Re: [DNSOP] extension of DoH to authoritative servers

Vittorio Bertola <vittorio.bertola@open-xchange.com> Wed, 13 February 2019 12:30 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F60B12DDA3 for <dnsop@ietfa.amsl.com>; Wed, 13 Feb 2019 04:30:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KUmqVx_Sz4AG for <dnsop@ietfa.amsl.com>; Wed, 13 Feb 2019 04:30:35 -0800 (PST)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06E16128CB7 for <dnsop@ietf.org>; Wed, 13 Feb 2019 04:30:35 -0800 (PST)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id 854A46A27B; Wed, 13 Feb 2019 13:30:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1550061032; bh=xm/me/VExFucXbp6m/mCfBj4jVIMxdyOgplcHhLq/fo=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=RY85r9hf7g/Bv4efhu9dFuVYZoroRGjIW93IpebASqjrccib7A6UU4FmyHWJrBjvx lxc/ur8nVMldJqPxM6fKuXEHmGj3u4V+ge10+O761XOHgyLRs+m01+UYKT++HnGw9B Ndd0djWP+ODqT/7juumUunOZER009Ql+OyUbs8trJFyJ4UNB1GeE3vNrFS6e8c9oR/ FGU/Sc+wRKqjCl3GatRMelAU/+4Jgy1RKgoKTQCzZtCLCCnQP44Ws7ycxL616ugp+T rTRGv+KF4vESqNzMsYxh7qsg/sxnldsMgslJ0by7wVqOR7JOONQT3kHaou7i+LRd8y nQSnec5/LeYVA==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 77F8B3C0372; Wed, 13 Feb 2019 13:30:32 +0100 (CET)
Date: Wed, 13 Feb 2019 13:30:32 +0100 (CET)
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Ted Lemon <mellon@fugue.com>
Cc: dnsop <dnsop@ietf.org>
Message-ID: <883611603.11230.1550061032427@appsuite.open-xchange.com>
In-Reply-To: <3C1FF728-2F31-4884-B7E9-55DF4E15AEB6@fugue.com>
References: <2019021215560470371417@cnnic.cn> <20190212083908.w5cwgtmypkjwmqnd@nic.fr> <ecfdb33d-7925-f762-6788-68b7a659a3d8@redbarn.org> <43FF2435-37C6-43B0-B97C-59D23AD2A9C2@virtualized.org> <873fe3e1-58e4-38a7-eb11-37509f9b7ff4@redbarn.org> <D01BFEEE-746D-4F30-A3CE-497D4AFA8CC5@fugue.com> <7cdbd8a8-2bf4-992e-3197-ca17e7352a5b@redbarn.org> <725FD25D-FCE9-4740-A001-79369AFDEB78@fugue.com> <d1f66089-1e78-15f6-269c-33ced12c2738@redbarn.org> <3C1FF728-2F31-4884-B7E9-55DF4E15AEB6@fugue.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.1-Rev7
X-Originating-Client: open-xchange-appsuite
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/gymlY46gkDUkrHlxo859IejPua0>
Subject: Re: [DNSOP] extension of DoH to authoritative servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2019 12:30:36 -0000

> Il 12 febbraio 2019 alle 22.00 Ted Lemon <mellon@fugue.com>; ha scritto: 
> 
> What I am trying to point out is that the situation with DoH is a symptom of the problem you are not talking about, not the only instance of it.
> You seem to be asserting that DoH is special among all other misuses of port 443.   But you haven’t explained why it is special.   This is what I was trying to tease out with my initial response to what you said.

Well, DoH has a couple of very special features:

- it affects name resolution, which is the initial step for almost everything you do over the Internet;

- apparently, it will be deployed by default to the entire mankind or so.

It is quite different than some smart users or some specific applications using HTTPS (or VPNs) to bypass the local network operator and/or the local jurisdiction. In technical terms it might not be different, but in business, policy and political terms this makes all the difference.

Ciao,
 -- 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy