Re: [Add] Encrypted DNS support in iOS and macOS

"Chris Box (BT)" <chris.box.ietf@gmail.com> Sat, 27 June 2020 06:58 UTC

Return-Path: <chris.box.ietf@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D34F3A0DA2 for <add@ietfa.amsl.com>; Fri, 26 Jun 2020 23:58:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Tj7pZirLxdo for <add@ietfa.amsl.com>; Fri, 26 Jun 2020 23:58:25 -0700 (PDT)
Received: from mail-qv1-xf33.google.com (mail-qv1-xf33.google.com [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1C703A0DA1 for <add@ietf.org>; Fri, 26 Jun 2020 23:58:25 -0700 (PDT)
Received: by mail-qv1-xf33.google.com with SMTP id g11so5519272qvs.2 for <add@ietf.org>; Fri, 26 Jun 2020 23:58:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ur3RJTye5GgFSPx6nR4LNSArwRWPPrPNevsIXX/2w7Y=; b=ejriazClnmbxTcLhyBdSl0TY2nO4s+OXLgjGWFtsYLJMGULlh66WkOtw4hwfo3e9oz HQQSzs4UJddru3IkDsl2cWNDq9/Y+pKku38vy/wnCjNYoH8jtUpbXGoQuvlMHG/oTq/Q vutG2IwiHAvOVujmoCyn+OVUC2bZO8bajxPu17YT6f1HOe5dvbETqGzX+RCoYyPCpRts 98s8K8X6j25xdatpA7xchQiAEr4/LAZECobufv5P7089m8flb4uhWJwQVvwY4hOZ+I9l Lrj/x2ePENKOikMoDlELrwP8A5fAsR4FwmevBKEqOuOaRYxR5KcHBvmC79u0DiMAbJ0Q U00w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ur3RJTye5GgFSPx6nR4LNSArwRWPPrPNevsIXX/2w7Y=; b=STHzYpxZDEfOfWpYmROaK5fud1cJBk3JPycdwcaSDxoO0mGUgbh3B8htkN72CdP6i1 rNqhl3UNGzwHI+wUYrA8FcZP2fTo2txRz1kv4DknkEmSeaJFv5P//dySE3FXYZb5W51q kGr0WnvfbPMgfwraSIM72juDna/M4WCkEMrCjHyIfyIJ/YCgRs044E+AkqnjPS8fV21Z a+nQsAVuqhi7A2o7lkENBgNcJ2qZpIwmLiZZV8FwYM369I1+ZdCeHYGYEnn91NeDKEO/ BcWUoKuIYw8pTJ9Hm02UUYYtW5lkOjWRPakAWmlTGaAW9GB5NJflKHMUy8F/8VVeGUBQ qT4w==
X-Gm-Message-State: AOAM530yoeAzR/r8yvRkRTbYieAzJzfdVKSbQASK8r1w7sYljdovwJYH XFO24XQK3Om+cZYD1lPBHan83jbxQg7yKhkDjdc=
X-Google-Smtp-Source: ABdhPJwDn8yqFjwQvSsbBs/rBhHlRtyCpOP9vu1CWH6iZLEFPw1LEET7DZhuqRIPyC1TV1z3nuyDrJ6yaVPmch2wMCU=
X-Received: by 2002:a0c:f014:: with SMTP id z20mr6241878qvk.136.1593241104649; Fri, 26 Jun 2020 23:58:24 -0700 (PDT)
MIME-Version: 1.0
References: <637E7D0A-AF96-4D7D-B7CB-69E04F995F6F@apple.com>
In-Reply-To: <637E7D0A-AF96-4D7D-B7CB-69E04F995F6F@apple.com>
From: "Chris Box (BT)" <chris.box.ietf@gmail.com>
Date: Sat, 27 Jun 2020 07:58:13 +0100
Message-ID: <CACJ6M15JSwZdZ2GN+TjxwW+rBpbZq12KdfnKd4gHXF8m6ppRzA@mail.gmail.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000015980805a90b5a55"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/mph6ivtHVZ8JngGJWcS8KPC9QC4>
Subject: Re: [Add] Encrypted DNS support in iOS and macOS
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jun 2020 06:58:28 -0000

Tommy,

These details are incredibly helpful so I appreciate you sharing them.

I’m uncertain about automatic discovery though. You say:

>
> The system isn’t doing any automatic use of locally-hosted DoH/DoT servers
> at this point.
>

But this would appear to conflict with:

>
> If connections to the automatically discovered DoH resolvers fail, the
> system currently fails over to use traditional DNS.
>

In the beta, are automatically discovered resolvers used, or ignored?

Thanks
Chris