Re: [DNSOP] extension of DoH to authoritative servers

Stephane Bortzmeyer <bortzmeyer@nic.fr> Wed, 13 February 2019 14:38 UTC

Return-Path: <stephane@sources.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 716AF128D0B for <dnsop@ietfa.amsl.com>; Wed, 13 Feb 2019 06:38:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GNL8YtRnwSAX for <dnsop@ietfa.amsl.com>; Wed, 13 Feb 2019 06:38:08 -0800 (PST)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fe27:3d3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA4EC126C7E for <dnsop@ietf.org>; Wed, 13 Feb 2019 06:38:07 -0800 (PST)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id 8C4E4A06BF; Wed, 13 Feb 2019 15:38:06 +0100 (CET)
Received: by mail.sources.org (Postfix, from userid 1000) id E6F6B190673; Wed, 13 Feb 2019 15:34:19 +0100 (CET)
Date: Wed, 13 Feb 2019 15:34:19 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Paul Vixie <paul@redbarn.org>
Cc: Ted Lemon <mellon@fugue.com>, dnsop <dnsop@ietf.org>, David Conrad <drc@virtualized.org>
Message-ID: <20190213143419.76hxqxf75oz6iyid@sources.org>
References: <43FF2435-37C6-43B0-B97C-59D23AD2A9C2@virtualized.org> <873fe3e1-58e4-38a7-eb11-37509f9b7ff4@redbarn.org> <D01BFEEE-746D-4F30-A3CE-497D4AFA8CC5@fugue.com> <7cdbd8a8-2bf4-992e-3197-ca17e7352a5b@redbarn.org> <725FD25D-FCE9-4740-A001-79369AFDEB78@fugue.com> <d1f66089-1e78-15f6-269c-33ced12c2738@redbarn.org> <3C1FF728-2F31-4884-B7E9-55DF4E15AEB6@fugue.com> <cb9646e3-676d-c24f-240d-e0c8ed159e88@redbarn.org> <4C2F9639-6C22-4FB7-840B-0318B40C2193@fugue.com> <9e56da22-4fb5-1c68-3bfc-85283b0e8480@redbarn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <9e56da22-4fb5-1c68-3bfc-85283b0e8480@redbarn.org>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 9.6
X-Charlie: Je suis Charlie
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/DtISPSjJGkzmhICWi5d9fkFsxkI>
Subject: Re: [DNSOP] extension of DoH to authoritative servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 14:38:09 -0000

On Tue, Feb 12, 2019 at 02:18:39PM -0800,
 Paul Vixie <paul@redbarn.org>; wrote 
 a message of 20 lines which said:

> > Right.   So what’s to stop other malicious traffic from doing the
> > same thing?
> 
> lack of an IETF-approved standard with planned implementation by a
> half dozen tech giants, means that other malicious traffic will not
> be able to hide in the crowd, and can be made subject to policy, and
> complaints.

An IETF standard make things easier for the implementer and increases
the chances of success (that's why we develop standards, after all)
but it is not the only way to "massive deployment including half dozen
tech giants". So, not having DoH would not stop evil name resolution.

> i want DoT to be used instead,

Then petition the many hotspots, hotels, cafes, corporations, etc,
that block everything but 443. It is because of them that we need DoH,
not just DoT.