Re: [Add] Mozilla's DoH resolver policy
"Livingood, Jason" <Jason_Livingood@comcast.com> Tue, 16 April 2019 16:00 UTC
Return-Path: <Jason_Livingood@comcast.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF2BC120AF7 for <add@ietfa.amsl.com>; Tue, 16 Apr 2019 09:00:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=comcast.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fii_ML_iE9Rs for <add@ietfa.amsl.com>; Tue, 16 Apr 2019 09:00:19 -0700 (PDT)
Received: from copdcmhout02.cable.comcast.com (copdcmhout02.cable.comcast.com [96.114.158.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBE60120D2D for <add@ietf.org>; Tue, 16 Apr 2019 08:08:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190220p; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1555427320; x=2419340920; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=x4VIGCTTIEj7tQDyRkVXJYT7kygLlsLOfFOb99F6O7M=; b=OAhHBfDyEY5LsIIuBn67h49Le+g3cSXsWOKlt7+HF8OFGcNilmJSeJ+X4ta5nAXw bzgHAqonFRR6+F9KeMJ1KxvGgoLzGLvfxNqN17n8ec8Ie7T2BKEj+lkBIJBCF0lJ 8m0lzllC3yBlJ4vXsv/K7HZgROPRKOGJf0FtCiOMvY5Mv/jwYwWscDNy7JtXUAV2 QEAN2A7UNqw6K0PrZ1vkPCWZPw/8qBBsxy4pmnoWdEltAf3UGpLXUQzv/LXW3IBx 3QAe1kB8Zb1EDO3TgmRE9f/oMA1WF7XXDAGO2mn4+ARXew0zNVCQgul+jvvsyaoG k9BAusfrbjUOf3VLJcuYgcgr0NMpq9xifceAgRbOHfDyDuskwy9qwwdAMZ/YpPHj 8foEwGzM1z5D46XwzZLlOmlaLp+sEAIzLy47E4j7KlSWFpWmVMB5KcD4qk9tjLDT YVhlNeeuWF8fYRYgCtzcPC/A2YanEEmpH4rUvIeEXaA9kNa/xkztp/IcINVkBJxN nMzAARDO5A/Fs7Rcu7XdybGKKkWVEpcHebihW8YxSxQd9MMo2KXDHOsT+latXu5C qHwjN+76wCGA9Y6UlAsJekkQHftleD8p/lTwBg6VMBcymxLem9wNgHrvx66Hkzdb 2pzYnrdkEPlgnpWyo/3Uff9g/kS0nMYuN5HvPqXkcSY=;
X-AuditID: 60729ed4-f05ff7000000add3-05-5cb5eff8054a
Received: from COPDCEXC37.cable.comcast.com (copdcmhoutvip.cable.comcast.com [96.114.156.147]) (using TLS with cipher AES256-SHA256 (256/256 bits)) (Client did not present a certificate) by copdcmhout02.cable.comcast.com (SMTP Gateway) with SMTP id A1.D3.44499.8FFE5BC5; Tue, 16 Apr 2019 09:08:40 -0600 (MDT)
Received: from COPDCEXC37.cable.comcast.com (147.191.125.136) by COPDCEXC37.cable.comcast.com (147.191.125.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Tue, 16 Apr 2019 11:08:39 -0400
Received: from COPDCEXC37.cable.comcast.com ([fe80::3aea:a7ff:fe36:8a94]) by COPDCEXC37.cable.comcast.com ([fe80::3aea:a7ff:fe36:8a94%15]) with mapi id 15.01.1713.004; Tue, 16 Apr 2019 11:08:39 -0400
From: "Livingood, Jason" <Jason_Livingood@comcast.com>
To: Peter Saint-Andre <stpeter@mozilla.com>, "add@ietf.org" <add@ietf.org>
Thread-Topic: [Add] Mozilla's DoH resolver policy
Thread-Index: AQHU77Dlc8CwVfKDqk2z5i9MnPeCkqY15qUAgAACYACAAKNWAIAAYRaAgAAChQCAAHO2gIABT09RgABW7gCABeCDgIAAAr2A
Date: Tue, 16 Apr 2019 15:08:39 +0000
Message-ID: <9FDAE487-6E98-4332-BB57-A626A02A6402@cable.comcast.com>
References: <297C80CE-F017-4F4A-80E2-79941E8B9E02@icann.org> <b64761dc-dfab-e4e1-4bfb-82d607efa590@riseup.net> <alpine.LRH.2.21.1904101324530.9940@bofh.nohats.ca> <64aeff58-6d68-4c4f-b991-2b2f62d193a0@www.fastmail.com> <90A5C5C4-373C-4B39-80C2-C115CD23CB4D@fl1ger.de> <994839978.18707.1554973716877@appsuite.open-xchange.com> <af5f5c76-0095-65a0-39d1-d29d4bb0e906@mozilla.com> <ybl36mn8b54.fsf@w7.hardakers.net> <f9d0cd98-db0c-7f42-d351-d9a5002c4765@mozilla.com> <21C5261E-9DE0-4CFD-A949-6E91DD0C2552@cable.comcast.com>
In-Reply-To: <21C5261E-9DE0-4CFD-A949-6E91DD0C2552@cable.comcast.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.17.1.190326
