Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Vittorio Bertola <vittorio.bertola@open-xchange.com> Sat, 16 March 2019 00:20 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7842130F81; Fri, 15 Mar 2019 17:20:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PlMu0pb_Gfqw; Fri, 15 Mar 2019 17:20:30 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B2D0B130EA6; Fri, 15 Mar 2019 17:20:27 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id 99C996A273; Sat, 16 Mar 2019 01:20:23 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1552695623; bh=4E9cgHUwM8DynuskGeKMXVqwMfK1wEM2S2QdxEsQRWk=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=hOn+VYTm3USt5rBpD3AW1SIADZrfea7oBDKbwE+9vLlbsdu/2DBBWbdOGsKd2gNT2 ytZRVomHTzCA8gtQQZzX2acIccrUm+JWULGihNPNv0BPkQkRcCIIVYFlRXXIB4aO7p 2PmtAwgDxph3AsKT1trjAr4jpr3fKNNHa9Hoy3gt/EKXJ5U/WKpbUTmUTKlCP0IFE3 sBAOIPZOWcRCEHRJ5OnDfl1wAwQRlVwkV4vyvFlg6hn7Dw6z+KTzVfnYnhQI0rrMQ2 vUwcfnm6dLErAZvWTnV4VW8UYI9wgvRs1xySc8/YNsKeIYLFBvn2RNHOjA/NYHhOV4 jpBW1IMEIoPPw==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 8A4B73C0881; Sat, 16 Mar 2019 01:20:23 +0100 (CET)
Date: Sat, 16 Mar 2019 01:20:23 +0100
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Ted Hardie <ted.ietf@gmail.com>, Paul Vixie <paul@redbarn.org>
Cc: dnsop <dnsop@ietf.org>, DoH WG <doh@ietf.org>
Message-ID: <917068158.3571.1552695623505@appsuite.open-xchange.com>
In-Reply-To: <CA+9kkMCgmzjbPM+DTUYuS3OsT+wOCmsyaGPg6fPu=w-ibL=NrA@mail.gmail.com>
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <1914607.BasjITR8KA@linux-9daj> <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com> <1900056.F7IrilhNgi@linux-9daj> <CA+9kkMCgmzjbPM+DTUYuS3OsT+wOCmsyaGPg6fPu=w-ibL=NrA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_3570_1037743695.1552695623498"
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.1-Rev9
X-Originating-Client: open-xchange-appsuite
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/T9_-dfp1MOvLddy88Fz31ZtCGFU>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2019 00:20:35 -0000

> Il 15 marzo 2019 alle 19.36 Ted Hardie <ted.ietf@gmail.com> ha scritto:
> 
>     As was pointed out in many groups, trusting the local infrastructure is extremely problematic in nomadic cases as the local infrastructure can often be infected, ill-maintained. or hostile by design.  Given the extremely high percentage of users who are now on the Internet by mobile devices which roam and opportunistically use WiFi, ignoring this reality would not make sense. 
> 
Does anyone have data on this "extremely high"? I am not challenging that the problem exists, though, in my experience of the last couple of years in Europe, the sudden availability of cheap Europe-wide mobile data plans means that people using the Internet from a smartphone tend to use random wi-fi networks less, and to stick to the network of their mobile operator when traveling (I would love to hear about other places).

In any case, what's problematic in that trade-off is the non sequitur that since "trusting the local infrastructure is extremely problematic in nomadic cases" then we design technical solutions that never trust the local infrastructure in any case - or even actively try to circumvent it.

This is just wrong, and does not consider that there are indeed many very common device use cases in which being nomadic is a rare exception (such as my mother's laptop) or does not happen at all (such as a desktop PC on a corporate network).

Perhaps letting the user bless the networks they trust would be a better approach.

Regards,

--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com mailto:vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy