Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Paul Vixie <paul@redbarn.org> Sun, 24 March 2019 14:02 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B318412788C; Sun, 24 Mar 2019 07:02:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dCONkWte26kn; Sun, 24 Mar 2019 07:02:33 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 382151277C9; Sun, 24 Mar 2019 07:02:33 -0700 (PDT)
Received: from [10.0.5.192] (unknown [62.168.35.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 30248892C8; Sun, 24 Mar 2019 14:02:32 +0000 (UTC)
To: Puneet Sood <puneets@google.com>, kenjibaheux@google.com
Cc: DoH WG <doh@ietf.org>, dnsop <dnsop@ietf.org>
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <3457266.o2ixm6i3xM@linux-9daj> <CA+9kkMDkKQtBDrXx9h8331_6zDtcChUTfqFe0W3JByxyB=4xLw@mail.gmail.com> <1914607.BasjITR8KA@linux-9daj> <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com> <a38cf205-b10e-e8e2-62cf-8e0377dfc1ef@brokendns.net> <4599B066-BA82-4EA8-92C1-F1BE1464A790@puck.nether.net> <b8c58757-3945-ea19-b018-8e59292abf30@cs.tcd.ie> <CAH1iCirBm0NKA2-zw--ZKd3gN1ZCmwZ7_ZOSyaTk+2SMmrtxKg@mail.gmail.com> <EA89EA1A-A1EA-4887-9294-4F68AB5C3211@puck.nether.net> <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca> <CAJE_bqfEoy4Lbei27XNTbRSF9XHoAQ1gYPNerTXg9y6swp1a0w@mail.gmail.com> <CA+9_gVujw0MfF3Q3A6tGbL6QDjLLyt=8-Wd3vgbhBs9razs_bw@mail.gmail.com>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <6d83039c-6d8d-9f9b-95ba-b853425362eb@redbarn.org>
Date: Sun, 24 Mar 2019 07:02:30 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/6.1.12
MIME-Version: 1.0
In-Reply-To: <CA+9_gVujw0MfF3Q3A6tGbL6QDjLLyt=8-Wd3vgbhBs9razs_bw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ZbiOilTZuOmcFYGQ_JJKVKkMI5Y>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2019 14:02:35 -0000

first, thank you for this statement, and for the policies it describes.

Puneet Sood wrote on 2019-03-22 15:08:
> ...
> 
> As a core principle, Google Public DNS aims to provide a DNS resolver
> that respects our users’ privacy. Towards that goal, we aim to provide
> high quality implementations of various DNS transport mechanisms that
> our users can use to reach the service. This includes the traditional
> UDP and TCP transports as well as DNS-over-TLS and DNS-over-HTTPS that
> provide privacy for the user’s communication with a DNS resolver.
> 
> -Puneet Sood
> TL/Manager for the Google Public DNS team.
this position (for google public dns) is inconsistent with the google 
chrome design description here:

Kenji Baheux wrote on 2019-03-23 22:43:
>>     2) What other reasons are you considering when doing DOH instead of DOT
>>     to protect privacy. >
 > We are not considering DOT, just DOH.

this disparity is concerning. for reasons amply described here...

> From: Brian Dickson <brian.peter.dickson@gmail.com>
> Date: Sun, 24 Mar 2019 04:48:27 -0700
> Message-ID: <CAH1iCipSi+kT32d78Pi+hwPNyuw=iN3UTJmScNRS+UG+88G1zA@mail.gmail.com>
> Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ZKhwanjOyj5YtxzH4QOs8IsPsEs>

...i remain hopeful that google will adopt a DoT support policy for all 
services (such as Public DNS) _and all products_ (such as Chrome).

-- 
P Vixie