DD0C2552@cable.comcast.com>
In-Reply-To: <21C5261E-9DE0-4CFD-A949-6E91DD0C2552@cable.comcast.com>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-clientproxiedby: HK2PR02CA0199.apcprd02.prod.outlook.com (2603:1096:201:20::11) To HK0PR04MB2660.apcprd04.prod.outlook.com (2603:1096:203:6b::11)
x-originating-ip: [61.219.139.1]
authentication-results: spf=none (sender IP is ) smtp.mailfrom=gih@apnic.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-mailer: Apple Mail (2.3445.104.8)
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d5bce73d-c9fb-440f-6e23-08d6c2bc7b08
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600140)(711020)(4605104)(2017052603328)(7193020); SRVR:HK0PR04MB3236;
x-ms-traffictypediagnostic: HK0PR04MB3236:
x-microsoft-antispam-prvs: <HK0PR04MB32365DF435DB8B81EB6D2C3DB8240@HK0PR04MB3236.apcprd04.prod.outlook.com>
x-forefront-prvs: 000947967F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(376002)(39830400003)(346002)(366004)(199004)(189003)(2616005)(7736002)(6486002)(446003)(229853002)(11346002)(6436002)(8936002)(5640700003)(86362001)(1730700003)(76176011)(81166006)(2906002)(81156014)(486006)(8676002)(386003)(106356001)(102836004)(5660300002)(476003)(256004)(6506007)(53546011)(26005)(186003)(2351001)(478600001)(14454004)(52116002)(6916009)(93886005)(105586002)(33656002)(57306001)(6246003)(305945005)(82746002)(316002)(68736007)(36756003)(4744005)(6512007)(71200400001)(4326008)(50226002)(97736004)(2501003)(53936002)(71190400001)(66066001)(3846002)(25786009)(6116002)(83716004)(99286004); DIR:OUT; SFP:1101; SCL:1; SRVR:HK0PR04MB3236; H:HK0PR04MB2660.apcprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: apnic.net does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: ymSwAd/VSi2ptxsX5o8hxIvs6rml2J4D+B5d4TmpGrnyPqozRD/D+UnUd0SisZgAg7zJJHFfLyDXBlVC+g+TgXce5E/mxRy4rqgIPRnLy/o8N3DBOnNfIvC56h7SijZrY6fzu9pHAOwkw6x+TDEemy+GO2vUzRDN3V3RTSXllmDt2yLtEa/8YekDsuceGbfvYF43NifvE4Q+i3uDJ/OrEtp7zge1mw58VfpwjYx8NqIicBzxlOBQf0n/qZ1GtE9gL5AMIa5tLgJTdibfLJi0reunUq5ew3jkOqtX9ZwhV2t3ApRt8AyOmFULtrlGhVVj+zoIJ97j426GluCBN6fwS7x3EJJZCejdljKBmYghFcM8ysx8r1AmIqlOIq2ieYJclxElGOcqoVyqqU6siWGn3Guad9feY3VTYRXKnfcZeYc=
Content-Type: text/plain; charset="us-ascii"
Content-ID: <871D069450D53142853E3747F98E205D@apcprd04.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: apnic.net
X-MS-Exchange-CrossTenant-Network-Message-Id: d5bce73d-c9fb-440f-6e23-08d6c2bc7b08
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2019 22:40:09.7218 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 127d8d0d-7ccf-473d-ab09-6e44ad752ded
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK0PR04MB3236
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/Tj3NUfZUvT_oBkIYSJi-A6VPhRw>
X-Mailman-Approved-At: Tue, 16 Apr 2019 18:57:24 -0700
Subject: Re: [Add] Mozilla's DoH resolver policy
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 22:40:17 -0000
> On 17 Apr 2019, at 12:58 am, Livingood, Jason <Jason_Livingood@comcast.com> wrote: > > So I'd say require DNSSEC validation FWIW so would I - securing the channel is not the same as being able to trust the integrity of the content carried in the channel, and for the latter all we have is DNSSEC. The secured channel does allow the client to place slightly more trust in the AD bit in the response. Geoff
- [Add] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Martin Thomson
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Jim Reid
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Manabu Sonoda
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Ray Bellis
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Daniel Stenberg
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] [Ext] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] [Ext] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] [Ext] Mozilla's DoH resolver policy Brian Dickson
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] Mozilla's DoH resolver policy Mark Andrews
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Salz, Rich
- Re: [Add] Mozilla's DoH resolver policy Ben Schwartz
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Geoff Huston
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] ECS privacy concerns, alternatives? Erik Nygren
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Paul Hoffman
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Hollenbeck, Scott
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] ECS privacy concerns, alternatives? Puneet Sood
- Re: [Add] ECS privacy concerns, alternatives? Erik Kline
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson