Re: [DNSOP] Should we try to work on DNS over HTTP in dnsop?
Shane Kerr <shane@time-travellers.org> Thu, 17 December 2015 20:06 UTC
Return-Path: <shane@time-travellers.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5D7D1B2DED for <dnsop@ietfa.amsl.com>; Thu, 17 Dec 2015 12:06:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y22_Q5UWlkXQ for <dnsop@ietfa.amsl.com>; Thu, 17 Dec 2015 12:06:32 -0800 (PST)
Received: from time-travellers.nl.eu.org (c.time-travellers.nl.eu.org [IPv6:2a02:2770::21a:4aff:fea3:eeaa]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 449621B305C for <dnsop@ietf.org>; Thu, 17 Dec 2015 12:06:32 -0800 (PST)
Received: from [2001:960:7b5:2:224:9bff:fe13:3a9c] (helo=pallas.home.time-travellers.org) by time-travellers.nl.eu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <shane@time-travellers.org>) id 1a9eol-0001Hn-OH; Thu, 17 Dec 2015 20:06:27 +0000
Date: Thu, 17 Dec 2015 21:06:23 +0100
From: Shane Kerr <shane@time-travellers.org>
To: Robert Edmonds <edmonds@mycre.ws>
Message-ID: <20151217210623.620dee07@pallas.home.time-travellers.org>
In-Reply-To: <20151217020803.GA28588@mycre.ws>
References: <20151217020754.6915b71c@pallas.home.time-travellers.org> <20151217020803.GA28588@mycre.ws>
X-Mailer: Claws Mail 3.13.0 (GTK+ 2.24.28; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/kCDjKy4M3xCeD-Y0d0d6yzO0LFI>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Should we try to work on DNS over HTTP in dnsop?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 20:06:33 -0000
Robert, At 2015-12-16 21:08:03 -0500 Robert Edmonds <edmonds@mycre.ws> wrote: > Shane Kerr wrote: > > I have updated the DNS over HTTP review document that I sent some days > > ago. Thanks to Jinmei for reading it. > > > > As I mentioned before, if there is interest then my co-authors and I > > are happy to try to get the working group to adopt the document. If > > there is not interest, then we are happy to go forward with an > > individual submission. > > > > If I don't hear any positive support over the next week or two then > > that is a pretty clear sign that the working group has little > > interest. :) > > Hi, Shane: > > Given BCP 188 ("Pervasive Monitoring Is a Widespread Attack on Privacy" > and "The IETF Will Work to Mitigate Pervasive Monitoring"), I'm a bit > disappointed that "HTTPS" is spelled "HTTP(S)" in your document :-) If > you're going to go to the trouble of defining a new transport for DNS, > what's the rationale for allowing the transport to permit plaintext? I'm happy to add strong language documenting the pitfalls of insecure channels to the DNS over HTTP survey draft. Just to be clear, this document is a descriptive document, intended to be informational. It does not describe the details of any protocols, and steers clear of BCP 14/RFC 2119 words that indicate requirements. We (BII and Paul Vixie) are going to submit a separate draft with a protocol specification covering the HTTP-over-DNS protocol that Paul developed and we implemented an inter-operating proxy for. That SHALL include requirements and SHALL use RFC 2119 language. There we SHOULD consider TLS-secured sessions only. ;) Cheers, -- Shane
- [DNSOP] Should we try to work on DNS over HTTP in… Shane Kerr
- Re: [DNSOP] Should we try to work on DNS over HTT… George Michaelson
- Re: [DNSOP] Should we try to work on DNS over HTT… Robert Edmonds
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… Shumon Huque
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Wouters
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… Shane Kerr
- Re: [DNSOP] Should we try to work on DNS over HTT… Mark Delany
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… Tim Wicinski
- Re: [DNSOP] Should we try to work on DNS over HTT… Mark Delany
- [DNSOP] "anything goes" (was Re: Should we try to… Andrew Sullivan
- Re: [DNSOP] "anything goes" (was Re: Should we tr… joel jaeggli
- Re: [DNSOP] "anything goes" (was Re: Should we tr… Andrew Sullivan
- Re: [DNSOP] "anything goes" (was Re: Should we tr… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… Mark Delany
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… Mark Delany
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] "anything goes" (was Re: Should we tr… Tim Wicinski
- Re: [DNSOP] Should we try to work on DNS over HTT… Tony Finch
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Hoffman
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… Tony Finch
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… George Michaelson
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… George Michaelson
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… Phillip Hallam-Baker
- Re: [DNSOP] Should we try to work on DNS over HTT… George Michaelson
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Vixie
- Re: [DNSOP] Should we try to work on DNS over HTT… Paul Hoffman
- Re: [DNSOP] Should we try to work on DNS over HTT… Tony Finch