[Add] draft-pauly-dprive-oblivious-doh
Eliot Lear <lear@lear.ch> Mon, 01 November 2021 07:53 UTC
Return-Path: <lear@lear.ch>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CE803A1116 for <add@ietfa.amsl.com>; Mon, 1 Nov 2021 00:53:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=lear.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kuN43zzJ43V8 for <add@ietfa.amsl.com>; Mon, 1 Nov 2021 00:53:13 -0700 (PDT)
Received: from upstairs.ofcourseimright.com (upstairs.ofcourseimright.com [185.32.222.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6D2A3A1110 for <add@ietf.org>; Mon, 1 Nov 2021 00:53:12 -0700 (PDT)
Received: from [IPV6:2001:420:c0c0:1011::2] ([IPv6:2001:420:c0c0:1011:0:0:0:2]) (authenticated bits=0) by upstairs.ofcourseimright.com (8.15.2/8.15.2/Debian-18) with ESMTPSA id 1A17r456383955 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Mon, 1 Nov 2021 08:53:05 +0100
Authentication-Results: upstairs.ofcourseimright.com; dmarc=none (p=none dis=none) header.from=lear.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lear.ch; s=upstairs; t=1635753185; bh=QdHUWr+Rqo+yGPjVhB0a9QTiI4wmbRmaQZhxgyWGZ8M=; h=Date:To:Cc:From:Subject:From; b=QFmTZ7g4l5fzwFCR+mzy84/r09bd0DoQ+Yu7T84z4E2dPlz6M5ObLAIpl60fo/H+t 1u5iMZfKn2KL4AL+iUzytpUNMXYNjkNVw4fPKBCUWAu4RE2HpNHe0o24Z2Ln+HU2n6 H0HNJBN9CyODVYIhsNQEgaEl/yrfNqxqsqxdcqY0=
Message-ID: <a6de579a-de54-b80d-cff9-a545e37cf9f0@lear.ch>
Date: Mon, 01 Nov 2021 08:53:03 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.2.1
Content-Language: en-US
To: add@ietf.org
Cc: ISE <rfc-ise@rfc-editor.org>
From: Eliot Lear <lear@lear.ch>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------Q6doo6iAaICHS5qEjCcFGO8D"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/eJyk8-69SJ_02GG_M_izfSICzKU>
Subject: [Add] draft-pauly-dprive-oblivious-doh
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Nov 2021 07:53:18 -0000
Just for the record, I think this draft leads to a situation where miscreants can hide their tracks. Section 10.1 of that document is... weak. This has the potential to leave web sites unable to determine who is attacking them, and also prevents service providers from backtracing such attacks. This demonstrates precisely why an appropriately strong applicability statement is necessary in any ADD output.
- [Add] draft-pauly-dprive-oblivious-doh Eliot Lear
- Re: [Add] draft-pauly-dprive-oblivious-doh Eric Rescorla
- Re: [Add] draft-pauly-dprive-oblivious-doh Tommy Pauly