Re: [dispatch] Working Group Proposal: DNS Over HTTPS

Adam Roach <adam@nostrum.com> Thu, 10 August 2017 17:58 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F156D1323BC for <dispatch@ietfa.amsl.com>; Thu, 10 Aug 2017 10:58:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fnrmPkdsnSiK for <dispatch@ietfa.amsl.com>; Thu, 10 Aug 2017 10:58:42 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99F1F131D1A for <dispatch@ietf.org>; Thu, 10 Aug 2017 10:58:42 -0700 (PDT)
Received: from Svantevit.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v7AHwGaW013477 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 10 Aug 2017 12:58:17 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Svantevit.local
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, John Levine <johnl@taugh.com>, dispatch@ietf.org
Cc: paul.hoffman@icann.org
References: <20170810160035.9804.qmail@ary.lan> <305d8c08-ce2d-8e4e-5293-c5c3abb5256b@cs.tcd.ie>
From: Adam Roach <adam@nostrum.com>
Message-ID: <bef0fed8-b071-316c-3b73-ee06d213d88e@nostrum.com>
Date: Thu, 10 Aug 2017 12:58:10 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <305d8c08-ce2d-8e4e-5293-c5c3abb5256b@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/apeJeQCMLV8ms6rU3WyOFYZXhfE>
Subject: Re: [dispatch] Working Group Proposal: DNS Over HTTPS
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2017 17:58:44 -0000

On 8/10/17 11:22 AM, Stephen Farrell wrote:
> As an aside, I'm puzzled a bit by how CORS comes into this.


I would presume that a website offering this endpoint would need to make 
a policy decision regarding which script origins it wants to let use it 
(at least, in the context of a web browser that honors CORS). I *expect* 
that, operationally, most servers offering this service will set up CORS 
to allow anyone to ask (as, if this were simply a matter of providing 
information to their own scripts, it could be done in a much simpler and 
way without the need for standardization).

I believe this deserves a brief treatment in the Security Considerations 
section, but doesn't have an impact on the charter.

/a