Re: [dns-privacy] New Version Notification for draft-peterson-dot-dhcp-00.txt
"Martin Thomson" <mt@lowentropy.net> Tue, 07 May 2019 00:40 UTC
Return-Path: <mt@lowentropy.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4B66120129 for <dns-privacy@ietfa.amsl.com>; Mon, 6 May 2019 17:40:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=fCJiBM5W; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=nWwDx/ym
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K32p3Oq6Gf1u for <dns-privacy@ietfa.amsl.com>; Mon, 6 May 2019 17:39:58 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94BD21200F8 for <dns-privacy@ietf.org>; Mon, 6 May 2019 17:39:58 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id B0D1E22F18; Mon, 6 May 2019 20:39:57 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Mon, 06 May 2019 20:39:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=irFWfoMIDzl+D3fzxisLCBs4O6jh h0dJRF1+g7G0Mzs=; b=fCJiBM5WIDGHIbNMk11XJ544sScKIB8qVPhaueEcjRHl eLHTbvdvDPtB+B7Fl89uckImjaRDZNr1sdVAADlcM37ZkTqfBCae56XZn1ytH9oB tv+rNA3fv3KkZMIGnD99B7Mn3azB7VdlXKzxMdGaYS7rFh9W3UPDqnCBrznuWfMY /VKVJWYbrOlPbugd8EvlaMIemuVjbtq9d5WIsKKcuY3c/2kc6lhRXRT5Fpks0T25 f5ZUtG9OGihbUEIO1aBFuQ0dBkO90GMEimZopA+2P/PdH7zfr9S6hC2SlE3VmQ8X nBNROILg7BUA+7cLFklKM3E2iFpSjtlfUQr2ElUN3g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=irFWfo MIDzl+D3fzxisLCBs4O6jhh0dJRF1+g7G0Mzs=; b=nWwDx/ymvU+gOxHOtLSUQ6 1e3JRzo4uPmirhToui9Xx7QyxOplQWZUciRNCqC6p1wg//3jttm9mHwyyBzv3+i6 tT5swA/G49ytDCdiXxd942aEVG3w4mAEIbap+crI6c1QW0gpML+nBqhGNpEsgebn s0VSq4tPIJmTU9f00yBnZncyMv+8gaYUCa4ZwkxJH0HL/YEFTCl/ASLmcmDKjQ6A b0SOTD8mP3j/sSEvgDhlPv5cfXjyiTWp0Kk9Mc4+vVjlKJDgv70Z3IgsAa0Bwl6J onarRfQK8B16dSXK6dM44+kVpyME6uQHSXobXqkiWC7QwdTsGmmEqPIHm7S9plmw ==
X-ME-Sender: <xms:3dPQXKWWVu3VQbdk6OttAJHjeiOa7CXnYooO-e5FZ430H9LhNBowbQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrjeelgdefjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtsehttdertderreejnecuhfhrohhmpedfofgrrhht ihhnucfvhhhomhhsohhnfdcuoehmtheslhhofigvnhhtrhhophihrdhnvghtqeenucfrrg hrrghmpehmrghilhhfrhhomhepmhhtsehlohifvghnthhrohhphidrnhgvthenucevlhhu shhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:3dPQXF2aCPSBGzVP7f350f8Patl4Pb9T8wtzhheI6-9aczlBcfZLUw> <xmx:3dPQXBM8dLDbREu3aY0UlCwhw_kTW5L2S1jPRu0RJobO23dqdWhsCg> <xmx:3dPQXI19zOdl3-yXkZpuC5NTkhW5T5NFyQa0XTjT17l2zmmgMu_QVQ> <xmx:3dPQXJwzyaO-3QcefXFuzFX4CnKQbqhrKsuvl4CcleLJhqYBncIZhg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 2F5FF7C3DB; Mon, 6 May 2019 20:39:57 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-449-gfb3fc5a-fmstable-20190430v1
Mime-Version: 1.0
Message-Id: <561c7827-80ec-473d-a42f-1b3981e525b8@www.fastmail.com>
In-Reply-To: <FF2B032C-5273-494F-8E3B-86514C2404C4@gmail.com>
References: <155637241515.19889.8043108886886364414.idtracker@ietfa.amsl.com> <9a851741-c4e3-44fd-e659-91e7eec8a88a@gmail.com> <60e1d104-a484-e786-5f27-b37916db8ca6@riseup.net> <fa17715a-74a8-77f3-5310-3da10c40224c@gmail.com> <794f6a22-27f0-4652-ac88-a1dc5584e4c3@www.fastmail.com> <977f05e9-36a8-2f1b-14ed-ba4e5e4bcb69@gmail.com> <6aba3a8e-f9c8-4476-9746-3fee0e287df1@www.fastmail.com> <FF2B032C-5273-494F-8E3B-86514C2404C4@gmail.com>
Date: Mon, 06 May 2019 20:39:57 -0400
From: Martin Thomson <mt@lowentropy.net>
To: Dan Wing <danwing@gmail.com>
Cc: Thomas Peterson <nosretep.samoht@gmail.com>, dns-privacy@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/DEGqWjLUKHf4kd2TlsoVBHy7W38>
Subject: Re: [dns-privacy] New Version Notification for draft-peterson-dot-dhcp-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2019 00:40:01 -0000
On Tue, May 7, 2019, at 04:24, Dan Wing wrote: > On May 5, 2019, at 9:25 PM, Martin Thomson <mt@lowentropy.net> wrote: > > No mention here of how you get the name for certificate validation still. That's still important. > > We wrote a procedure where an endpoint can see if the local network's > DNS servers are already on the endpoint's trust list (e.g., you trust > your ISP's DoH server, visit a friend using that same ISP so you want > to trust that same configuration at your friend's house). When joining > a network where you don't trust that network's DNS servers, the user is > asked if they want to trust that network's DNS servers for DoH. We > also added some policy communication so the user can determine if they > like the DNS server's policies (e.g., selling browsing history, > filtering malware, etc.). With the policy information, the endpoint > could avoid bugging the user if that network's DoH policies aren't at > all aligned with the user's desires (e.g., user always wants malware > filtering or wants parental filtering). Hi Dan, I wasn't talking about trust, I was simply talking about ensuring that the server you are talking to the one is the one the network intends. But how you might automate some of the process of "trust" is not something I think we should be talking about until we know what "trust" looks like in more detail. There is probably a place for building whitelists, but it's not clear that the DoH server someone "trusts" at home is something they want to "trust" when they are someplace else. --Martin
- [dns-privacy] Fwd: New Version Notification for d… Thomas Peterson
- Re: [dns-privacy] Fwd: New Version Notification f… nusenu
- Re: [dns-privacy] Fwd: New Version Notification f… Thomas Peterson
- Re: [dns-privacy] Fwd: New Version Notification f… Martin Thomson
- Re: [dns-privacy] New Version Notification for dr… Ole Troan
- Re: [dns-privacy] Fwd: New Version Notification f… Thomas Peterson
- Re: [dns-privacy] Fwd: New Version Notification f… Martin Thomson
- Re: [dns-privacy] New Version Notification for dr… Dan Wing
- Re: [dns-privacy] New Version Notification for dr… Martin Thomson
- Re: [dns-privacy] Fwd: New Version Notification f… Thomas Peterson
- Re: [dns-privacy] Fwd: New Version Notification f… Erik Kline
- Re: [dns-privacy] Fwd: New Version Notification f… Martin Thomson
- Re: [dns-privacy] New Version Notification for dr… Brian Haberman
- Re: [dns-privacy] Fwd: New Version Notification f… Thomas Peterson