IETF Logo Mail Archive

Re: [Add] fixing coffee shop brokenness with DoH

Stephane Bortzmeyer <bortzmeyer@nic.fr> Wed, 24 July 2019 20:46 UTC

Return-Path: <stephane@laperouse.bortzmeyer.org>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AE0E120640 for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 13:46:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Level:
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ebCbmZAXTvet for <add@ietfa.amsl.com>; Wed, 24 Jul 2019 13:46:00 -0700 (PDT)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [92.243.4.211]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4312F120285 for <add@ietf.org>; Wed, 24 Jul 2019 13:46:00 -0700 (PDT)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id 54439A052F; Wed, 24 Jul 2019 22:45:57 +0200 (CEST)
Received: by godin (Postfix, from userid 1000) id C7C6FEC0AFD; Wed, 24 Jul 2019 22:41:44 +0200 (CEST)
Date: Wed, 24 Jul 2019 16:41:44 -0400
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Jim Reid <jim@rfc1035.com>
Cc: Rob Sayre <sayrer@gmail.com>, "add@ietf.org" <add@ietf.org>
Message-ID: <20190724204144.GC5078@laperouse.bortzmeyer.org>
References: <CAChr6Sx9TEt6CMzRRrdb-HwT_k987oW=4yF1FCbDF17zkaE2Vg@mail.gmail.com> <2D09D61DDFA73D4C884805CC7865E6114E23910C@GAALPA1MSGUSRBF.ITServices.sbc.com> <14DF8769-A817-4C06-9140-80198518244F@akamai.com> <CAChr6SzH1EycAr5n+dK5BQcG=0Zsw66qE=8Rptvq7SEoEvQQ=Q@mail.gmail.com> <E5A0DAE2-A718-41EA-B490-58ABD0F31CF2@rfc1035.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <E5A0DAE2-A718-41EA-B490-58ABD0F31CF2@rfc1035.com>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 18.04 (bionic)
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/__0MCBwEGeStVov25ZOA3aV0I2M>
Subject: Re: [Add] fixing coffee shop brokenness with DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 20:46:01 -0000

On Wed, Jul 24, 2019 at 02:56:15AM +0100,
 Jim Reid <jim@rfc1035.com> wrote 
 a message of 16 lines which said:

> BTW, using DoH or DoT in the above scenario doesn't necessarily make
> things "secure". It just changes the security landscape by swapping
> one set of concerns for another. A cynic (or realist) would say
> they'd just replaced one DNS resolver they probably didn't/shouldn't
> trust to another that isn't necessarily more trustworthy.

On the Internet, we often have to make decisions about who to
trust. We decide to register a .com or a .cctld, we decide to use
Signal or Telegram, we decide to do searches at Google or at
DuckDuckGo, etc. Sometimes, we make wrong assessments but I disagree
with the nihilist view that "everything is rotten, there is no point
in choosing the provider".

v2.23.0 | Report a Bug | By Email