Re: [dispatch] Working Group Proposal: DNS Over HTTPS
Patrick McManus <pmcmanus@mozilla.com> Tue, 12 September 2017 15:03 UTC
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 233511329AD for <dispatch@ietfa.amsl.com>; Tue, 12 Sep 2017 08:03:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.734
X-Spam-Level:
X-Spam-Status: No, score=-0.734 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nApkIXRewTzZ for <dispatch@ietfa.amsl.com>; Tue, 12 Sep 2017 08:03:41 -0700 (PDT)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id 2F2791326F6 for <dispatch@ietf.org>; Tue, 12 Sep 2017 08:03:41 -0700 (PDT)
Received: from mail-lf0-f42.google.com (mail-lf0-f42.google.com [209.85.215.42]) by linode64.ducksong.com (Postfix) with ESMTPSA id 82D6D3A01B for <dispatch@ietf.org>; Tue, 12 Sep 2017 11:03:37 -0400 (EDT)
Received: by mail-lf0-f42.google.com with SMTP id c80so27184138lfh.0 for <dispatch@ietf.org>; Tue, 12 Sep 2017 08:03:37 -0700 (PDT)
X-Gm-Message-State: AHPjjUg9yCmuvqLtzzE0zOh8ZBOKGPtuXJLbPZ4KGm4cv0jvbBPLY8Nq oBwq+F1lIBAhjLoSpc2F8urHi4XSOw==
X-Google-Smtp-Source: AOwi7QD7meSPwVkoPIrNRA9AksfSoBMzrqbPS/EhMaKuWORbfqiCVj6IF2ZUpkOTO65QsapvyPaf9UgzbYugiE/FhG0=
X-Received: by 10.46.95.203 with SMTP id x72mr188931lje.40.1505228616152; Tue, 12 Sep 2017 08:03:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.92.200 with HTTP; Tue, 12 Sep 2017 08:03:34 -0700 (PDT)
In-Reply-To: <CABkgnnWhbW9DDfEswKTQ-+_BRewnw2RGYWOKtVac=zMCTmqODw@mail.gmail.com>
References: <20170810160035.9804.qmail@ary.lan> <305d8c08-ce2d-8e4e-5293-c5c3abb5256b@cs.tcd.ie> <alpine.OSX.2.21.1708101427390.37126@ary.qy> <3d53edbf-2d56-5972-5ce7-bc82f6d82960@cs.tcd.ie> <CABkgnnWhbW9DDfEswKTQ-+_BRewnw2RGYWOKtVac=zMCTmqODw@mail.gmail.com>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Tue, 12 Sep 2017 11:03:34 -0400
X-Gmail-Original-Message-ID: <CAOdDvNrMGtfUePLNiYC_Ksd1oY_Yhiv-44xs5kO7h1Z8fUD+Yw@mail.gmail.com>
Message-ID: <CAOdDvNrMGtfUePLNiYC_Ksd1oY_Yhiv-44xs5kO7h1Z8fUD+Yw@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Dispatch WG <dispatch@ietf.org>, John R Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="94eb2c0d97cef8bca00558ff5835"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/sqlx8q4n7qRFe7XwxCwgrnIxxos>
Subject: Re: [dispatch] Working Group Proposal: DNS Over HTTPS
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Sep 2017 15:03:43 -0000
On Mon, Sep 11, 2017 at 8:28 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > > > We might get into a whole lot more trouble if we were to - say - > provide an API that allowed web sites to make DNS queries using the > system resolver. I keep hearing that suggested and I think that this > draft offers a much better alternative - it allows us to lean on a lot > of pre-existing work around cross-origin authentication and ensures > that DNS servers are given at least a semblance of control over who > can ask them for stuff. > yes, just to underline this it is a goal of this work to make resolution available to the usual origin web security model (which martin nicely describes).. we shouldn't have to say much about it as the point is to use it unmodified (and without surprises).
- [dispatch] Working Group Proposal: DNS Over HTTPS Paul Hoffman
- Re: [dispatch] Working Group Proposal: DNS Over H… John Levine
- Re: [dispatch] Working Group Proposal: DNS Over H… Stephen Farrell
- Re: [dispatch] Working Group Proposal: DNS Over H… Mark Nottingham
- Re: [dispatch] Working Group Proposal: DNS Over H… Adam Roach
- Re: [dispatch] Working Group Proposal: DNS Over H… John R Levine
- Re: [dispatch] Working Group Proposal: DNS Over H… Stephen Farrell
- Re: [dispatch] Working Group Proposal: DNS Over H… John R Levine
- Re: [dispatch] Working Group Proposal: DNS Over H… Ben Schwartz
- Re: [dispatch] Working Group Proposal: DNS Over H… Martin J. Dürst
- Re: [dispatch] Working Group Proposal: DNS Over H… Martin Thomson
- Re: [dispatch] Working Group Proposal: DNS Over H… Patrick McManus