Re: [DNSOP] Concerns around deployment of DNS over HTTPS (DoH)
Wes Hardaker <wjhns1@hardakers.net> Sat, 23 March 2019 04:04 UTC
Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E24F131261 for <dnsop@ietfa.amsl.com>; Fri, 22 Mar 2019 21:04:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o6z3kxx5n5_x for <dnsop@ietfa.amsl.com>; Fri, 22 Mar 2019 21:04:01 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.192.181]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B175612788D for <dnsop@ietf.org>; Fri, 22 Mar 2019 21:04:01 -0700 (PDT)
Received: from localhost (unknown [76.14.1.154]) by mail.hardakers.net (Postfix) with ESMTPA id 27F65259CE; Fri, 22 Mar 2019 21:03:56 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Kenji Baheux <kenjibaheux=40google.com@dmarc.ietf.org>
Cc: dnsop@ietf.org
References: <CADWWn7UZj3oAfqpcpnAenGDpZHatrvQ=97OxAWX8c3881oevhA@mail.gmail.com>
Date: Fri, 22 Mar 2019 21:03:56 -0700
In-Reply-To: <CADWWn7UZj3oAfqpcpnAenGDpZHatrvQ=97OxAWX8c3881oevhA@mail.gmail.com> (Kenji Baheux's message of "Wed, 13 Mar 2019 11:33:14 +0900")
Message-ID: <ybl5zsaxmmr.fsf@wu.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/KGPiZpW79JrXivpYEhTRm-5-mYQ>
Subject: Re: [DNSOP] Concerns around deployment of DNS over HTTPS (DoH)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2019 04:04:04 -0000
Kenji Baheux <kenjibaheux=40google.com@dmarc.ietf.org> writes: > * We are considering a first milestone where Chrome would do an automatic > upgrade to DoH when a user’s existing resolver is capable of it. Sorry for the delayed question, but with respect to this bullet: 1) Do you have evidence that DOH is faster than DOT, since speed was one of your goals? 2) What other reasons are you considering when doing DOH instead of DOT to protect privacy. Specifically, you're preferring DOH but your stated goals are "Stronger privacy and security." and "Hopefully, some performance wins.", without providing rational for each of the potential solutions. DNS plain clearly doesn't meet the first, but likely does the second. But you fail to provide a goal that distinguishes why you'd prefer DOT vs DOH to meet both these goals. -- Wes Hardaker USC/ISI
- Re: [DNSOP] Concerns around deployment of DNS ove… Kenji Baheux
- Re: [DNSOP] Concerns around deployment of DNS ove… Paul Vixie
- Re: [DNSOP] Concerns around deployment of DNS ove… Kenji Baheux
- Re: [DNSOP] Concerns around deployment of DNS ove… Erik Kline
- Re: [DNSOP] Concerns around deployment of DNS ove… nusenu
- Re: [DNSOP] Concerns around deployment of DNS ove… Paul Vixie
- Re: [DNSOP] Concerns around deployment of DNS ove… Paul Vixie
- Re: [DNSOP] Concerns around deployment of DNS ove… Erik Kline
- Re: [DNSOP] Concerns around deployment of DNS ove… Wes Hardaker
- Re: [DNSOP] Concerns around deployment of DNS ove… Paul Vixie
- Re: [DNSOP] Concerns around deployment of DNS ove… Olli Vanhoja
- Re: [DNSOP] Concerns around deployment of DNS ove… nusenu
- Re: [DNSOP] Concerns around deployment of DNS ove… Kenji Baheux
- Re: [DNSOP] Concerns around deployment of DNS ove… Brian Dickson
- Re: [DNSOP] Concerns around deployment of DNS ove… Tony Finch