Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Joe Abley <jabley@hopcount.ca> Fri, 22 March 2019 18:52 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38ACB13148D for <dnsop@ietfa.amsl.com>; Fri, 22 Mar 2019 11:52:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m5_DPf10_81S for <dnsop@ietfa.amsl.com>; Fri, 22 Mar 2019 11:52:04 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DBE813115C for <dnsop@ietf.org>; Fri, 22 Mar 2019 11:51:59 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id a6so2088410lfl.5 for <dnsop@ietf.org>; Fri, 22 Mar 2019 11:51:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:mime-version:references:in-reply-to:date:message-id:subject:to :cc; bh=ezst+uPNGxbTwfPuz0yHFz4Wn8Z/mWGAWteaGQLb56o=; b=QpJ7BMY/XurrfwKOKHbzFXFtSA8d6phSzaOAIVR3fDdmMuoDDAxJhxHYwZJ3Ehwqtt RjhsQ6mqn8VSodZnZvPFdzrz5NWyq1k/ZNJzfrBj6lycYSNB4is9YozJsnZaN2pz1DYf Ugy7dwUlsW80A7ZEoqSP0EwMQw1tL8wJckT68=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:references:in-reply-to:date :message-id:subject:to:cc; bh=ezst+uPNGxbTwfPuz0yHFz4Wn8Z/mWGAWteaGQLb56o=; b=Q9laYKuzgxtpuq2mfjrT/IDfmK3JAgq6JtfQV50La9zobscYQ9kjdpIFuPCb/FazLM mmx4q7yJ7L0zHM5mjxtNFkDNpcNayUPxG3DN0DUFh0UE8RzwnCYsEJKkb0kdBi8P6QVC xVr2x+cgUAn7m1lC+LT2FNn1HJPHXJEnoQnfqblv07OTAU4+Ppn8c9e7UF/tqW5ByjaQ cwhrRHiHnlViLVPcLp4tuwBJpSSiVvUFedtWcjmbCJC6Zhw90JQEii1YLbiPRr1/3hBM qW4GBIHDPqL4p7k5ePz6iGfX9Gq1zHntuBabSNec0jPK49bCEmMiBZzltB/oyCmsr7ZI ZOmg==
X-Gm-Message-State: APjAAAXTdC4GWXa4XMRjVx5s1HZgOtbsIYYTQbeLhH9IuFM12ZH6LSsz GENl31vAyXwMrX/Eg0PKGQulkR2wWAb//eu0WZ0hvQ==
X-Google-Smtp-Source: APXvYqyXUTdJt2SJcWq0ybOutMIxhf/2lCWD5mBGzTfN8vIpsfdUFQ7t/4ogX6u+y11hDNHJDgnPxAYGNyLlzmNhymw=
X-Received: by 2002:a19:8c1e:: with SMTP id o30mr5659987lfd.137.1553280717783; Fri, 22 Mar 2019 11:51:57 -0700 (PDT)
Received: from unknown named unknown by gmailapi.google.com with HTTPREST; Fri, 22 Mar 2019 11:51:56 -0700
From: Joe Abley <jabley@hopcount.ca>
Mime-Version: 1.0 (1.0)
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <3457266.o2ixm6i3xM@linux-9daj> <CA+9kkMDkKQtBDrXx9h8331_6zDtcChUTfqFe0W3JByxyB=4xLw@mail.gmail.com> <1914607.BasjITR8KA@linux-9daj> <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com> <a38cf205-b10e-e8e2-62cf-8e0377dfc1ef@brokendns.net> <4599B066-BA82-4EA8-92C1-F1BE1464A790@puck.nether.net> <b8c58757-3945-ea19-b018-8e59292abf30@cs.tcd.ie> <CAH1iCirBm0NKA2-zw--ZKd3gN1ZCmwZ7_ZOSyaTk+2SMmrtxKg@mail.gmail.com> <EA89EA1A-A1EA-4887-9294-4F68AB5C3211@puck.nether.net> <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca> <2145465817.5147.1553119548565@appsuite.open-xchange.com> <yblh8bv95l0.fsf@w7.hardakers.net> <04C556AF-D3B3-41A5-B119-8FE5F81FB9A7@huitema.net> <1878722055.8877.1553241201213@appsuite.open-xchange.com> <74AC9916-41B8-4E54-8649-B32B02845988@pch.net> <9ee04824-4cb5-8d6c-eb6c-546f01455eda@redbarn.org>
In-Reply-To: <9ee04824-4cb5-8d6c-eb6c-546f01455eda@redbarn.org>
Date: Fri, 22 Mar 2019 11:51:56 -0700
Message-ID: <CAJhMdTNA9v8_yKMJm5mGtuRngz7kYKEs8L9uDah2sT-tv5nkHQ@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: Bill Woodcock <woody@pch.net>, Wes Hardaker <wjhns1@hardakers.net>, dnsop <dnsop@ietf.org>, DoH WG <doh@ietf.org>, Christian Huitema <huitema@huitema.net>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006b98ec0584b359e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EzSQc9g4SzYpvJV09Z3hkNqGFY4>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 18:52:08 -0000

On Mar 22, 2019, at 18:35, Paul Vixie <paul@redbarn.org> wrote:

all statements made to date by the india and united kingdom governments
have indicated that their plans to support in-country RDNS will not be
mandatory, just as canada's (operated by CIRA) is not mandatory.
Others here can speak more authoritatively than me, e.g. because they work
for CIRA and I don't, but as far as I know the recursive DNS service that
CIRA runs is a commercial product that they sell.

https://cira.ca/cybersecurity/firewall

While I am aware CIRA has taken steps to educate people about the privacy
implications of sending traffic across the border, and no doubt follow
their own advice in the way they build and operate their own
infrastructure, I don't believe this product is related to any kind of
government aspiration to constrain or encourage resolver traffic to stay
local.


Joe