IETF Logo Mail Archive

Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers

Paul Hoffman <paul.hoffman@icann.org> Tue, 30 June 2020 17:19 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BFC13A0CEE for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 10:19:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOpz58opPcfM for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 10:19:15 -0700 (PDT)
Received: from ppa5.dc.icann.org (ppa5.dc.icann.org [192.0.46.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 110283A0A3A for <add@ietf.org>; Tue, 30 Jun 2020 10:19:14 -0700 (PDT)
Received: from PFE112-CA-2.pexch112.icann.org (out.west.pexch112.icann.org [64.78.40.10]) by ppa5.dc.icann.org (8.16.0.42/8.16.0.42) with ESMTPS id 05UHJCah002912 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 30 Jun 2020 17:19:13 GMT
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 30 Jun 2020 10:19:11 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1497.006; Tue, 30 Jun 2020 10:19:10 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Eric Rescorla <ekr@rtfm.com>
CC: ADD Mailing list <add@ietf.org>
Thread-Topic: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers
Thread-Index: AQHWTBsN3/DLN2hcME+JF5GYFgXFVajtBcSAgAAMfgD//7+nZoAB+PAAgAAGXwCAAA5CAIABuWkAgAAakYCAABiHAIAACO+AgAAewYCAAADMAIAATz8AgAAVP4CAAAM9AIAAPRyAgABI9wA=
Date: Tue, 30 Jun 2020 17:19:09 +0000
Message-ID: <219413C9-2C0A-45A5-9310-9F044E11D5F0@icann.org>
References: <CABcZeBPTkWeB40wpTowKvEJ-gXA3AL2e-BE+C_FC7Js7-D0DZQ@mail.gmail.com> <bd78f54e-038d-9cff-b6a8-c9c6323ed5f5@redbarn.org> <668384b7-90f5-4ff1-b9e2-d0257aee731d@www.fastmail.com> <3421779.8U4dVgcHlH@linux-9daj> <CABcZeBP8okFjJZk6+PYnTRqDi+KW+=4eT9niRZKkQ00THgL81g@mail.gmail.com>
In-Reply-To: <CABcZeBP8okFjJZk6+PYnTRqDi+KW+=4eT9niRZKkQ00THgL81g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
x-source-routing-agent: Processed
Content-Type: multipart/signed; boundary="Apple-Mail=_BBE9B4FB-F8AA-4053-BC7E-0345F6188D34"; protocol="application/pkcs7-signature"; micalg="sha-256"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-06-30_06:2020-06-30, 2020-06-30 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/eiT6QGdbcNwFIdJfyTbA4ZBIqv8>
Subject: Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 17:19:16 -0000

On Jun 30, 2020, at 5:58 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> 
> The question I am addressing is what we ought to do in the interim.
> 

Given that this discussion is happening on an IETF WG mailing list, the sub-question is who you mean by "we". Earlier, you indicated that you were not necessarily proposing this for IETF standardization, and your draft is indeed informational, nor have you asked the WG to consider the proposal.

If all that Firefox needs is a simple way for a resolver to reply with a key that Firefox can use to look up in its TRR list, the CNAME proposal is fine. For that matter, so would an A record where Mozilla assigns each TRR an arbitrary IPv4 address that is used as a key; this would avoid any problems with middleboxes that blocked CNAME queries. There doesn't seem to be any value to standardize such a proposal.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email