Re: [DNSOP] Draft for dynamic discovery of secure resolvers
Ted Lemon <mellon@fugue.com> Mon, 20 August 2018 18:03 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EC86130E84 for <dnsop@ietfa.amsl.com>; Mon, 20 Aug 2018 11:03:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eky_q63_uOEi for <dnsop@ietfa.amsl.com>; Mon, 20 Aug 2018 11:03:57 -0700 (PDT)
Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 517A4130E4A for <dnsop@ietf.org>; Mon, 20 Aug 2018 11:03:57 -0700 (PDT)
Received: by mail-it0-x233.google.com with SMTP id h20-v6so589030itf.2 for <dnsop@ietf.org>; Mon, 20 Aug 2018 11:03:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CeDPLlHONkZI86UmWemZ/tSw2TC9fzDJ/Ug6rKccn+A=; b=kj+ZexyFIHmfW9eP3EL3Jv9pmk521TRb5khWnNSlatJLWg8DT5qmfeKJraiGR+huDH u6qpxs7uNSzWDSV7ITAl2JPdUblYKmHitIz28bD+fVDxPhX6MfXZcG2yN1wmQqcfA4Gi cv4mBdkuOhX2A1+E0V0z16OrzMqqcHbF1anh55VwvfdRkzgcC2FX+mBqqrpa9D6BLBEo OpMrgQ8l8tT5HE0GKzEL/KaAhbQZ81oP/3jQj5xgc4Y8LDIYMBFumJf2T/BwWR1oOaBq pQFbGwI+V8R5jNaITPMzW98eXL9dW4odWSoiQsYfWreoB8Vy+w0EV2SvOIgLNVr8Jm1k gKyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CeDPLlHONkZI86UmWemZ/tSw2TC9fzDJ/Ug6rKccn+A=; b=uML/RXNRlgtHhwYX11F7eQscAty/yChs9ndLxDcmCt/qnubX8yG7vIYR/wVNfG1HGw xmcGzjinu22PqpQGjpYwxwHadqiUwMASiSTPe4ti189EJtMQTPTJFKLETQ54RH0XUPZI yg2a4y27WzkeOo6myeqqfTduKAM2vEGfa29MN4CpJcFDIhkIyJvaSGF7mqjqUUpuQRWw yy5iAtp0/539e3ajxv8LhGyApKk/yfHHOw0kIyPujA8ycv8nZNgzxvAUOCIYm8/0UReF LydZpXV7/xhTZx4ocUdXKc/+unnBgEcAYp8y0mZwKpTyDXC+he1qfuB+DuEwwzz+HrGq NyxA==
X-Gm-Message-State: AOUpUlFesOBQ8UTm/BQmaM/x87jj2UDqSLiMBucT52R/HgfgoBbvzQs5 D1d6xrZqx19zA/6ry3RWVmoreHYdOMBPjVJpWRCQwQ==
X-Google-Smtp-Source: AA+uWPwgp14mS5MW8oGGW1y+2A7CZBKW4+OCUZP5z3lM+Qqh2Re0V8NqNFMeDXMR0i0YbgWVyVaN8Jp1gmhHDabZnQU=
X-Received: by 2002:a24:374d:: with SMTP id r74-v6mr34596711itr.57.1534788236598; Mon, 20 Aug 2018 11:03:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:a009:0:0:0:0:0 with HTTP; Mon, 20 Aug 2018 11:03:15 -0700 (PDT)
In-Reply-To: <5B7B001A.5000907@redbarn.org>
References: <CAC=TB13mUH2SDxFb4c3rOz0-Z6PE_r9i84_xK=dmLxiVr45+tA@mail.gmail.com> <CAPt1N1=-792WkQmbTigPdqOh0dONykYycG0hheOecoQa4ai=Hw@mail.gmail.com> <CAC=TB11tG4o0dkavXGb20=DGBCrmVoRP60bpzsvq5=Q0zFjhDg@mail.gmail.com> <CAPt1N1kj7Y0dPLeDk=PMqQEpAd-Mvds6VLT8XUC1BYOfdyUbJA@mail.gmail.com> <CAC=TB125M81nwiCTNr8Vbee+Z7Fh_3L+6EdZ8evXVzP-2ji4fg@mail.gmail.com> <CAPt1N1n9hDUZQ-Ltvs73T20=fpG-FR_j-t4m0kMapDiv2Us1kw@mail.gmail.com> <5B78BFB9.40103@redbarn.org> <47508D79-0D49-4F31-9BA6-6DC80C38F1DE@cable.comcast.com> <ad1f6dff-ebcc-97a9-6f4b-1ed683827cc7@dougbarton.us> <1313743534.13562.1534765718802@appsuite.open-xchange.com> <9AFE57A7-1D27-4F86-9013-E3C63E63C582@hopcount.ca> <5B7AE322.3020201@redbarn.org> <CAPt1N1m-Xd-7rvgmk8GOsx34=1hsu76nmTgW-8krC3JF7i57KQ@mail.gmail.com> <265867956.15518.1534783313366@appsuite.open-xchange.com> <5B7AF30F.7040409@redbarn.org> <CAPt1N1=ad9MyZmHncTfdDV9pPim9cDC=boAFD9UxmXkpX+vg1Q@mail.gmail.com> <5B7B001A.5000907@redbarn.org>
From: Ted Lemon <mellon@fugue.com>
Date: Mon, 20 Aug 2018 14:03:15 -0400
Message-ID: <CAPt1N1mfBz3E96ZuLAbBFYzhrwmg8ukrgsabC-duCOj1-rKK4A@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: Joe Abley <jabley@hopcount.ca>, dnsop WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a607240573e1bb6b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/DB9mpMMxaGD8n2Y8aKMzhHPIFIY>
Subject: Re: [DNSOP] Draft for dynamic discovery of secure resolvers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2018 18:04:00 -0000
On Mon, Aug 20, 2018 at 1:53 PM, Paul Vixie <paul@redbarn.org> wrote: > > Preventing user behavior tracking seems like a pretty valid use case. >> > > it would be, if it was cheap to block. that is, on my network, under my > rules, user behavior tracking may be my policy. a user who wants to avoid > that tracking should ask for non-tracking. if they won't ask, or if i say > no, then the default should be non-functionality. > Well, the success of the HTTP Do Not Track header field certainly supports your argument here... > the DOH people are trying to ram something down the throats of network > operators worldwide, and i'm