Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

sthaug@nethelp.no Fri, 22 March 2019 09:14 UTC

Return-Path: <sthaug@nethelp.no>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12FD8130EC9; Fri, 22 Mar 2019 02:14:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R-7mROWWPv53; Fri, 22 Mar 2019 02:14:37 -0700 (PDT)
Received: from bizet.nethelp.no (bizet.nethelp.no [IPv6:2001:8c0:9e04:500::1]) by ietfa.amsl.com (Postfix) with ESMTP id 42A95130EC1; Fri, 22 Mar 2019 02:14:37 -0700 (PDT)
Received: from localhost (bizet.nethelp.no [IPv6:2001:8c0:9e04:500::1]) by bizet.nethelp.no (Postfix) with ESMTP id AD2DBE607B; Fri, 22 Mar 2019 10:14:34 +0100 (CET)
Date: Fri, 22 Mar 2019 10:14:34 +0100
Message-Id: <20190322.101434.307385973.sthaug@nethelp.no>
To: Eric Rescorla <ekr@rtfm.com>
Cc: vittorio.bertola=40open-xchange.com@dmarc.ietf.org, dnsop@ietf.org, doh@ietf.org, huitema@huitema.net, wjhns1@hardakers.net
From: sthaug@nethelp.no
In-Reply-To: <CABcZeBPmpN-cEPK92QQW3bkvc41Cx5g7B_YuUXCJK3j1qF995Q@mail.gmail.com>
References: <04C556AF-D3B3-41A5-B119-8FE5F81FB9A7@huitema.net> <1878722055.8877.1553241201213@appsuite.open-xchange.com> <CABcZeBPmpN-cEPK92QQW3bkvc41Cx5g7B_YuUXCJK3j1qF995Q@mail.gmail.com>
X-Mailer: Mew version 6.7 on Emacs 26 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/XYc11U9X6avj_bBIs9OoAXQlnBo>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 09:14:40 -0000

>> I think this is a mischaracterization of the debate, which actually
>> started because of a third position that you don't mention: Mozilla's
>> public statement that in the future they will force (or, at least, make as
>> a default - clarification requests haven't solved the doubt yet) Firefox
>> users to use a remote resolver chosen within a shortlist that they will
>> manage.
>>
> 
> I'm not sure where you have attempted to clarify this point (I think we've
> been clear on this point at
> https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/)

Unfortunately this is not clear at all.

The web page at the link above says: "We'd like to turn this on as the
default for all of our users.". Combined with the remaining text on
the web page, the only conclusions I can draw is that

- Mozilla would like to turn on DoH by default, invisible to the user
(the user gets this configuration without making a choice).
- When DoH is turned on, by default Cloudflare will be used as the DoH
provider.

If these conclusions are correct they are precisely why some of us
find the Mozilla/Firefox stance completely unacceptable.

If these are *not* the conclusions we should draw about Firefox and
Mozilla's plans, you badly need to update the web page on the link
above. You could also at the same time clarify whether Firefox will
use DoH resolvers that are on the same IP addresses as other non-DoH
content.

Steinar Haug, AS2116