Re: [dns-privacy] New Version Notification for draft-peterson-dot-dhcp-00.txt

Dan Wing <danwing@gmail.com> Mon, 06 May 2019 18:24 UTC

Return-Path: <danwing@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACE1F120100 for <dns-privacy@ietfa.amsl.com>; Mon, 6 May 2019 11:24:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AFpVfevUu3AA for <dns-privacy@ietfa.amsl.com>; Mon, 6 May 2019 11:24:24 -0700 (PDT)
Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51B921200DE for <dns-privacy@ietf.org>; Mon, 6 May 2019 11:24:24 -0700 (PDT)
Received: by mail-pg1-x535.google.com with SMTP id h1so6875045pgs.2 for <dns-privacy@ietf.org>; Mon, 06 May 2019 11:24:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=B99dfrR3BFowbjyUNMskds/luBOa50EKphfcmgOEIEg=; b=S4lZhivdt7LnOgMeR39PhZgKHnNFAlJejSm67pxgnPcQFqynYtG9Penz5p4nimL5Sj xGVy1/t4zI+ABM+WFCiXXTWsP5ugm3etS1RuP1cnLmq0j8lVbQqekbTUtJJPOvyYoHcy LXsaD6UrG4DHkaMOzF3jWpBKrl6sZqsCshDt6flG6AmhGFQ1huLK6aRLZ0zoWl0aGp44 Lb4LgS2bjv5nvDEKnFiLowq1ts0GPju92ohqWLfUkZBGIMwlaBlJGhu2jNpixW2WMyXM MdpOhLz2HkcSqJ2FyfJgJypAoCbwlv6Pwm7+sM9DmMujlZN33TpeNEKz8rbLKkY4axF/ w5hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=B99dfrR3BFowbjyUNMskds/luBOa50EKphfcmgOEIEg=; b=nrSuKg6ihB+fiQKrjtrkg4z/TRRQs7z+tFzB4LGjn2OmQephnZUfdqg/tgidU7mHNl dsJK3xED74u/f6bXHTVFWUNmPjJNkCY7QM7f1DTgHrWz+Fv84OttFGA5M3bgErn85UpC D4iBOqgwMIQGgtiVUFwYSw3mO9g47NV3sUnkfLlU4TlmbjqmpSgB4z8sPJZ0IgieMZtP TMgk/F/aqULWdb3f/Sxt8fg4mvvu7gkdOZ/2JrE84MuFrDbd64wgQAOKu8miAzZmm4kW PanfNVWjqc67dMMTRnGV83gv3xXtbKMeLO/4xYFROl4cxNDFZqmJ4D01UQt11gZn3fEr a53g==
X-Gm-Message-State: APjAAAU0htKZlcuZwR/hjsi+hxnxsunIOGwRxpRRaMAD/gjkag6VIHnz BuijchMOpIkik27XXoqIqsM=
X-Google-Smtp-Source: APXvYqzUfbVP6RItRWJXQBDNq1yJBvh5l+BHOX5NVvWy7adIHtbwW3y91N/XNgYgy2JTEAGokvEuFA==
X-Received: by 2002:a63:5c1c:: with SMTP id q28mr16449148pgb.45.1557167063787; Mon, 06 May 2019 11:24:23 -0700 (PDT)
Received: from sjcldanwi.lan ([75.111.84.113]) by smtp.gmail.com with ESMTPSA id c129sm16979216pfg.178.2019.05.06.11.24.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 May 2019 11:24:23 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Dan Wing <danwing@gmail.com>
In-Reply-To: <6aba3a8e-f9c8-4476-9746-3fee0e287df1@www.fastmail.com>
Date: Mon, 06 May 2019 11:24:21 -0700
Cc: Thomas Peterson <nosretep.samoht@gmail.com>, dns-privacy@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <FF2B032C-5273-494F-8E3B-86514C2404C4@gmail.com>
References: <155637241515.19889.8043108886886364414.idtracker@ietfa.amsl.com> <9a851741-c4e3-44fd-e659-91e7eec8a88a@gmail.com> <60e1d104-a484-e786-5f27-b37916db8ca6@riseup.net> <fa17715a-74a8-77f3-5310-3da10c40224c@gmail.com> <794f6a22-27f0-4652-ac88-a1dc5584e4c3@www.fastmail.com> <977f05e9-36a8-2f1b-14ed-ba4e5e4bcb69@gmail.com> <6aba3a8e-f9c8-4476-9746-3fee0e287df1@www.fastmail.com>
To: Martin Thomson <mt@lowentropy.net>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/5m_dESaB4I3LdhxIm8EppvUjX6M>
Subject: Re: [dns-privacy] New Version Notification for draft-peterson-dot-dhcp-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2019 18:24:26 -0000

On May 5, 2019, at 9:25 PM, Martin Thomson <mt@lowentropy.net> wrote:
> No mention here of how you get the name for certificate validation still.  That's still important.

We wrote a procedure where an endpoint can see if the local network's DNS servers are already on the endpoint's trust list (e.g., you trust your ISP's DoH server, visit a friend using that same ISP so you want to trust that same configuration at your friend's house).  When joining a network where you don't trust that network's DNS servers, the user is asked if they want to trust that network's DNS servers for DoH.  We also added some policy communication so the user can determine if they like the DNS server's policies (e.g., selling browsing history, filtering malware, etc.).   With the policy information, the endpoint could avoid bugging the user if that network's DoH policies aren't at all aligned with the user's desires (e.g., user always wants malware filtering or wants parental filtering).

  https://tools.ietf.org/html/draft-reddy-dprive-bootstrap-dns-server-02#section-3

Earlier versions of that same I-D did different things; we have reduced scope considerably.

-d