Re: [DNSOP] extension of DoH to authoritative servers

Joe Abley <> Tue, 12 February 2019 17:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 23EC0129A87 for <>; Tue, 12 Feb 2019 09:31:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ebp7bnLX7oOG for <>; Tue, 12 Feb 2019 09:31:39 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9AFED127287 for <>; Tue, 12 Feb 2019 09:31:39 -0800 (PST)
Received: by with SMTP id w4so3932733qtc.1 for <>; Tue, 12 Feb 2019 09:31:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=nP4B4zTCR9PvnuI2fsF+7Da+3nCVGjI5isk45UsY/yE=; b=LEjXO/E00UoOT74lpo5N9f9lc8y+eHx54cmC2zBgzDacGw15y8BM4z0WUbK8TWasOq cWvu1dTEAejNDxWUoAjnDOmrIROR4v6lRf7UI5qJg6y34qOl+LBWAQ8L3o3/RW1Qdk4e j+I2Neh+Z1nEbTUDpv7s9IQ84mksCA8cS0F3Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=nP4B4zTCR9PvnuI2fsF+7Da+3nCVGjI5isk45UsY/yE=; b=WFw4XLAAVIJVD+Jc3unamQ+CiTjXt5l/RljW4L8jFEXVlI0tY4yvBKG4/XhjSn34Rp jIwMgh9nHuQEn8tbXxr58U44cGTHIWC2hqfi6VrCxwdt3ePv9OQD4hoUxEFc8nSPS12X lTlWa5hNPLwY+apsqtke2j87hyy0xtcAMpO85yux8yGZIA1eCbTQkTBqVXmrUUcsns5g kVmf3vLi2lWLCtJlXrSh2x0IRUkgA6KqRh5tHjjWh1AQDCx1IVH7iIdUdAduU61lwoVu 6touj7ORlb29fxvMbyeYoq75AKLcwVR+/IPDgf8t6lgjYXzoMJM9o7TDzHzRwaoAnz+i 6jbw==
X-Gm-Message-State: AHQUAuZjtO62rF8RRplq2cl9QF2GOJ5Knixg7QkbaUYn4fROCZyiWzPg 4pa/kbZ3K51XRSdu0pzA0Li1gsQkSCo=
X-Google-Smtp-Source: AHgI3IbkEnrSnHTetgmLRPU4o8KIyrKe7XiazWWa2PMVb1y93ztiuwktA92DjZXu2AbElLEOl1WpcA==
X-Received: by 2002:a0c:8184:: with SMTP id 4mr3578788qvd.173.1549992698383; Tue, 12 Feb 2019 09:31:38 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id c10sm5194465qtm.64.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Feb 2019 09:31:37 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Joe Abley <>
In-Reply-To: <>
Date: Tue, 12 Feb 2019 12:31:35 -0500
Cc: dnsop <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <>
To: Paul Wouters <>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <>
Subject: Re: [DNSOP] extension of DoH to authoritative servers
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 12 Feb 2019 17:31:42 -0000

On 12 Feb 2019, at 12:22, Paul Wouters <> wrote:

> On Tue, 12 Feb 2019, Paul Vixie wrote:
>> this is especially vital for IoT, whose makers will never be profitable other than from data they collect.
> I hope those makes will be unprofitable and close shop.
> IoT devices should be designed to be accessed through secure VPN or TLS
> connections, without going through vulnerable large scale server farms
> in unknown or unpleasant countries invading my human privacy rights.
> For example, I'm using my hue lights with or without VPN, without telling
> Philips when I turn the lights on or off and without telling philips
> when I am near or not near by house.

As an aside, it looks to me like Philips are making Hue viable with a price point that makes them invisible to the average consumer. The Internet is awash with smart lights with apparently equivalent functionality and a price point that is 90% lower. Either Philips have the biggest margin on consumer electronics the world has ever seen, or the manufacturers of the cheap alternatives are getting paid in ways other than money.

In terms of volume (which is what we care about if we are worried about numbers of active devices) Hue is a rounding error.