Re: [DNSOP] extension of DoH to authoritative servers

Ted Lemon <mellon@fugue.com> Tue, 12 February 2019 21:00 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 690A8130DBE for <dnsop@ietfa.amsl.com>; Tue, 12 Feb 2019 13:00:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XlD_DFz7zeJH for <dnsop@ietfa.amsl.com>; Tue, 12 Feb 2019 13:00:06 -0800 (PST)
Received: from mail-pl1-x635.google.com (mail-pl1-x635.google.com [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 06A81128B36 for <dnsop@ietf.org>; Tue, 12 Feb 2019 13:00:06 -0800 (PST)
Received: by mail-pl1-x635.google.com with SMTP id b5so46846plr.4 for <dnsop@ietf.org>; Tue, 12 Feb 2019 13:00:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=QutSRogbe0cF/Hdjne0indgsO6oOdOc8mGkzT7oqqIA=; b=OfdLILY5hiKNdIdGisptwhHl49wEMkafPQ4BAsDE5V2x0btFozW2FLHmOqKq91X7fx VjeBRf+rDALdkmIQWBK/OYj3fDnHSR9tEAvMSBySaTDRZAWtkbbPugrLMYhF77F3eIPY 84jg7fVRDqVK2An7gWeBaFl/JPtQlHmCIXhW67bZmCiLpqXoKK6z3OL5/ULWG43TvVr9 itpmnFuI/ylOhO3bT1mAoD+WPRzQ/+OJYyMoz/kFcI9EkflmS45vONtyaC7AiVoSdxVg zDMwr/SDZrF4V7Z1gjYdpBvKUxmwtuDxRWFMHByTPRW51nHBHnAb2/NSPhMx+S2NI3Rz +NhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=QutSRogbe0cF/Hdjne0indgsO6oOdOc8mGkzT7oqqIA=; b=YNWMtU5I8v5sMC4oXkBko8tRPydcMWzLPMk2ci0prhXoGnoqv5n7r3MKFECB43rfKt CpCFpJOocFWwsFqH4wHH6HY5Y71yT/kFkm/yHyFMvVONjzs68lZTxSYSAz1PYk8G+/q/ k/jM4VxpXAUkxavaFK7iBQk7iMLQ8lSxwunUcdVo8GGV3z5TzSJICQYrg0xxhwZy/5rI GZSSEyI+pji5nqwf2FvykW9mkR2HladhhjzAnibucq8RqUCX75U78aEzv7bytoxcChCK IqeAsrUVL3snzlTVuDV4HAcA3TvQA9Vjfsm8XSx8IaG6IvNymb7JQdNDKHBWNofEFW65 c4fw==
X-Gm-Message-State: AHQUAuYMGvJiL9qpf5ln+CGij33H2lSc7NqW3cqX6/Sq0BetA/HqJMKS 3M39fMVbjRCQ0enKR129wxaS5gfJQYIluA==
X-Google-Smtp-Source: AHgI3Ib4ajWEvqFBmRWhpcAY0O+WxNBUDwCE74SrpYzhHchCwR6RxLgAphxbXaFQAWJNKrunUwim5Q==
X-Received: by 2002:a17:902:f08b:: with SMTP id go11mr5914285plb.115.1550005205100; Tue, 12 Feb 2019 13:00:05 -0800 (PST)
Received: from [17.230.171.141] ([17.230.171.141]) by smtp.gmail.com with ESMTPSA id p2sm18560937pgc.94.2019.02.12.13.00.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Feb 2019 13:00:04 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <3C1FF728-2F31-4884-B7E9-55DF4E15AEB6@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9AA6B010-9734-4272-84FA-1B33EBABCDAC"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Tue, 12 Feb 2019 13:00:02 -0800
In-Reply-To: <d1f66089-1e78-15f6-269c-33ced12c2738@redbarn.org>
Cc: David Conrad <drc@virtualized.org>, dnsop <dnsop@ietf.org>
To: Paul Vixie <paul@redbarn.org>
References: <2019021215560470371417@cnnic.cn> <20190212083908.w5cwgtmypkjwmqnd@nic.fr> <ecfdb33d-7925-f762-6788-68b7a659a3d8@redbarn.org> <43FF2435-37C6-43B0-B97C-59D23AD2A9C2@virtualized.org> <873fe3e1-58e4-38a7-eb11-37509f9b7ff4@redbarn.org> <D01BFEEE-746D-4F30-A3CE-497D4AFA8CC5@fugue.com> <7cdbd8a8-2bf4-992e-3197-ca17e7352a5b@redbarn.org> <725FD25D-FCE9-4740-A001-79369AFDEB78@fugue.com> <d1f66089-1e78-15f6-269c-33ced12c2738@redbarn.org>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/kxrhLc1qdxW1c3HeRpUCRBjbMHk>
Subject: Re: [DNSOP] extension of DoH to authoritative servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 21:00:07 -0000

On Feb 12, 2019, at 12:48 PM, Paul Vixie <paul@redbarn.org> wrote:
> i realize that the political tacticians who designed DoH are searching for a world in which network operators have no control plane choices. i think they're proceeding from the mistaken belief that all control is evil, and that all network operators are equally deserving of disintermediation. and other mistaken beliefs as well, which i won't enumerate.

I still feel like we are talking past each other.

What I am saying is that there are a set of different mechanisms, all of which use port 443, in order to avoid being subjected to your control plane.   DoH is in principle one of these.   We do not disagree about this, as far as I can tell.

What I think we differ on is the idea that, in the absence of these “political tacticians” of whom you speak, that this problem would not exist.

What I am trying to point out is that the situation with DoH is a symptom of the problem you are not talking about, not the only instance of it.

You seem to be asserting that DoH is special among all other misuses of port 443.   But you haven’t explained why it is special.   This is what I was trying to tease out with my initial response to what you said.