Re: [DNSOP] extension of DoH to authoritative servers

Ted Lemon <mellon@fugue.com> Tue, 12 February 2019 22:20 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7620130DDA for <dnsop@ietfa.amsl.com>; Tue, 12 Feb 2019 14:20:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QD4BmVC7CFN5 for <dnsop@ietfa.amsl.com>; Tue, 12 Feb 2019 14:20:21 -0800 (PST)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48F5C130DD8 for <dnsop@ietf.org>; Tue, 12 Feb 2019 14:20:21 -0800 (PST)
Received: by mail-pl1-x631.google.com with SMTP id s1so126792plp.9 for <dnsop@ietf.org>; Tue, 12 Feb 2019 14:20:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=PenmjIZkZ5dyGjzd7kgPqdS4Ri9GSej3nbu8aqEfXtY=; b=ptIeVX6+/4k5nnQv87LAmbulyVgXLYCKLr67CkYP4P7daicRueOQyKo270cNcgbxk5 wenk4E5CZLqJVKYd+kBnK5+hO6pzE07vWZ0ZUAVHd0RB10Q7wODe608Y2o9FwYE9GB6x PyuWBJXCjsxlJb7RUEsely4gHyt5L1jMRW1o4F2BdRA40seuSx8xqjdy3EsIgy+Utzni pAmnVbZ4Za4v0qugD/MwN2F/0pyer0h9FLrWfJkuwJvmKfFAZU4xAKvZ7RzfQq4AHlFM NY24Y9qxQA4K92HU/TZ7dqXC1O+U0OTLDts6Ktwbne7CmC40IZfc7pytIO+vlrMEdOZc mTRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=PenmjIZkZ5dyGjzd7kgPqdS4Ri9GSej3nbu8aqEfXtY=; b=PLnAfuxwVst/aYYMBa1pqxn9031XqxMePy9EkF7JRUdq+GnAw1ONtmd2dwpDH45/m+ +ILBev1C/67L9l1EztVAlOdfZ9EcbvQrWDBnAu+9lXdF6+xPte5BwQi+CUR2lLRr0OLl Wz3ukERl0YYRsqeQqU3X9weohrj/rjDIDQWzh8s2761yufi/aEFKkEH3oWQkVXOVR5dT Q+yG0lKQVJCKGf2kHz1/IkPuD2GGHwCAyeCTav7YM9mmYWrAICQ0Z/DNRaOHxVE5c6zr U5OJT91YrzXQOf9KCScjNMlOC75slfxdnU+CiWM3h8erRAESS1gVV1G+DhRvnmHRYZU6 Vjpw==
X-Gm-Message-State: AHQUAuZKASCMO4JV6M0hAIApysZodTZo++XgnTeOTAnp+mNabLp2BdR9 Livdv0VFGDi0umS/POy//0DQFg==
X-Google-Smtp-Source: AHgI3IZk5dDa8abwdVSDSfNc6U33p75Tt6AilDgKyyHu/vqlbJXN6zqWytWjPaNpk5+7/AcaQBQnNQ==
X-Received: by 2002:a17:902:848f:: with SMTP id c15mr6102105plo.119.1550010020813; Tue, 12 Feb 2019 14:20:20 -0800 (PST)
Received: from [17.230.171.141] ([17.230.171.141]) by smtp.gmail.com with ESMTPSA id x2sm23815947pfx.78.2019.02.12.14.20.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Feb 2019 14:20:20 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <97C2ED2B-9086-4E3B-98FB-116E95281030@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7494A841-488D-46D2-9CF7-3F2D29817F3C"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Tue, 12 Feb 2019 14:20:18 -0800
In-Reply-To: <9e56da22-4fb5-1c68-3bfc-85283b0e8480@redbarn.org>
Cc: David Conrad <drc@virtualized.org>, dnsop <dnsop@ietf.org>
To: Paul Vixie <paul@redbarn.org>
References: <2019021215560470371417@cnnic.cn> <20190212083908.w5cwgtmypkjwmqnd@nic.fr> <ecfdb33d-7925-f762-6788-68b7a659a3d8@redbarn.org> <43FF2435-37C6-43B0-B97C-59D23AD2A9C2@virtualized.org> <873fe3e1-58e4-38a7-eb11-37509f9b7ff4@redbarn.org> <D01BFEEE-746D-4F30-A3CE-497D4AFA8CC5@fugue.com> <7cdbd8a8-2bf4-992e-3197-ca17e7352a5b@redbarn.org> <725FD25D-FCE9-4740-A001-79369AFDEB78@fugue.com> <d1f66089-1e78-15f6-269c-33ced12c2738@redbarn.org> <3C1FF728-2F31-4884-B7E9-55DF4E15AEB6@fugue.com> <cb9646e3-676d-c24f-240d-e0c8ed159e88@redbarn.org> <4C2F9639-6C22-4FB7-840B-0318B40C2193@fugue.com> <9e56da22-4fb5-1c68-3bfc-85283b0e8480@redbarn.org>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/oDitbL-hRV4ejjKEfNIyFEKIU8o>
Subject: Re: [DNSOP] extension of DoH to authoritative servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 22:20:23 -0000

On Feb 12, 2019, at 2:18 PM, Paul Vixie <paul@redbarn.org>; wrote:
> lack of an IETF-approved standard with planned implementation by a half dozen tech giants, means that other malicious traffic will not be able to hide in the crowd, and can be made subject to policy, and complaints.

So you’re saying that DoH traffic that’s not going to well-known IP addresses is easier to detect than DoH traffic going to well-known IP addresses?