Re: [dispatch] Working Group Proposal: DNS Over HTTPS
"John R Levine" <johnl@taugh.com> Thu, 10 August 2017 19:48 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36B92132430 for <dispatch@ietfa.amsl.com>; Thu, 10 Aug 2017 12:48:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.79
X-Spam-Level:
X-Spam-Status: No, score=-1.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=iecc.com header.b=Mwi1nWXo; dkim=neutral reason="invalid (public key: not available)" header.d=taugh.com header.b=vOHzUXox
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MlKMyquh7Iuu for <dispatch@ietfa.amsl.com>; Thu, 10 Aug 2017 12:48:52 -0700 (PDT)
Received: from miucha.iecc.com (w6.iecc.com [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCA7B132359 for <dispatch@ietf.org>; Thu, 10 Aug 2017 12:48:51 -0700 (PDT)
Received: (qmail 67105 invoked from network); 10 Aug 2017 19:48:51 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1061f.598cb8a3.k1707; bh=NUhp/Jyq+dqDYhnDdCjMf/Z9YRaT1sraPG65iiqLL4Q=; b=Mwi1nWXoNfOAj0N1YEg3Sik6RAnPtqJovW6QcsPjfsY9wWEYA3iuzTQKCyJCfUMO1Jwr2L2tZF9qUJ1WdhPSPgU+DKYalL+cVl+JnKfyPqqM+imS3hQt9t6ub04/MCNfAA+K3ttoI7Td5ox/vlfwbuZzbdkPUqaSL4JJvrOLQOKZTr14npKIVa0A0A3d2PSTlAZn7oeSMXHX2g2AEmY9jFI5nPzJfnwDXTUz0YhYVbsY5ERaq070/qULq4LEqb/u
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=1061f.598cb8a3.k1707; bh=NUhp/Jyq+dqDYhnDdCjMf/Z9YRaT1sraPG65iiqLL4Q=; b=vOHzUXoxXpjO1f5gDVhcWW0DctMaOcClxGRiERmgbLbEY70qcYB/bmJhv/RNBB6L6GOZWgjFOhpDLgzikoOur3tWx4Ek8XHHJbEf9qyOXcUq8SP3EGP9rqFkL5rODvSqQCm3ofJ/Jm5s9rUnGqy1cOL1LHQHwlSdf0nd7LJpOIQubYGdo6BjKvW7QWWkZLP1DAAX+30or8Y7tApt+5iTz1pjb7Dq1u/X8uOiXaLX2/E8LTyrp40V0HvAP3YKnBrx
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2/X.509/AEAD) via TCP6; 10 Aug 2017 19:48:50 -0000
Date: Thu, 10 Aug 2017 15:48:50 -0400
Message-ID: <alpine.OSX.2.21.1708101544040.37303@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Dispatch WG <dispatch@ietf.org>
In-Reply-To: <3d53edbf-2d56-5972-5ce7-bc82f6d82960@cs.tcd.ie>
References: <20170810160035.9804.qmail@ary.lan> <305d8c08-ce2d-8e4e-5293-c5c3abb5256b@cs.tcd.ie> <alpine.OSX.2.21.1708101427390.37126@ary.qy> <3d53edbf-2d56-5972-5ce7-bc82f6d82960@cs.tcd.ie>
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/mR82nQg-DdF5oSV1l5BFntR7kBM>
Subject: Re: [dispatch] Working Group Proposal: DNS Over HTTPS
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2017 19:48:53 -0000
On Thu, 10 Aug 2017, Stephen Farrell wrote: >> do, this is not a way to patch a browser's DNS lookup code. > > I don't know what you mean by that last tbh. Browsers do their own DNS lookups in the usual way. This proposal does not change that in the least. > The problem I'm trying to describe is touched on in the > last para of the draft's security considerations. Oh, that. The client is the javascript application, not the browser inside which it's running. Re CORS, a normal javascript app can only call back to servers in the same domain, so any evil due to DNS over http will be coming from the equally evil server that provided the javascript code in the first place. I suppose CORS lets it talk to other differently evil places, but this doesn't impress me as an interestingly new problem. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [dispatch] Working Group Proposal: DNS Over HTTPS Paul Hoffman
- Re: [dispatch] Working Group Proposal: DNS Over H… John Levine
- Re: [dispatch] Working Group Proposal: DNS Over H… Stephen Farrell
- Re: [dispatch] Working Group Proposal: DNS Over H… Mark Nottingham
- Re: [dispatch] Working Group Proposal: DNS Over H… Adam Roach
- Re: [dispatch] Working Group Proposal: DNS Over H… John R Levine
- Re: [dispatch] Working Group Proposal: DNS Over H… Stephen Farrell
- Re: [dispatch] Working Group Proposal: DNS Over H… John R Levine
- Re: [dispatch] Working Group Proposal: DNS Over H… Ben Schwartz
- Re: [dispatch] Working Group Proposal: DNS Over H… Martin J. Dürst
- Re: [dispatch] Working Group Proposal: DNS Over H… Martin Thomson
- Re: [dispatch] Working Group Proposal: DNS Over H… Patrick McManus