gagging on it. a deep breath won't help. this has nothing to do with what i use. for me it's about employees, family > members, and visitors. for turkey and china and others, it's about national > law. the ietf has not been knowingly and deliberately hostile to local > network policy before now. this is a sea change. it will not end here, and > it will escalate. I think HTTPS was pretty hostile to local network policy. Indeed, there was a big argument about that in the TLS working group over the past few IETFs. If you don't want people to use DoH, there's an easy solution, which you already need to use regardless: you have to MiTM their HTTTPS traffic. If you don't agree that you have to MiTM their HTTPS traffic to achieve what you want, then I think we are not arguing about the same thing.
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- [DNSOP] Draft for dynamic discovery of secure res… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… John Levine
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… bert hubert
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… bert hubert
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Wouters
- Re: [DNSOP] Draft for dynamic discovery of secure… manu tman
- Re: [DNSOP] Draft for dynamic discovery of secure… Livingood, Jason
- Re: [DNSOP] Draft for dynamic discovery of secure… Livingood, Jason
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Craig Finseth
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Livingood, Jason
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… sthaug
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Ebersman
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… manu tman
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Vittorio Bertola
- Re: [DNSOP] Draft for dynamic discovery of secure… Joe Abley
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Joe Abley
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Wouters
- Re: [DNSOP] Draft for dynamic discovery of secure… Vittorio Bertola
- Re: [DNSOP] Draft for dynamic discovery of secure… Tony Finch
- Re: [DNSOP] Draft for dynamic discovery of secure… manu tman
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Hoffman
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Ebersman
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Ebersman
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Ebersman
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… John Levine
- Re: [DNSOP] Draft for dynamic discovery of secure… Bill Woodcock
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Petr Špaček
- Re: [DNSOP] Draft for dynamic discovery of secure… Marek Vavruša
- Re: [DNSOP] Draft for dynamic discovery of secure… Vittorio Bertola
- Re: [DNSOP] Draft for dynamic discovery of secure… Vittorio Bertola
- Re: [DNSOP] Draft for dynamic discovery of secure… Vittorio Bertola
- Re: [DNSOP] Draft for dynamic discovery of secure… Tony Finch
- Re: [DNSOP] Draft for dynamic discovery of secure… Tony Finch
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Philip Homburg
- Re: [DNSOP] Draft for dynamic discovery of secure… Vladimír Čunát
- Re: [DNSOP] Draft for dynamic discovery of secure… Vittorio Bertola
- Re: [DNSOP] Draft for dynamic discovery of secure… Philip Homburg
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Vladimír Čunát
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… David Conrad
- Re: [DNSOP] Draft for dynamic discovery of secure… Bob Harold
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Jim Reid
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Philip Homburg
- Re: [DNSOP] Draft for dynamic discovery of secure… Tom Pusateri
- Re: [DNSOP] Draft for dynamic discovery of secure… Philip Homburg
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Doug Barton
- Re: [DNSOP] Draft for dynamic discovery of secure… Vittorio Bertola
- Re: [DNSOP] Draft for dynamic discovery of secure… Vittorio Bertola
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie
- Re: [DNSOP] Draft for dynamic discovery of secure… Ted Lemon
- Re: [DNSOP] Draft for dynamic discovery of secure… Paul Vixie