Re: [Add] [EXTERNAL] Re: Malware adopting DoH
Rob Sayre <sayrer@gmail.com> Sun, 15 September 2019 13:29 UTC
Return-Path: <sayrer@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9959212010E for <add@ietfa.amsl.com>; Sun, 15 Sep 2019 06:29:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ERNFt0t3Geba for <add@ietfa.amsl.com>; Sun, 15 Sep 2019 06:29:01 -0700 (PDT)
Received: from mail-io1-xd36.google.com (mail-io1-xd36.google.com [IPv6:2607:f8b0:4864:20::d36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 993891200FD for <add@ietf.org>; Sun, 15 Sep 2019 06:29:01 -0700 (PDT)
Received: by mail-io1-xd36.google.com with SMTP id r26so72587497ioh.8 for <add@ietf.org>; Sun, 15 Sep 2019 06:29:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iyuRZF7SQ5Z6MdN4lCavP5DcxRydmZsGAMLsP8k+FmE=; b=ceVs1FqxWphDgpLoJ+6mNg9yKdFtZBOr8Zd+/gnmT8/R1NU15gQnegQit90xs7xvAR EEjlKMiIkF0TGSCqSs9wXMRU2BzSnXUpDJQo1AKy4rvl23jxlc9sVjbi7X6PSr5MYHdQ jH19MuslQ7E+xrhf1l+WDMD7/MIMERiu0PEKELR4ZEra8yhXun2qNROq7D2xOoYA1c23 8/+t8Ml9tQauV4UE/tooeqLHkDTpGq7U16ATHCXXreoD2qUuDpgvN4/+jcYvFfbtQyKx xJbyGFuY5MGi/01m1u4l4Ji9DyaaFFipHYueNCq1g8M6Z7fql53ZawVWSYAT30UX+HEI Kb8A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iyuRZF7SQ5Z6MdN4lCavP5DcxRydmZsGAMLsP8k+FmE=; b=UHMbNLMhzx/IWzw15KQqC8HmRpqZd4XEW105lX5uJEIgpF+vcs9ofqSYmzdDQCO78f +BhxB+5KZ36O+h3xJWs8sTPcwzF9YVMFeGaL+ExDHcOAjP0XN/feyWRfxwakweB1bAV/ DFbMjEULi2sk+g5b1NNgR77YFNF2x6xaBLBVvWlEStlJfJ9csX2IpYx4mFUtw3rW4Edc y6uG0mXWvPjQljDVT1GjBZ5/5k02DlKs2/xCdUZ6dlrKT3xcDjIg3V/mzlpxSrs9XmOh VlkbTxfBYrhFnm9pn6rEYoexPR0wdxn83L3GuTnWJ6+sTYUOlkpmQJ19k/0SGkcq9NjT ZZig==
X-Gm-Message-State: APjAAAUzFFgyGl4VYAUmhOWNMs1p+eqU+t9nFNsP28oky9MGk7gEUN4O SQR3tY8AN0LYyyJR9gvCn7mSsxno01nQKC7jI4c=
X-Google-Smtp-Source: APXvYqxGA11ik8NHFYuUPwAHOnq3mcKgahCKFI9CD1CJaPvBcY/Z7idyfpuGJQaGd08bt0ro8nP3JZ7gX8YohrPWRdk=
X-Received: by 2002:a5d:8457:: with SMTP id w23mr10676161ior.189.1568554140786; Sun, 15 Sep 2019 06:29:00 -0700 (PDT)
MIME-Version: 1.0
References: <66DC417B-23BC-4AF7-916B-5BAE7E5D9635@sky.uk> <ED3464BD-37A7-4B6F-8327-508B0CB76A3E@fugue.com> <21edfaff-8741-4f4f-a3d4-1aa88ede6935@getmailbird.com> <2970473C-046A-4FD0-AD01-66DAD3A18B4F@fugue.com> <ae179431-f215-4138-b103-d6cc173a8952@getmailbird.com>
In-Reply-To: <ae179431-f215-4138-b103-d6cc173a8952@getmailbird.com>
From: Rob Sayre <sayrer@gmail.com>
Date: Sun, 15 Sep 2019 08:28:49 -0500
Message-ID: <CAChr6SzMBMPO_8wRqTH-pBHy4C4EN06Lwsu+dK26FYUYwH-FpA@mail.gmail.com>
To: Robert Mortimer <robm=40scramworks.net@dmarc.ietf.org>
Cc: Ted Lemon <mellon@fugue.com>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000005f66ad0592977833"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/pr2V_lUkXRJFGPIxAtFnvGeBe6w>
X-Mailman-Approved-At: Sun, 15 Sep 2019 23:22:22 -0700
Subject: Re: [Add] [EXTERNAL] Re: Malware adopting DoH
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Sep 2019 13:29:04 -0000
Hi, Here's some data on this point: https://developers.google.com/speed/public-dns/docs/intro#google_public_dns_what_it_is_and_isnt "Google Public DNS is not... A malware-blocking service. Google Public DNS rarely performs blocking or filtering, though it may if we believe this is necessary to protect our users from security threats. In such extraordinary cases, it simply fails to answer; it does not create modified results." Google and other browser makers do perform malware blocking, in a sense. They just generally don't use DNS to do it. See: https://safebrowsing.google.com It seems to me that DoH provides the typical benefits of encryption over the wire. On the "informed consent" argument: there are many divergent opinions. Some people on this list seem to think DNS is special in some way, but I don't think there is an IETF document that states anything like that. As we have seen, there are many libraries, applications, and products that connect to DNS servers without informing the user. thanks, Rob On Sun, Sep 15, 2019 at 7:44 AM Robert Mortimer <robm= 40scramworks.net@dmarc.ietf.org> wrote: > No that's an argument for making an informed decision about what DNS > service provider you use and possibly for being able to avoid limitations > being imposed by the network you happen to be using at the time. > > Using a VPN to access your DNS provider would achieve the same thing, as > would using DoT or in many cases simply not using DHCP to decide your DNS > provider. > > If my an application is deciding which DNS service to use without my > informed consent then even if it's using DoH it achieves none of the things > you list. > > Your list merely describes informed choice of DNS provider not any benefit > uniquely inherent to DoH >
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Dixon, Hugh
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Ted Lemon
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Andrew Campling
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Jim Reid
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Ralf Weber
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Ted Lemon
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Jim Reid
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Ted Lemon
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Andrew Campling
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Ted Lemon
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Robert Mortimer
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Ted Lemon
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Robert Mortimer
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Rob Sayre
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Dixon, Hugh
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Rob Sayre
- Re: [Add] [EXTERNAL] Re: Malware adopting DoH Brian Dickson