x-originating-ip: [68.87.29.7]
Content-Type: text/plain; charset="utf-8"
Content-ID: <17EB57F44A4BE74EADBC9361ED2F3E4E@comcast.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprHKsWRmVeSWpSXmKPExsWSUDRnsu6P91tjDFofG1j8P72OzeLZylOM DkweS5b8ZPLoO9DFGsAU1cBoU5JRlJpY4pKalppXnGrHpYABbJJS0/KLUl0Ti3Iqg1JzUhOx KwOpTEnNySxLLdLHaow+VnMSupgybh9sYC94xlHx724rUwPjCY4uRk4OCQETiQWzjjJ2MXJx CAnsYpL4eXQ3E4TTwiTxes8DFgjnNKPEv/57LCAtbAJmEncXXmEGsUUEvCTe/3vGDmILCxhI rHl3jgUibijx8nUzVE2eROfhh2A2i4CqxN7u/6wgNq+Ai8TcNX/YIBbMZJE49+ci2CBOAVeJ nfs/MYHYjAJiEt9PrQGzmQXEJW49mc8EcbeAxJI955khbFGJl4//gQ0VFdCXeLD1CiNEXE5i 7muQozmAejUl1u/ShxhjJXF17VuokYoSU7ofskPcIyhxcuYTFohWcYnDR3awTmCUmIVk8yyE SbOQTJqFZNIsJJMWMLKuYuSzNNMzNDTRMzS10DMyNNrECE41867sYLw83eMQowAHoxIPr//N rTFCrIllxZW5hxglOJiVRHgdU7bECPGmJFZWpRblxxeV5qQWH2KU5mBREudNfARULZCeWJKa nZpakFoEk2Xi4JRqYOxgtH2vp8RZ6f5UuuiTDZOFKUNt+4UNtiLxE+2NTv85950tUOWJza+5 G57taz7nq2tjOmeip5kds9jPrw3Jh88vtfb2YUoJ59ac5XL3R40T18K9+yL5ntiZr5i6ylUu 7nLE2493WZTs/wXuZl0ofvZT7el1LxkZbK8zbJnj/CAmSVz0W2FUhxJLcUaioRZzUXEiAG1H kz0xAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/jvryOWtTU5u893n9HPq9FCE9idg>
Subject: Re: [Add] Mozilla's DoH resolver policy
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 16:00:27 -0000
And for ease of any replies, I have a separate question on CDN localization via ECS. The 6th privacy requirement suggests that ECS cannot be used unless there is encryption between the resolver and the authoritative server, presumably via DoT. This suggests that the privacy concern isn't that the network/geographic hint provided by ECS is problematic in and of itself, but that it should not be observable along the network path used in recursion. But if TRR-to-auth recursion is not available via DoT, I wonder what the recommended mechanism is for providing a more privacy-protective network-geographic hint to an authoritative server, in order for example for a CDN to dynamically respond with a localized response. Maybe something new needs to be standardized? What options do folks suggest? Thanks Jason
- [Add] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Martin Thomson
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Jim Reid
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Manabu Sonoda
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Ray Bellis
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Daniel Stenberg
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] [Ext] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] [Ext] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] [Ext] Mozilla's DoH resolver policy Brian Dickson
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] Mozilla's DoH resolver policy Mark Andrews
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Salz, Rich
- Re: [Add] Mozilla's DoH resolver policy Ben Schwartz
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Geoff Huston
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] ECS privacy concerns, alternatives? Erik Nygren
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Paul Hoffman
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Hollenbeck, Scott
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] ECS privacy concerns, alternatives? Puneet Sood
- Re: [Add] ECS privacy concerns, alternatives? Erik Kline
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson