Re: [Add] [EXTERNAL] Re: Browser Administrative Authority
Paul Wouters <paul@nohats.ca> Mon, 27 May 2019 04:34 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ABDB1201E4 for <add@ietfa.amsl.com>; Sun, 26 May 2019 21:34:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id daUjXPO6MM3I for <add@ietfa.amsl.com>; Sun, 26 May 2019 21:34:11 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B651E1201E0 for <add@ietf.org>; Sun, 26 May 2019 21:34:11 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 45C3yp1CFKz2fR for <add@ietf.org>; Mon, 27 May 2019 06:34:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1558931650; bh=ZB8NTgryZ7bivR6rk0rcpHaflIeyXJsCs6WTPaB20zo=; h=Date:From:To:Subject:In-Reply-To:References; b=Us2HlOTLfdME17kqn+zWUPRdgAjqqMFpvnx2j93diqusMmg86aXX+XM4m1J0Pytho FabYGol5sIhzqy9TEpmlpmNm/8HU1cPE/Gd60ZZtzCQiSKB4CMfHZMOqv8kmS8KCsL mIoYiw5xMStp5kR74FJs3DKIpxHSYkHuYfClTOLU=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id bhrraV4JG6wA for <add@ietf.org>; Mon, 27 May 2019 06:34:09 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS for <add@ietf.org>; Mon, 27 May 2019 06:34:09 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id C99EC50022C; Sun, 26 May 2019 20:18:55 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca C99EC50022C
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id C0A6D40BE935 for <add@ietf.org>; Sun, 26 May 2019 20:18:55 -0400 (EDT)
Date: Sun, 26 May 2019 20:18:55 -0400
From: Paul Wouters <paul@nohats.ca>
To: add@ietf.org
In-Reply-To: <CAAedzxrxChBwtv=rAcx=XcJ_K0HRsfwv6TNFynJxNRPZkG_GKA@mail.gmail.com>
Message-ID: <alpine.LRH.2.21.1905262012450.25783@bofh.nohats.ca>
References: <182C9119-59F9-43FA-B116-4D45649B74B5@nbcuni.com> <410f4e4d-aee0-d679-b454-6576de90b21a@nomountain.net> <76EF5603-618C-4A73-A4F9-7489B73B0757@nbcuni.com> <9ad7aa89-d751-e4c6-dede-e9c22faf6d20@nomountain.net> <CAAedzxrxChBwtv=rAcx=XcJ_K0HRsfwv6TNFynJxNRPZkG_GKA@mail.gmail.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/uYJWYGdm7hKmMCWo4qD1F3Nr0ns>
Subject: Re: [Add] [EXTERNAL] Re: Browser Administrative Authority
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2019 04:34:13 -0000
> It's certainly the case that some applications that run in > browsers have narrower security requirements around DNS > than others do, and right now there's no way for those > applications to discover whether or not their DNS queries > are protected. Since browsers refuse to use DNSSEC, and thus TLSA, why do browsers have narrower security for some apps? It seem they purposepully present apps with no DNS security. And their runaround now is "let our browsers use transport secured unsafe DNS towards our own trusted DNS infrastructure". That's correcting a mistake with a mistake, and now we all have to take into account that a few browser/DNS vendors will be the choke point for large scale censorship based on DNS. Paul
- Re: [Add] Browser Administrative Authority Tom Ritter
- [Add] Browser Administrative Authority Deen, Glenn (NBCUniversal)
- Re: [Add] Browser Administrative Authority Adam Roach
- Re: [Add] Browser Administrative Authority Cook, Neil
- Re: [Add] Browser Administrative Authority Tommy Jensen
- Re: [Add] Browser Administrative Authority Tom Ritter
- Re: [Add] Browser Administrative Authority Tommy Jensen
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] Browser Administrative Authority Melinda Shore
- Re: [Add] Browser Administrative Authority Cook, Neil
- Re: [Add] Browser Administrative Authority Stephen Farrell
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Melinda Shore
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Ebersman
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Erik Kline
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Stephen Farrell
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Christian Huitema
- Re: [Add] Browser Administrative Authority Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Vittorio Bertola
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… tirumal reddy
- [Add] publication of DoH Resolver policies Jim Reid
- Re: [Add] publication of DoH Resolver policies tirumal reddy
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Deen, Glenn (NBCUniversal)
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Neil Cook
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… tirumal reddy
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Paul Wouters
- Re: [Add] publication of DoH Resolver policies Livingood, Jason
- Re: [Add] publication of DoH Resolver policies Winfield, Alister
- Re: [Add] publication of DoH Resolver policies Petr Špaček
- Re: [Add] publication of DoH Resolver policies tirumal reddy
- Re: [Add] publication of DoH Resolver policies tirumal reddy
- Re: [Add] [EXTERNAL] Re: publication of DoH Resol… Winfield, Alister
- Re: [Add] [EXTERNAL] Re: publication of DoH Resol… tirumal reddy
- Re: [Add] Browser Administrative Authority Livingood, Jason
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Livingood, Jason
- Re: [Add] [EXTERNAL] Re: Browser Administrative A… Livingood, Jason
- Re: [Add] [EXTERNAL] Re: publication of DoH Resol… tirumal reddy