Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Paul Vixie <paul@redbarn.org> Fri, 22 March 2019 17:35 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 953EF131381; Fri, 22 Mar 2019 10:35:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PMkIynI_HjdY; Fri, 22 Mar 2019 10:35:36 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 135CC131377; Fri, 22 Mar 2019 10:35:36 -0700 (PDT)
Received: from [IPv6:2001:559:8000:c9:f831:b59c:1675:ff93] (unknown [IPv6:2001:559:8000:c9:f831:b59c:1675:ff93]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id D609A892C6; Fri, 22 Mar 2019 17:35:35 +0000 (UTC)
To: Bill Woodcock <woody@pch.net>
Cc: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, dnsop <dnsop@ietf.org>, DoH WG <doh@ietf.org>, Christian Huitema <huitema@huitema.net>, Wes Hardaker <wjhns1@hardakers.net>
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <3457266.o2ixm6i3xM@linux-9daj> <CA+9kkMDkKQtBDrXx9h8331_6zDtcChUTfqFe0W3JByxyB=4xLw@mail.gmail.com> <1914607.BasjITR8KA@linux-9daj> <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com> <a38cf205-b10e-e8e2-62cf-8e0377dfc1ef@brokendns.net> <4599B066-BA82-4EA8-92C1-F1BE1464A790@puck.nether.net> <b8c58757-3945-ea19-b018-8e59292abf30@cs.tcd.ie> <CAH1iCirBm0NKA2-zw--ZKd3gN1ZCmwZ7_ZOSyaTk+2SMmrtxKg@mail.gmail.com> <EA89EA1A-A1EA-4887-9294-4F68AB5C3211@puck.nether.net> <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca> <2145465817.5147.1553119548565@appsuite.open-xchange.com> <yblh8bv95l0.fsf@w7.hardakers.net> <04C556AF-D3B3-41A5-B119-8FE5F81FB9A7@huitema.net> <1878722055.8877.1553241201213@appsuite.open-xchange.com> <74AC9916-41B8-4E54-8649-B32B02845988@pch.net>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <9ee04824-4cb5-8d6c-eb6c-546f01455eda@redbarn.org>
Date: Fri, 22 Mar 2019 10:35:34 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/6.1.12
MIME-Version: 1.0
In-Reply-To: <74AC9916-41B8-4E54-8649-B32B02845988@pch.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/MewfoPNi_fbuxTGELZLonOGnSaQ>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 17:35:38 -0000


Bill Woodcock wrote on 2019-03-22 10:13:
> 
> 
>> On Mar 22, 2019, at 12:53 AM, Vittorio Bertola
>> <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>; wrote: If DoH
>> deployment continues this way, I do see some governments - even in
>> Europe - trying to go in that direction, either by mandating the
>> use of in-country resolvers…
> 
> India has already started down that path, and it looks like the UK
> may not be all that far behind.

all statements made to date by the india and united kingdom governments 
have indicated that their plans to support in-country RDNS will not be 
mandatory, just as canada's (operated by CIRA) is not mandatory.

i think if some country is intelligent enough to realize that america's 
tech companies are seeing an advantageous flow of in-country PII (that 
being the combination of end-user IP addresses and third-party intents 
such as DNS lookups), and that this puts their economy at some risk, 
they should (or perhaps SHOULD or even MUST) compete against ibm, cisco, 
google, and cloudflare in order to keep this PII in-country and subject 
to local law.

it's the only rational defense against this data grab, and i applaud it.

-- 
P Vixie