Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Matthew Pounsett <matt@conundrum.com> Wed, 20 March 2019 20:33 UTC

MIME-Version: 1.0
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <3457266.o2ixm6i3xM@linux-9daj> <CA+9kkMDkKQtBDrXx9h8331_6zDtcChUTfqFe0W3JByxyB=4xLw@mail.gmail.com> <1914607.BasjITR8KA@linux-9daj> <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com> <a38cf205-b10e-e8e2-62cf-8e0377dfc1ef@brokendns.net> <4599B066-BA82-4EA8-92C1-F1BE1464A790@puck.nether.net> <b8c58757-3945-ea19-b018-8e59292abf30@cs.tcd.ie> <CAH1iCirBm0NKA2-zw--ZKd3gN1ZCmwZ7_ZOSyaTk+2SMmrtxKg@mail.gmail.com> <EA89EA1A-A1EA-4887-9294-4F68AB5C3211@puck.nether.net> <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca>
In-Reply-To: <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca>
From: Matthew Pounsett <matt@conundrum.com>
Date: Wed, 20 Mar 2019 16:33:17 -0400
Message-ID: <CAAiTEH8m=Yao-7HQ=vZCWhT2J=oFypv-r=V_6fn+=7bXoBxtQA@mail.gmail.com>
To: Joe Abley <jabley@hopcount.ca>
Cc: Jared Mauch <jared@puck.nether.net>, Ted Hardie <ted.ietf@gmail.com>, DoH WG <doh@ietf.org>, Brian Dickson <brian.peter.dickson@gmail.com>, dnsop <dnsop@ietf.org>, paul vixie <paul@redbarn.org>, Michael Sinatra <michael@brokendns.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="000000000000c16a3805848c8898"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/MFG6mpC54HW2t7nlfrvJdkZdCrI>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
Precedence: list

On Wed, 20 Mar 2019 at 07:38, Joe Abley <jabley@hopcount.ca> wrote:

> [There is actually a proposal at the bottom of this e-mail. Bear with me.]
>

And it's a good proposal!

>
> Standardise this privacy mechanism, and specify (with reasoning) that it
> should be implemented such that the existence of the channel (but not the
> content) can be identified as distinct from other traffic by third parties.
> Maybe specify use of a different port number, as was done with DoT.
>

I think this would alleviate most people's concerns... certainly it deals
wth mine.  I have difficulty believing it is acceptable to pro-DoH
community though, considering the first of the two use-cases defined in the
Introduction of RFC8484: "... preventing on-path devices from interfering
with DNS operations..."

I eagerly welcome the -bis document that removes this statement, and
defines a new port number which DoH traffic SHOULD use.

Those who choose to ignore that direction and create a covert channel using
> port 443 instead will do so. Nothing much we can do to stop that today (I
> guarantee it is already happening). The future is not really different.
>

Indeed.  If everyone above-board is using port 5443 (to pull a number out
of the air) for their DoH traffic, the below-board usage should be about as
visible as any such usage is today.

Of course when people shift the focus of the conversation from DoH in
> general to resolverless DNS, and want to interleave DNS messages with HTML
> and cat GIFs over the same HTTPS bundles, the pitchforks will need to come
> out again. So keep them handy.
>

I don't actually own a pitchfork, but I'll keep my Woodsman's Pal sharp. :)

>
>

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Warren Kumari
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ask Bjørn Hansen
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Vittorio Bertola
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Michael Sinatra
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Raymond Burkholder
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Raymond Burkholder
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Winfield, Alister
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator John Todd
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Vittorio Bertola
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Brian Dickson
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ralf Weber
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator John Levine
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eliot Lear
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Lemon
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eliot Lear
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Christian Huitema
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eliot Lear
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Winfield, Alister
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Christian Huitema
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephen Farrell
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Brian Dickson
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephen Farrell
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator nalini elkins
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Brian Dickson
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephen Farrell
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Joe Abley
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jacques Latour
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Adam Roach
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator 神明達哉
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jacques Latour
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Vittorio Bertola
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jacques Latour
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Brian Dickson
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator John Levine
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jim Reid
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Wes Hardaker
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Christian Huitema
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Vittorio Bertola
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eric Rescorla
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ray Bellis
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Winfield, Alister
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator sthaug
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Joe Abley
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Winfield, Alister
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Joe Abley
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eliot Lear
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Lemon
Re: [DNSOP] [Doh] (dhc discovery) New I-D: draft-… Normen B. Kowalewski
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Bill Woodcock
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Livingood, Jason
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Joe Abley
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Puneet Sood
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephen Farrell
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Richard Bennett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Richard Bennett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Wes Hardaker
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Vittorio Bertola
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Paul Wouters
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Olli Vanhoja
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Daniel Stenberg
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Mark Andrews
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ian Swett
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… sthaug
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Valentin Gosu
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ray Bellis
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Stephen Farrell
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ray Bellis
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Puneet Sood
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Paul Vixie
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… tirumal reddy
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… tirumal reddy