Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Eric Rescorla <ekr@rtfm.com> Fri, 22 March 2019 08:34 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AFCF130EC2 for <dnsop@ietfa.amsl.com>; Fri, 22 Mar 2019 01:34:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JJ1VSidCTb5H for <dnsop@ietfa.amsl.com>; Fri, 22 Mar 2019 01:34:34 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D2B3130EC0 for <dnsop@ietf.org>; Fri, 22 Mar 2019 01:34:33 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id r24so258697ljg.3 for <dnsop@ietf.org>; Fri, 22 Mar 2019 01:34:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=17Ugb29d1M2xFYMYOcTR5g9cJVOPQBjOkkf26NvyOlM=; b=MrfCqEVzqDWFYROL5kB9P09rex7sU8erxNdLCUh/J3J0B/dB1dmysRnQ2zhG6bnYgC T47zl0MYVyqFUyhoCoj2SQOvIbD71NE9CNm27rGmHBCu34cd9woWjnIoP8bsWZG7TzG2 RUbBmVgy7qXlO1fqE97ado48PI2PEFgu2sUGTN2G+76gGn3Mp33y2Rbp+gv9w3AGoUDv pdVf4+eplIvsoucjjDst1utaFLr8syx69Hkz0BkSlzFo9PPaE7hTIck4+higsxyWair2 O+yXsaUY020pRC1xkixQptSGtNCLR9bbl94TPGNCLFw+ArgsbF/dxN6bkzdznoc94P9F I5tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=17Ugb29d1M2xFYMYOcTR5g9cJVOPQBjOkkf26NvyOlM=; b=ScOb0zWI6+7nzHFRfr8MzfqaUrcmHqiXpHwOz+YSQEYTLQbzn/dmMEnfjiXBBG+ZxN k3Bs+TuffGbp4wZW0eeC04nwAonCKB7MIUrm+LZSmXySEUKF7Zog/UJDxgJ3KwvOOpEV EvosCj/MYbD3EgKHdwcycJkbV5lRgeGsBAP7RfqE4Ao6k4MLg7HrOtgp72LfPN3sOGf8 bSS1uUpYTjiPveN5GUILNNjZKAxdorXzbXYqra4H1pegr0aN6AQrACZ7H1xsWHTgXr1k W15xAsNQn6j4k4EKr625+K5ZVzN3kKdATOftFgJgFcWJcxvX/9qRcOET9t6u7szrljWz WziA==
X-Gm-Message-State: APjAAAW4jGAQlA6GZvwNodegLY2nzfF4bU20dVosZ4mpio8KcZzmPt/X JDzErxOOOwh8/w8n7U6Opzy5IHIDrq6NWYrMcr97ZCXuZTM=
X-Google-Smtp-Source: APXvYqxtWj0IxmwPC3U4p5fmd9/lLbY1JRmRKoZ02m2OhDk30VuU1UWyVKwtWqW+Wl8CqdVjG1MuOX86ZOqtmmXbtU8=
X-Received: by 2002:a2e:8e8e:: with SMTP id z14mr4437759ljk.86.1553243671780; Fri, 22 Mar 2019 01:34:31 -0700 (PDT)
MIME-Version: 1.0
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <3457266.o2ixm6i3xM@linux-9daj> <CA+9kkMDkKQtBDrXx9h8331_6zDtcChUTfqFe0W3JByxyB=4xLw@mail.gmail.com> <1914607.BasjITR8KA@linux-9daj> <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com> <a38cf205-b10e-e8e2-62cf-8e0377dfc1ef@brokendns.net> <4599B066-BA82-4EA8-92C1-F1BE1464A790@puck.nether.net> <b8c58757-3945-ea19-b018-8e59292abf30@cs.tcd.ie> <CAH1iCirBm0NKA2-zw--ZKd3gN1ZCmwZ7_ZOSyaTk+2SMmrtxKg@mail.gmail.com> <EA89EA1A-A1EA-4887-9294-4F68AB5C3211@puck.nether.net> <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca> <2145465817.5147.1553119548565@appsuite.open-xchange.com> <yblh8bv95l0.fsf@w7.hardakers.net> <04C556AF-D3B3-41A5-B119-8FE5F81FB9A7@huitema.net> <1878722055.8877.1553241201213@appsuite.open-xchange.com>
In-Reply-To: <1878722055.8877.1553241201213@appsuite.open-xchange.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 22 Mar 2019 01:33:42 -0700
Message-ID: <CABcZeBPmpN-cEPK92QQW3bkvc41Cx5g7B_YuUXCJK3j1qF995Q@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: Christian Huitema <huitema@huitema.net>, Wes Hardaker <wjhns1@hardakers.net>, dnsop <dnsop@ietf.org>, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004e76ae0584aab92f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1YqldLGmKuw_M_nh9BmFESYzSdc>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 08:34:36 -0000

On Fri, Mar 22, 2019 at 12:53 AM Vittorio Bertola <vittorio.bertola=
40open-xchange.com@dmarc.ietf.org>; wrote:

>
>
> > Il 22 marzo 2019 alle 4.40 Christian Huitema <huitema@huitema.net>; ha
> scritto:
> >
> > Much of the debate is on the second point. One position is that users
> should be forced to trust the DNS resolver provided by the local
> infrastructure. Another position is that users have the right to apply
> their own policy and decide which server they will trust, based on some
> configuration.
>
> I think this is a mischaracterization of the debate, which actually
> started because of a third position that you don't mention: Mozilla's
> public statement that in the future they will force (or, at least, make as
> a default - clarification requests haven't solved the doubt yet) Firefox
> users to use a remote resolver chosen within a shortlist that they will
> manage.
>

I'm not sure where you have attempted to clarify this point (I think we've
been clear on this point at
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/)

Regardless of what the default is, users will be able to disable DoH.

-Ekr