Re: [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients
Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 12 March 2019 15:36 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 262261310BA; Tue, 12 Mar 2019 08:36:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oRQvqWQiLUqj; Tue, 12 Mar 2019 08:36:37 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFDD5130DF6; Tue, 12 Mar 2019 08:36:37 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 3CE9F280298; Tue, 12 Mar 2019 16:36:36 +0100 (CET)
Received: from relay01.prive.nic.fr (pa-th3.interco.nic.fr [192.134.4.74]) by mx4.nic.fr (Postfix) with ESMTP id 340CB280285; Tue, 12 Mar 2019 16:36:36 +0100 (CET)
Received: from b12.nic.fr (b12.tech.ipv6.nic.fr [IPv6:2001:67c:1348:7::86:133]) by relay01.prive.nic.fr (Postfix) with ESMTP id 2F650663E720; Tue, 12 Mar 2019 16:36:36 +0100 (CET)
Received: by b12.nic.fr (Postfix, from userid 1000) id 1D1B640235; Tue, 12 Mar 2019 16:36:36 +0100 (CET)
Date: Tue, 12 Mar 2019 16:36:36 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: nalini elkins <nalini.elkins@e-dco.com>
Cc: Christian Huitema <huitema@huitema.net>, doh@ietf.org, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, dnsop@ietf.org, dns-privacy@ietf.org, "Ackermann, Michael" <mackermann@bcbsm.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <20190312153636.qdsdne24vmi4xdoe@nic.fr>
References: <1700920918.12557.1552229700654@appsuite.open-xchange.com> <7667c4d7-2e78-0a27-84af-cf1c00fd4897@cs.tcd.ie> <1991054337.12802.1552259263075@appsuite.open-xchange.com> <eea64b30-aad0-a030-5360-1b1484f1d0e3@huitema.net> <CAPsNn2WhjHSEHJUEL8GB6X0d24fkajgPnY4YgkOQbXjyxb5q8Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAPsNn2WhjHSEHJUEL8GB6X0d24fkajgPnY4YgkOQbXjyxb5q8Q@mail.gmail.com>
X-Operating-System: Debian GNU/Linux 9.8
X-Kernel: Linux 4.9.0-8-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Ymyf4Zdg7oLyGwWF0FlMz2LaD0w>
Subject: Re: [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2019 15:36:39 -0000
On Mon, Mar 11, 2019 at 08:55:18AM +0530, nalini elkins <nalini.elkins@e-dco.com> wrote a message of 202 lines which said: > The questions that the Fortune 50 company architect asked were something > like this: > > 1. You mean that DNS could be resolved outside my enterprise? I suggest to explain to this person that it was possible before, as any malware author discovered. > 2. So whoever that is that resolves my DNS sees the pattern and frequency > of what sites my company goes to? RFC 7626 :-) > It would be good to also discuss how to warn enterprises that this > is about to happen. I wonder if an announcement via CERT or another > group may be appropriate. If people responsible for networks of Fortune 50 company don't know that it is difficult to stop unwanted communication (except when you control all the endpoints, or when you airgap your network), then it is indeed a problem :-)
- [dns-privacy] New: draft-bertola-bcp-doh-clients Vittorio Bertola
- Re: [dns-privacy] New: draft-bertola-bcp-doh-clie… Stephen Farrell
- Re: [dns-privacy] New: draft-bertola-bcp-doh-clie… Vittorio Bertola
- Re: [dns-privacy] New: draft-bertola-bcp-doh-clie… Christian Huitema
- Re: [dns-privacy] New: draft-bertola-bcp-doh-clie… Vittorio Bertola
- Re: [dns-privacy] New: draft-bertola-bcp-doh-clie… nalini elkins
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Christian Huitema
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… nalini elkins
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Paul Vixie
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… nalini elkins
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Christian Huitema
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Paul Vixie
- Re: [dns-privacy] New: draft-bertola-bcp-doh-clie… Neil Cook
- Re: [dns-privacy] New: draft-bertola-bcp-doh-clie… Stephen Farrell
- Re: [dns-privacy] New: draft-bertola-bcp-doh-clie… Neil Cook
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… nalini elkins
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Paul Vixie
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… nalini elkins
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Brian Dickson
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Stephen Farrell
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Eliot Lear
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Daniel Stenberg
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Eric Rescorla
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… nalini elkins
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Stephen Farrell
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Neil Cook
- Re: [dns-privacy] [EXTERNAL] Re: [Doh] [DNSOP] Ne… Winfield, Alister
- Re: [dns-privacy] [EXTERNAL] [Doh] [DNSOP] New: d… Eliot Lear
- Re: [dns-privacy] [EXTERNAL] [Doh] [DNSOP] New: d… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] [Doh] New: draft-bertola-bcp-do… Stephane Bortzmeyer
- Re: [dns-privacy] New: draft-bertola-bcp-doh-clie… Stephane Bortzmeyer
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Stephane Bortzmeyer
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Stephane Bortzmeyer
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Neil Cook
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Eric Rescorla
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Jim Reid
- Re: [dns-privacy] [Doh] New: draft-bertola-bcp-do… Neil Cook
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Jim Reid
- Re: [dns-privacy] [EXTERNAL] [Doh] [DNSOP] New: d… Eliot Lear
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Christian Huitema
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Michael Sinatra
- Re: [dns-privacy] [Doh] New: draft-bertola-bcp-do… Yishai Beeri (yishaib)
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Stephen Farrell
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Christian Huitema
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Stephen Farrell
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Brian Dickson
- Re: [dns-privacy] [Doh] New: draft-bertola-bcp-do… Stephane Bortzmeyer
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Ralf Weber
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Christian Huitema
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Stephen Farrell
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Mark Andrews
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Paul Wouters
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Wouters
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Stephen Farrell
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Raymond Burkholder
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Vittorio Bertola
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… nalini elkins
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Vittorio Bertola
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Christian Huitema
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Raymond Burkholder
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Christian Huitema
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Vittorio Bertola
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Christian Huitema
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Eliot Lear
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Paul Vixie
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Brian Haberman
- Re: [dns-privacy] [Doh] [DNSOP] New: draft-bertol… Livingood, Jason
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Christian Huitema
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Brian Dickson
- Re: [dns-privacy] [DNSOP] [Doh] New: draft-bertol… Raymond Burkholder
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… william manning
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Watson Ladd
- Re: [dns-privacy] [DNSOP] New: draft-bertola-bcp-… Paul Vixie