Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Vittorio Bertola <vittorio.bertola@open-xchange.com> Wed, 20 March 2019 22:05 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 555D8131202; Wed, 20 Mar 2019 15:05:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6M7rZ4gAUtde; Wed, 20 Mar 2019 15:05:51 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2193D131212; Wed, 20 Mar 2019 15:05:50 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id A57DC6A28D; Wed, 20 Mar 2019 23:05:48 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1553119548; bh=GT3dmf8EUT6UIhpNlv0E1ZP6OXeDG73i2sbUVDcTQ+k=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=Qvhbrzhk8fiz09glf/SgqzYCyXx5KS1VAZlKM/4G08wtSz0fMQU1s36jcZSRm/fgS 78K0dBQbbrHs/6fjz4MCSUX21vl3OMtgV27GOovMpoyncSA27a80slbPe7GbLbxXab iJ8OIDpo7RGyjVwwH97ZI1CIXA4x4tTZB3khgXKD1QGSEub6Jq5m5iudVA5uc7j/ME wOFpKzGYZcdzlWuwxhrwvHI15m92MmUD7mq+0YSnuKy1IKNOimonEdm2PgiVjh0ThL ErrRVClsPdLrxNBh6udcG9UqgNAmlFnu3DaFRtlK9JEFves1Es4WFm2qFz8zG1v7+N +gl3CJH8wX2bg==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 97D313C0294; Wed, 20 Mar 2019 23:05:48 +0100 (CET)
Date: Wed, 20 Mar 2019 23:05:48 +0100
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Joe Abley <jabley@hopcount.ca>
Cc: DoH WG <doh@ietf.org>, dnsop <dnsop@ietf.org>
Message-ID: <2145465817.5147.1553119548565@appsuite.open-xchange.com>
In-Reply-To: <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca>
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <3457266.o2ixm6i3xM@linux-9daj> <CA+9kkMDkKQtBDrXx9h8331_6zDtcChUTfqFe0W3JByxyB=4xLw@mail.gmail.com> <1914607.BasjITR8KA@linux-9daj> <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com> <a38cf205-b10e-e8e2-62cf-8e0377dfc1ef@brokendns.net> <4599B066-BA82-4EA8-92C1-F1BE1464A790@puck.nether.net> <b8c58757-3945-ea19-b018-8e59292abf30@cs.tcd.ie> <CAH1iCirBm0NKA2-zw--ZKd3gN1ZCmwZ7_ZOSyaTk+2SMmrtxKg@mail.gmail.com> <EA89EA1A-A1EA-4887-9294-4F68AB5C3211@puck.nether.net> <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.1-Rev9
X-Originating-Client: open-xchange-appsuite
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/NUCAWW0p4UJljOYrYUOT1cS0CSw>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2019 22:05:53 -0000

> Il 20 marzo 2019 alle 12.38 Joe Abley <jabley@hopcount.ca> ha scritto:
> 
> Seems to me that there's a middle ground within sight here.
> 
> Standardise this privacy mechanism, and specify (with reasoning) that it should be implemented such that the existence of the channel (but not the content) can be identified as distinct from other traffic by third parties. Maybe specify use of a different port number, as was done with DoT.
> 
> Those who choose to ignore that direction and create a covert channel using port 443 instead will do so. Nothing much we can do to stop that today (I guarantee it is already happening). The future is not really different.

This is actually the recommendation in section 4.6 of my draft :-) And I agree, it looks like the only possible and reasonable compromise between the two viewpoints.

Regards,
-- 

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com
Office @ Via Treviso 12, 10144 Torino, Italy