Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Paul Vixie <> Fri, 22 March 2019 17:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E69F513133D for <>; Fri, 22 Mar 2019 10:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ncuKf18EZSaM for <>; Fri, 22 Mar 2019 10:26:11 -0700 (PDT)
Received: from ( [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1FB40131339 for <>; Fri, 22 Mar 2019 10:26:11 -0700 (PDT)
Received: from [IPv6:2001:559:8000:c9:f831:b59c:1675:ff93] (unknown [IPv6:2001:559:8000:c9:f831:b59c:1675:ff93]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id C9CD0892C6 for <>; Fri, 22 Mar 2019 17:26:10 +0000 (UTC)
To: dnsop <>
References: <20190321225024.CC08320105BB28@ary.qy> <>
From: Paul Vixie <>
Message-ID: <>
Date: Fri, 22 Mar 2019 10:26:09 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/6.1.12
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 22 Mar 2019 17:26:13 -0000

Ted Lemon wrote on 2019-03-22 04:14:
> ... I don’t think
> there’s any reason to use DoH if you trust the local resolver.

i'd go further, but i won't, here.

instead i'll say, others go further, and say, centralization is nec'y 
for privacy because it sends queries through a blender, so that distant 
authorities or surveillers on the rdns/adns path, cannot tell where the 
original question came from. this whereness of originalness is more 
apparent if one uses an rdns that only serves a small pool of stubs.

i disagree, and i consider the argument absurd, but it's out there. i 
expect that at someone at some point will wake up and notice that this 
is also the privacy profile of ECS, which is not optional for stub users 
-- their rdns either uses it on upstream cache misses, or not.

sending pii to noncontracted parties is dangerous, among other things, 
to privacy (no matter how defined.)

P Vixie