Re: [DNSOP] extension of DoH to authoritative servers
Ted Lemon <mellon@fugue.com> Tue, 12 February 2019 22:20 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7620130DDA for <dnsop@ietfa.amsl.com>; Tue, 12 Feb 2019 14:20:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QD4BmVC7CFN5 for <dnsop@ietfa.amsl.com>; Tue, 12 Feb 2019 14:20:21 -0800 (PST)
Received: from mail-pl1-x631.google.com (mail-pl1-x631.google.com [IPv6:2607:f8b0:4864:20::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48F5C130DD8 for <dnsop@ietf.org>; Tue, 12 Feb 2019 14:20:21 -0800 (PST)
Received: by mail-pl1-x631.google.com with SMTP id s1so126792plp.9 for <dnsop@ietf.org>; Tue, 12 Feb 2019 14:20:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=PenmjIZkZ5dyGjzd7kgPqdS4Ri9GSej3nbu8aqEfXtY=; b=ptIeVX6+/4k5nnQv87LAmbulyVgXLYCKLr67CkYP4P7daicRueOQyKo270cNcgbxk5 wenk4E5CZLqJVKYd+kBnK5+hO6pzE07vWZ0ZUAVHd0RB10Q7wODe608Y2o9FwYE9GB6x PyuWBJXCjsxlJb7RUEsely4gHyt5L1jMRW1o4F2BdRA40seuSx8xqjdy3EsIgy+Utzni pAmnVbZ4Za4v0qugD/MwN2F/0pyer0h9FLrWfJkuwJvmKfFAZU4xAKvZ7RzfQq4AHlFM NY24Y9qxQA4K92HU/TZ7dqXC1O+U0OTLDts6Ktwbne7CmC40IZfc7pytIO+vlrMEdOZc mTRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=PenmjIZkZ5dyGjzd7kgPqdS4Ri9GSej3nbu8aqEfXtY=; b=PLnAfuxwVst/aYYMBa1pqxn9031XqxMePy9EkF7JRUdq+GnAw1ONtmd2dwpDH45/m+ +ILBev1C/67L9l1EztVAlOdfZ9EcbvQrWDBnAu+9lXdF6+xPte5BwQi+CUR2lLRr0OLl Wz3ukERl0YYRsqeQqU3X9weohrj/rjDIDQWzh8s2761yufi/aEFKkEH3oWQkVXOVR5dT Q+yG0lKQVJCKGf2kHz1/IkPuD2GGHwCAyeCTav7YM9mmYWrAICQ0Z/DNRaOHxVE5c6zr U5OJT91YrzXQOf9KCScjNMlOC75slfxdnU+CiWM3h8erRAESS1gVV1G+DhRvnmHRYZU6 Vjpw==
X-Gm-Message-State: AHQUAuZKASCMO4JV6M0hAIApysZodTZo++XgnTeOTAnp+mNabLp2BdR9 Livdv0VFGDi0umS/POy//0DQFg==
X-Google-Smtp-Source: AHgI3IZk5dDa8abwdVSDSfNc6U33p75Tt6AilDgKyyHu/vqlbJXN6zqWytWjPaNpk5+7/AcaQBQnNQ==
X-Received: by 2002:a17:902:848f:: with SMTP id c15mr6102105plo.119.1550010020813; Tue, 12 Feb 2019 14:20:20 -0800 (PST)
Received: from [17.230.171.141] ([17.230.171.141]) by smtp.gmail.com with ESMTPSA id x2sm23815947pfx.78.2019.02.12.14.20.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Feb 2019 14:20:20 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <97C2ED2B-9086-4E3B-98FB-116E95281030@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7494A841-488D-46D2-9CF7-3F2D29817F3C"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Tue, 12 Feb 2019 14:20:18 -0800
In-Reply-To: <9e56da22-4fb5-1c68-3bfc-85283b0e8480@redbarn.org>
Cc: David Conrad <drc@virtualized.org>, dnsop <dnsop@ietf.org>
To: Paul Vixie <paul@redbarn.org>
References: <2019021215560470371417@cnnic.cn> <20190212083908.w5cwgtmypkjwmqnd@nic.fr> <ecfdb33d-7925-f762-6788-68b7a659a3d8@redbarn.org> <43FF2435-37C6-43B0-B97C-59D23AD2A9C2@virtualized.org> <873fe3e1-58e4-38a7-eb11-37509f9b7ff4@redbarn.org> <D01BFEEE-746D-4F30-A3CE-497D4AFA8CC5@fugue.com> <7cdbd8a8-2bf4-992e-3197-ca17e7352a5b@redbarn.org> <725FD25D-FCE9-4740-A001-79369AFDEB78@fugue.com> <d1f66089-1e78-15f6-269c-33ced12c2738@redbarn.org> <3C1FF728-2F31-4884-B7E9-55DF4E15AEB6@fugue.com> <cb9646e3-676d-c24f-240d-e0c8ed159e88@redbarn.org> <4C2F9639-6C22-4FB7-840B-0318B40C2193@fugue.com> <9e56da22-4fb5-1c68-3bfc-85283b0e8480@redbarn.org>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/oDitbL-hRV4ejjKEfNIyFEKIU8o>
Subject: Re: [DNSOP] extension of DoH to authoritative servers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 22:20:23 -0000
On Feb 12, 2019, at 2:18 PM, Paul Vixie <paul@redbarn.org> wrote: > lack of an IETF-approved standard with planned implementation by a half dozen tech giants, means that other malicious traffic will not be able to hide in the crowd, and can be made subject to policy, and complaints. So you’re saying that DoH traffic that’s not going to well-known IP addresses is easier to detect than DoH traffic going to well-known IP addresses?
- [DNSOP] extension of DoH to authoritative servers zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Jeremy Rand
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Wouters
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Wouters
- Re: [DNSOP] extension of DoH to authoritative ser… Joe Abley
- Re: [DNSOP] extension of DoH to authoritative ser… David Conrad
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Patrik Fältström
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… Ted Lemon
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… David Conrad
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… David Conrad
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Vixie
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Benno Overeinder
- Re: [DNSOP] extension of DoH to authoritative ser… Vittorio Bertola
- Re: [DNSOP] extension of DoH to authoritative ser… Vladimír Čunát
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… David Conrad
- Re: [DNSOP] extension of DoH to authoritative ser… Henderson, Karl
- Re: [DNSOP] extension of DoH to authoritative ser… Vladimír Čunát
- [DNSOP] DoH vs DoT vs network operators, and requ… Brian Dickson
- Re: [DNSOP] DoH vs DoT vs network operators, and … Warren Kumari
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Paul Wouters
- Re: [DNSOP] extension of DoH to authoritative ser… Jim Reid
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… zuopeng@cnnic.cn
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Stephane Bortzmeyer
- Re: [DNSOP] extension of DoH to authoritative ser… Jim Reid
- [DNSOP] Multiplexing DNS & HTTP over TLS (was: ex… Shane Kerr
- Re: [DNSOP] extension of DoH to authoritative ser… Vladimír Čunát
- Re: [DNSOP] extension of DoH to authoritative ser… Bjørn Mork
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS (was… Joe Abley
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS Klaus Malorny
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS Shane Kerr
- Re: [DNSOP] extension of DoH to authoritative ser… Tony Finch
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS John Levine
- Re: [DNSOP] extension of DoH to authoritative ser… Henderson, Karl
- Re: [DNSOP] Multiplexing DNS & HTTP over TLS Warren Kumari