IETF Logo Mail Archive

Re: [dns-privacy] Last Call: <draft-ietf-dprive-rfc7626-bis-03.txt> (DNS Privacy Considerations) to Informational RFC

Eric Rescorla <ekr@rtfm.com> Thu, 09 January 2020 17:52 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 590DC1200FA for <dns-privacy@ietfa.amsl.com>; Thu, 9 Jan 2020 09:52:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OEAqtxqBdqmk for <dns-privacy@ietfa.amsl.com>; Thu, 9 Jan 2020 09:52:29 -0800 (PST)
Received: from mail-lf1-x141.google.com (mail-lf1-x141.google.com [IPv6:2a00:1450:4864:20::141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAA141200F6 for <dns-privacy@ietf.org>; Thu, 9 Jan 2020 09:52:28 -0800 (PST)
Received: by mail-lf1-x141.google.com with SMTP id 9so5829649lfq.10 for <dns-privacy@ietf.org>; Thu, 09 Jan 2020 09:52:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gzyGrr2jmWDpSH5aqRnj6OmhEfRPLcbEsIM8MRbw6TQ=; b=R+Hl2+2igre4QoLVayR2b9RfBHNVDO3IgOLgVURv2+VfXGhAbrKjKtjJHOpKVLWZGJ DBHtcut5ggm2VGW8n3RZyTEXbMJF6eDApMxIBVfKqMSvUAmJ6MVklnxJvRchfG3zZvYP hVGfF1hPglI8Puu/hpGyiaOMo9WQkBI64CEdbo21D/1ecE7ZTpBzhnP7LmMU0U5Qhx3p yhEoI3to4eNnsO0fRPiQfC6gNBi8b1gwO6fOLHRsZ0UJ6GGJCiCaosnx0gPyULicdmfO JSsQgahftvZ7VS+cGXc2qsA+3GN02n2a37MQCVNcoSOSKQufQ+40NXs3a5Uwdka1h3qH SOJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gzyGrr2jmWDpSH5aqRnj6OmhEfRPLcbEsIM8MRbw6TQ=; b=BJb9krhxPo42ODbtXNfZh3/MY444lyoKb7joPcMuro3CsYTOzGo/ijHfrmV2q/Y8Mn goGQE/PjjauvaGt+utF/8DbuhTGGApwztxAEP+k3w91e7HFk8N/1277sNnuw/Y7D/u9b mFMxHrYKCcMHFIT3Qb30ZALlKLElu8BzJ8DLnkVvWZmRDWY8FOx50PJ21gZjdjD230Mc Us4btW/vM8Xt1NO54MNY1JZr7VlnP7QW7LNBc0mUBkAAyWaHtbHjeCxKweQQro2O4ScS fNzaEm4i8XWG3YEntQfuH3vfDOuSRCbtdCZmjYUcHrPdW0X1MOQSADh3K+2gzVgVj9We oNlg==
X-Gm-Message-State: APjAAAWYhBhLu3/jXHmzjyq/YAPRe9ARZcGtSAu2ryqZKGGFFxIXVIlS SaYwdxbrpw5jOg/Br7lOLpTGvflPVj1DP0b6+6RU0R2RJQ49NQ==
X-Google-Smtp-Source: APXvYqymIkjztxEhV4jr+7ahCuFNkptAeod/K2BO7nu98vtEwHq6Iq1p3WgB4+AfKYXm6DRCaLUw8utCPrhaC6HYzHA=
X-Received: by 2002:a05:6512:25c:: with SMTP id b28mr7168349lfo.184.1578592347182; Thu, 09 Jan 2020 09:52:27 -0800 (PST)
MIME-Version: 1.0
References: <157412591286.14148.8912544206473080519.idtracker@ietfa.amsl.com> <6.2.5.6.2.20200101181705.081679d0@elandnews.com> <20200109154445.GD28511@nic.fr> <6.2.5.6.2.20200109075934.0c07fc10@elandnews.com>
In-Reply-To: <6.2.5.6.2.20200109075934.0c07fc10@elandnews.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 09 Jan 2020 09:51:50 -0800
Message-ID: <CABcZeBMPHPAzsSP2v1ZjUvPrh9=niQrh+3zaDL4paRYSTdkbJQ@mail.gmail.com>
To: S Moonesamy <sm+ietf@elandsys.com>
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, Brian Haberman <brian@innovationslab.net>, DNS Privacy Working Group <dns-privacy@ietf.org>, draft-ietf-dprive-rfc7626-bis@ietf.org, dprive-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000198889059bb8acd1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/u2cQA8DiTvkwWZtlSQSStX9OdQU>
Subject: Re: [dns-privacy] Last Call: <draft-ietf-dprive-rfc7626-bis-03.txt> (DNS Privacy Considerations) to Informational RFC
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jan 2020 17:52:31 -0000

On Thu, Jan 9, 2020 at 8:49 AM S Moonesamy <sm+ietf@elandsys.com> wrote:

>
> >That's a very serious misrepresentation of DoH. Counter-example:
> >Google Chrome did DNS resolution with UDP, a long time ago.
>
> I mentioned web browser and not Google Chrome.  I tested a web
> browser which is not Google Chrome.  The DNS queries were sent to the
> local resolver.  I did another test with Firefox.  The DNS queries
> were also sent to the local resolver.
>

I think you're misunderstanding Stephane.

You wrote:
"The choice of resolvers was previously made by the network on which
the user was connected.  Recently, the Internet Engineering Steering
Group approved the standardization of a mechanism so that the choice
can be made by a web browser. "

This isn't correct. Web browsers have *always* been able to choose their
own resolver because DNS is just UDP packets, which the browser is quite
capable of sending (e.g., QUIC, WebRTC). Historically, browsers have
chosen to use the system resolver which customarily gets its choice of
resolver from the network, however, Chrome, at least, for some time has
done DNS resolution itself, albeit using the same resolver as the system
resolver used. However, they could easily have chosen to use 8.8.8.8
(or some other resolver) instead.

The point here is that DoH is orthogonal to the question of which resolver
you use.

-Ekr

v2.23.0 | Report a Bug | By Email