Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

Vittorio Bertola <vittorio.bertola@open-xchange.com> Wed, 13 March 2019 02:30 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B899D1277DB; Tue, 12 Mar 2019 19:30:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CnX6eX_OX6PF; Tue, 12 Mar 2019 19:30:17 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00BAF12705F; Tue, 12 Mar 2019 19:30:16 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id D66606A26A; Wed, 13 Mar 2019 03:30:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1552444214; bh=BxEC4LcXntdtLjgzl2RIWu7z4L3F0oLK/enfxlRYLWA=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=oBhLH3buG2JOLgjJzFi8aC6T0ar+aqRFwnPUJFdbn3a73ST+D+WS/+MUbDB2FQ4D+ z6XQfBStCN573g7Pc25RVvk/gJwBG8t/QA00UyPx3mU8wFxmnnHVRxRGE2momcBxb9 lJmQBgJspGFN71a9kxz5mql+wB2+KM4VsGdtVEcuTDvh8x4CHN/uWKl4xnF1+aVwM7 +Qe+5pkI100CZ+9qZBmLZOSA2bjTrBDSYbDDHl358Hw14TQ7cPn90o1h0Ibgo7Qon9 01TZOiOlqfDtt84qkJugFPxujpdx+teNvCep7fStNB9mpcpSSMe6kWJzepO9ZPM/di V5ePLi9H/AmHg==
Received: from appsuite-gw1.open-xchange.com (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id C8C7A3C0078; Wed, 13 Mar 2019 03:30:14 +0100 (CET)
Date: Wed, 13 Mar 2019 03:30:14 +0100
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: Raymond Burkholder <ray@oneunified.net>
Cc: dns-privacy@ietf.org, dnsop@ietf.org, doh@ietf.org
Message-ID: <190682238.19914.1552444214771@appsuite.open-xchange.com>
In-Reply-To: <b9b2f3d8-950b-4992-505e-4514cbc57479@oneunified.net>
References: <1700920918.12557.1552229700654@appsuite.open-xchange.com> <2356055.DoC3vY7yXE@linux-9daj> <92a3c1c1-0e0b-50c4-252f-94755addf971@cs.tcd.ie> <7128698.bmqQpDD1M4@linux-9daj> <b9b2f3d8-950b-4992-505e-4514cbc57479@oneunified.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.1-Rev9
X-Originating-Client: open-xchange-appsuite
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/nYMC8G3g8Pe_z8wfJGrN8TzDkEg>
Subject: Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2019 02:30:19 -0000

> Il 13 marzo 2019 alle 3.20 Raymond Burkholder <ray@oneunified.net> ha scritto:
> 
> It appears to me that there is considerable support for DoH, meaning 
> there is support for non-interference.

I think there is support within the IETF, but "non-interference" on DNS has lots of implications at the legal, business, policy and political levels, which implies that there are many more stakeholders than the technical community, and these stakeholders have never been asked what they think of this. This is part of the discussion that needs to happen to get to broad consensus on DoH deployment models, as opposed to a technical arms race to enable/stop DoH between the Web people on one side and the security, ISP and government people on the other.

> How would the requirements of each group be recognized?  The simplest 
> would be to not proceed with DoH.

My draft attempts exactly to promote a discussion to find the conditions (if any exist) under which DoH could be deployed  broadly without making any stakeholder group [too] unhappy.

Regards,
-- 

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com
Office @ Via Treviso 12, 10144 Torino, Italy