Re: [DNSOP] [Doh] [hrpc] Proposal for a side-meeting on services centralization at IETF 104 Prague

Vittorio Bertola <vittorio.bertola@open-xchange.com> Thu, 14 March 2019 20:10 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4690E128AFB; Thu, 14 Mar 2019 13:10:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i8ScIuC2_70P; Thu, 14 Mar 2019 13:10:03 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08F541277DE; Thu, 14 Mar 2019 13:10:02 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id A3AAF6A295; Thu, 14 Mar 2019 21:10:00 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1552594200; bh=TU6jR6sYGs+YPGAnuVElGELx5Y9CgvkPn+gsYi9fMD0=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=hQQPkhOX906qGmOqgsKxWt9ywvRsN+Pc7sonvcApEqkYKrtw3Uke87q7adJ6SO8ZI y/9aUywrUQUd9ep1od0j/S7lq/DCiUBhfUCmlAWhmKuJTM/iVeedRETGhTCFTbBMg4 WYpj5VfXjsTLztsmY6bYfpRVx9sENA1InWN40RYDdTeVjVIvHZCQPTO6DsTVEy68xk VRr93xhjF7tu9CuTEEggNnguCbuguWSY3Va96ou72EmqZl/7K8PHfiieJ9bfUmu9Ls kPQpsKVQdSQulpcGMDTE1oTEgT1hjtnKKr6SLzJGKrmzwS5cITkA6BQZnWkBDJqEgu CIIgR2wB00lYw==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 94F423C06E9; Thu, 14 Mar 2019 21:10:00 +0100 (CET)
Date: Thu, 14 Mar 2019 21:10:00 +0100 (CET)
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: doh@ietf.org, dnsop@ietf.org, hrpc@irtf.org
Message-ID: <2135705037.762.1552594200563@appsuite.open-xchange.com>
In-Reply-To: <6a6b463c-0e67-c0cd-ca12-ea3dd298c401@cs.tcd.ie>
References: <20190311170218.o5hitvysuefhjjxk@nic.fr> <1829067625.16839.1552327024048@appsuite.open-xchange.com> <20190312090142.s32hdimbozsrbovt@nic.fr> <2044747.4WdMZHU4Qz@linux-9daj> <D97261BB-1D62-400F-8EBD-886B5BA586BD@fugue.com> <897EAAF7-0EF8-484A-B785-E4C46FCFA87F@fl1ger.de> <6a6b463c-0e67-c0cd-ca12-ea3dd298c401@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.1-Rev9
X-Originating-Client: open-xchange-appsuite
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/manJD5uAVBH8BSfDbNB3aB-aTFU>
Subject: Re: [DNSOP] [Doh] [hrpc] Proposal for a side-meeting on services centralization at IETF 104 Prague
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 20:10:06 -0000

> Il 14 marzo 2019 alle 15.53 Stephen Farrell <stephen.farrell@cs.tcd.ie>; ha scritto:
> 
> Hiya,
> On 14/03/2019 14:41, Ralf Weber wrote:
> > the DoH protocol caused some application providers to experiment with
> > switching resolution per default away from OS and the local network provider
>
> I wasn't aware that some application provider was doing this
> as their default (assuming that's what "per default" means).
> Can you provide details?
>
> I am aware of what FF/CF have done but I don't believe that
> was on by default.

What caused all this fuss is that they did not turn it on by default, but they publicly said they "would like" to do it in the future, here (at the end, "what is the status"):

https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/

and also here, more or less at half the text, they say "Firefox does not *yet* use DoH by default" (asterisks are mine):

https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/

Mozilla also had several calls with concerned parties in which they were asked to clarify, and they confirmed that while they are considering all the feedback, this is still in their plans for the future.

So we are not all having hallucinations here :-) and even if Mozilla decided to announce that their plans are changed and that idea is now off the table, which has not happened yet, now everyone is aware that this could be done by any application at any time in the future; so, speaking from a policy perspective, it would be nice to agree (if possible) that that is a bad idea, at least if certain conditions are not met, and record that consensus somewhere. It would not prevent anyone from doing something else if they want, but that's true of any standard; but it would at least provide some guidance for well behaved application makers.

Regards,
-- 
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com 
Office @ Via Treviso 12, 10144 Torino, Italy