Re: [dispatch] [Ext] Re: New proposed work: DNS over HTTPS

Martin Thomson <> Mon, 19 June 2017 00:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E3F351243F6 for <>; Sun, 18 Jun 2017 17:25:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id aB4by7rx7V4b for <>; Sun, 18 Jun 2017 17:25:39 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F03901200C5 for <>; Sun, 18 Jun 2017 17:25:38 -0700 (PDT)
Received: by with SMTP id v20so46885406lfa.1 for <>; Sun, 18 Jun 2017 17:25:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bLVS6uHhPpAb6Yp+HERhcvDBsM9bdoG57G3o3NP6Fio=; b=tyWuomLd2JabI0Ie+2ip3rPPH8/DbyW3Mx/QNFQEIE86vFRcvU82Kum089PZ9l2U7+ kPHzwwPp9otdjSV6ZZ7L0lz61qbt9M40bCigMu8KzmGobwx0rNJjGg+4kM+D43NojB+j UwnXLs8sW98r6+ozaLPR7sT1NfKv4qgHd63SSlqMagzsSm/8o3pzxieroNekwbyYwtPA dm/3lri8wsLAveEDzQyZQTeASeP/eG6X31hJABHMcWLa+JM0BAPR+VM/R9VXfnb+9F/y /HzNE3LJJWKbQBCv6kHSM+fIm+IRDK+qBJUMkcAgjyVeUDKX1ZEXOMNCjiBfpzlN8UQL 0Hhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bLVS6uHhPpAb6Yp+HERhcvDBsM9bdoG57G3o3NP6Fio=; b=k+NeQ/iYHSIWm8zDY+Zu6Ph1R751VeBAjvPbzJtGIMoILzbVPcz2z7Jq6C6O9HqRSU E+2k3ljeauafHESdRKV7fvlUimfYiLQhwGG+/R5xnk/TCTCE9xOtKIDqEGiksIve7fU4 AHw21JFQnA33+xCwF0RB66DnUAF99hKrCvHWotvFfmDziA+232gfCA1/UKnKL6k4ZGix xYAqk7el8OuTSaGLZEon0Phk6IhmpzAla4G6b1F4+O/JLtV3CwPUwZxJxwkGwuJLxuiW PK+Hr54aC+huF68b9ioZ7a2DmFHXUJT+YWwrEvyHOApOqETRzmS3oRDIQEbscmjLJAzd SJ8Q==
X-Gm-Message-State: AKS2vOx66yoMOT8+D6PDiNrfkkCPqBC1vRDQ4AV20NYURRvw2zRJ0MiW duct4Ud6wfnoQWOZpuywq6ZC70bJbs4R
X-Received: by with SMTP id p15mr5704382lfe.43.1497831937331; Sun, 18 Jun 2017 17:25:37 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sun, 18 Jun 2017 17:25:36 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
From: Martin Thomson <>
Date: Mon, 19 Jun 2017 10:25:36 +1000
Message-ID: <>
To: Paul Hoffman <>
Cc: Stephen Farrell <>, "" <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
Subject: Re: [dispatch] [Ext] Re: New proposed work: DNS over HTTPS
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 Jun 2017 00:25:41 -0000

On 18 June 2017 at 03:43, Paul Hoffman <> wrote:
> On Jun 17, 2017, at 5:33 AM, Stephen Farrell <> wrote:
>> So if such analysis is part of the planned work, then I'd be
>> happy to support progressing it. If not... not.
> It wasn't part of the planned work because we thought we dealt with the issue you reported. It is now part of the planned work because it appears we undershot. This kind of consideration should definitely be discussed in the document.

I've had a number of discussions about this recently, and I'm really
glad you say this.  The interaction between this work and recent
extensions to HTTP change the dynamics considerably.  I believe that
there is an answer to be had, but navigating the competing pressures
of connection coalescing, ORIGIN frames, Alt-Svc, and secondary
certificates isn't something we should be too dismissive of.

At best, I think that this introduces some new ways of thinking about
who resolves requests that need some care.