Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients
Paul Wouters <paul@nohats.ca> Wed, 13 March 2019 01:04 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1545C1311E3; Tue, 12 Mar 2019 18:04:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P05NnP2P0Q4O; Tue, 12 Mar 2019 18:04:34 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0270D1311B5; Tue, 12 Mar 2019 18:04:34 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 44JtsW11VnzKJY; Wed, 13 Mar 2019 02:04:31 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1552439071; bh=x2k8Mmmo03gTfzOs9pF0Al5B9U1AJ6EuLhTA5OrWGic=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=Fco5j8ToJEEsyGrt8jt2TdH0deV9muFxjiP8fh318DUZlg8IEQYtsSWME9HKHFrkw yG53G4j3PBxLVfKXAd72qdcKxBfeFb0C5h75MNhZB/w7e0ur7KsuY5bMG3GNYn2ilB kaelbefFWL4tGyapop1UVCrg62WI9hOs5n0kT2GU=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id xobr81eYOZIC; Wed, 13 Mar 2019 02:04:29 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Wed, 13 Mar 2019 02:04:28 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id B567C2FCD9; Tue, 12 Mar 2019 21:04:27 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca B567C2FCD9
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id AB5D540D35BD; Tue, 12 Mar 2019 21:04:27 -0400 (EDT)
Date: Tue, 12 Mar 2019 21:04:27 -0400
From: Paul Wouters <paul@nohats.ca>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
cc: dnsop <dnsop@ietf.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>, "doh@ietf.org" <doh@ietf.org>
In-Reply-To: <2d8f178f-9ba0-2b49-5553-b41a2da72310@cs.tcd.ie>
Message-ID: <alpine.LRH.2.21.1903122101280.7197@bofh.nohats.ca>
References: <1700920918.12557.1552229700654@appsuite.open-xchange.com> <2356055.DoC3vY7yXE@linux-9daj> <92a3c1c1-0e0b-50c4-252f-94755addf971@cs.tcd.ie> <7128698.bmqQpDD1M4@linux-9daj> <2d8f178f-9ba0-2b49-5553-b41a2da72310@cs.tcd.ie>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/kvNmcJUR7zvE5JUq75eiamfMnnQ>
Subject: Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 01:04:42 -0000
On Wed, 13 Mar 2019, Stephen Farrell wrote: > Hmm. Not sure what to make of that. DNSSEC presumably makes it > possible to detect interference, and yet RPZ (IIRC) calls for > not changing DNSSEC-signed answers. I don't get why an inability > to change is ok for the RPZ/DNSSEC context but not for DoH. no. RPZ allows filtering answers which would turn into BOGUS for DNSSEC validating clients. I am waiting for RPZ to be an RFC to start a bis document that moves the Answer to the Authoritative section, so you can indeed detect the network's desire for protecting you, and use DNSSEC to confirm you are not censored without consent. Paul ps. I owe the ISE a rpz document review, so it is partially my fault this is stuck now. I hope to get enough airplane time in the next two weeks to fix that :)
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… nalini elkins
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Christian Huitema
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… nalini elkins
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Paul Vixie
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… nalini elkins
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Christian Huitema
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Paul Vixie
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Konda, Tirumaleswar Reddy
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… nalini elkins
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Paul Vixie
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Eliot Lear
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… nalini elkins
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Daniel Stenberg
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Brian Dickson
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Eric Rescorla
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Stephen Farrell
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… nalini elkins
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Stephen Farrell
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Konda, Tirumaleswar Reddy
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Konda, Tirumaleswar Reddy
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Neil Cook
- Re: [DNSOP] [EXTERNAL] Re: [dns-privacy] [Doh] Ne… Winfield, Alister
- Re: [DNSOP] [EXTERNAL] [dns-privacy] [Doh] New: d… Eliot Lear
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Konda, Tirumaleswar Reddy
- Re: [DNSOP] [dns-privacy] [EXTERNAL] [Doh] New: d… Konda, Tirumaleswar Reddy
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Stephane Bortzmeyer
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Stephane Bortzmeyer
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Stephane Bortzmeyer
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Stephane Bortzmeyer
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Konda, Tirumaleswar Reddy
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Neil Cook
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Eric Rescorla
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Stephane Bortzmeyer
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Jim Reid
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Ralf Weber
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Neil Cook
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Jim Reid
- Re: [DNSOP] [dns-privacy] [EXTERNAL] [Doh] New: d… Eliot Lear
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Christian Huitema
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Christian Huitema
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Yishai Beeri (yishaib)
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Michael Sinatra
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Yishai Beeri (yishaib)
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Christian Huitema
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Stephen Farrell
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Stephen Farrell
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Brian Dickson
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Stephen Farrell
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Mark Andrews
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Paul Wouters
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Paul Wouters
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Stephen Farrell
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Raymond Burkholder
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Vittorio Bertola
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… nalini elkins
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Raymond Burkholder
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Vittorio Bertola
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Christian Huitema
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Raymond Burkholder
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Christian Huitema
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Vittorio Bertola
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Eliot Lear
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Konda, Tirumaleswar Reddy
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Christian Huitema
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Brian Haberman
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Livingood, Jason
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Christian Huitema
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Brian Dickson
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Stephen Farrell
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Brian Dickson
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Stephen Farrell
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Michael Sinatra
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Stephen Farrell
- Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertol… Adam Roach
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Michael Sinatra
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Ted Lemon
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Bob Harold
- Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertol… Paul Vixie
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… william manning
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Watson Ladd
- Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-… Paul Vixie