IETF Logo Mail Archive

Re: [Add] Use Cases - the coffee shop

"Ralf Weber" <dns@fl1ger.de> Thu, 15 August 2019 16:03 UTC

Return-Path: <dns@fl1ger.de>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1357312011F for <add@ietfa.amsl.com>; Thu, 15 Aug 2019 09:03:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ACbvO6Gy9T-7 for <add@ietfa.amsl.com>; Thu, 15 Aug 2019 09:03:28 -0700 (PDT)
Received: from smtp.guxx.net (nyx.guxx.net [85.10.208.173]) by ietfa.amsl.com (Postfix) with ESMTP id D979B1200EB for <add@ietf.org>; Thu, 15 Aug 2019 09:03:20 -0700 (PDT)
Received: by nyx.guxx.net (Postfix, from userid 107) id 973F45F42D50; Thu, 15 Aug 2019 18:03:19 +0200 (CEST)
Received: from [172.19.152.108] (p54B8ABDF.dip0.t-ipconnect.de [84.184.171.223]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id 78F2E5F42335; Thu, 15 Aug 2019 18:03:18 +0200 (CEST)
From: Ralf Weber <dns@fl1ger.de>
To: Ted Lemon <mellon@fugue.com>
Cc: Paul Wouters <paul@nohats.ca>, Andrew Campling <andrew.campling@419.consulting>, ADD Mailing list <add@ietf.org>
Date: Thu, 15 Aug 2019 18:03:17 +0200
X-Mailer: MailMate (1.12.5r5635)
Message-ID: <1311E18B-0B6F-482A-9C51-B2741D6666CA@fl1ger.de>
In-Reply-To: <D00B2D4C-8E15-41E6-B33E-F458F111F11D@fugue.com>
References: <LO2P265MB1327AECBA24B14FBB30A9389C2AC0@LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM> <FA942654-B718-4679-B26D-F2F4B0B383AD@fugue.com> <LO2P265MB1327CFC139EE1EC47982F9A0C2AC0@LO2P265MB1327.GBRP265.PROD.OUTLOOK.COM> <alpine.LRH.2.21.1908151055440.24974@bofh.nohats.ca> <C3AA00A7-8CE0-4EC2-9A40-7F34F30AE77C@fl1ger.de> <D00B2D4C-8E15-41E6-B33E-F458F111F11D@fugue.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/ZZwYkM4aTFi_M57IbXZn02rVOeA>
Subject: Re: [Add] Use Cases - the coffee shop
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 16:03:30 -0000

Moin!

On 15 Aug 2019, at 17:51, Ted Lemon wrote:

> On Aug 15, 2019, at 8:46 AM, Ralf Weber <dns@fl1ger.de> wrote:
>> TBH I’d rather connect to a network that protects me from malware/
>> trojans then one that protects me from porn (Though there is some
>> relationship there ;-)
>
> If you want that, and you want DNS filtering of malware, then the best 
> way to get that is to know what resolver you are talking to.   IOW, 
> that’s a really clear use case for DoH.
I was making the point on what people are ok with when it comes to DNS 
servers, but I can agree that we should work on making DNS server setup 
more secure and capabilities more known. I believe there is work in 
dnsop on that at the moment (draft-sah-resolver-information).

> If you trust a resolver offered to you over DHCP or RA, you do not get 
> any assurance that your resolver has this property.
There are ways to protect against rouge RA/DHCP on network devices, but 
I agree it is an attack vector.

So long
-Ralf
—--
Ralf Weber

v2.23.0 | Report a Bug | By Email