Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-reid-doh-operator

Joe Abley <jabley@hopcount.ca> Fri, 22 March 2019 10:20 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65594130EB0 for <dnsop@ietfa.amsl.com>; Fri, 22 Mar 2019 03:20:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WaUPrY2in_5I for <dnsop@ietfa.amsl.com>; Fri, 22 Mar 2019 03:20:32 -0700 (PDT)
Received: from mail-ot1-x342.google.com (mail-ot1-x342.google.com [IPv6:2607:f8b0:4864:20::342]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFB63130DE7 for <dnsop@ietf.org>; Fri, 22 Mar 2019 03:20:32 -0700 (PDT)
Received: by mail-ot1-x342.google.com with SMTP id x8so1442344otg.7 for <dnsop@ietf.org>; Fri, 22 Mar 2019 03:20:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=jVemUzsEzhgZBwmYNJSTetTq3fXcpvg+78JV2RDl1hg=; b=DGE3M60rjaqnHIhKw3/3mDk2lfw4iKaoKtOF0G7L5LKFz+5Q3XGthSp8pyIqwew4MG 9zrblYRw0T+O2PNO+iuV9SOEXQU6scK3FPXlwmovDvuB8rd84SihWB5LdWvNstTWatvV YexFJj8RqO00dd6kfERQnhKVNckZwh3Xxfgkc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=jVemUzsEzhgZBwmYNJSTetTq3fXcpvg+78JV2RDl1hg=; b=NbUwEJ1Hzekw7swN7qiyJJcJZ8PcQTyr8tOOhzl9H/T91mweoMH4G9LEWx+7w+30Dw PWzqgslpzDgv/zIwQs+0PSxWtOBl8FX4pN4d4t4kiKroR5q/rPLY/lX880NUELuozX9g 18hc83rONdxoSkm6RYu6JhBhZWe0bgMS5L9qt5DNPDc5dhI02A22LDrkGveymL5TZoGK ghqzCEC2dK7wik8YzjohOBMv3DTP/i7sJwSZ9H85NFVgDUe3igy5ejttlNSZpCI2akfQ L/dMGXgAOboZNHDKS48VSmjmdD0gcDl/HIeC1cz+/l4YaCNmCC+Tnhs7INCmuON8U7oQ eymg==
X-Gm-Message-State: APjAAAUjcXfrBUh+rCaBY0doZbpKbj9wQYSv680ZXIUiuAjPdr/o+zIP v3Pipkt3IkF3fOC8Ei6BEsCBjQ==
X-Google-Smtp-Source: APXvYqy4eRtVHcB41TcIZa9OAGvrEmObZhffgqLrzF10U6ZXlnxpi6EO28pzJCqcbI1mNrs6rgnk0w==
X-Received: by 2002:a9d:368:: with SMTP id 95mr6180459otv.49.1553250031909; Fri, 22 Mar 2019 03:20:31 -0700 (PDT)
Received: from [192.168.122.171] ([41.216.172.202]) by smtp.gmail.com with ESMTPSA id i17sm1849017otr.36.2019.03.22.03.20.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 03:20:30 -0700 (PDT)
From: Joe Abley <jabley@hopcount.ca>
Message-Id: <D244A8A6-8E63-4A45-AEF5-CB7EA91AA67D@hopcount.ca>
Content-Type: multipart/signed; boundary="Apple-Mail=_4C4F30ED-A0ED-452C-A88F-57F9B131CA4C"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Fri, 22 Mar 2019 11:20:23 +0100
In-Reply-To: <32A78B0C-52B6-46E5-A46F-D63D21DEC52C@sky.uk>
Cc: "sthaug@nethelp.no" <sthaug@nethelp.no>, Eric Rescorla <ekr@rtfm.com>, "dnsop@ietf.org" <dnsop@ietf.org>, "doh@ietf.org" <doh@ietf.org>, "huitema@huitema.net" <huitema@huitema.net>, "vittorio.bertola=40open-xchange.com@dmarc.ietf.org" <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, "wjhns1@hardakers.net" <wjhns1@hardakers.net>
To: "Winfield, Alister" <Alister.Winfield=40sky.uk@dmarc.ietf.org>
References: <04C556AF-D3B3-41A5-B119-8FE5F81FB9A7@huitema.net> <1878722055.8877.1553241201213@appsuite.open-xchange.com> <CABcZeBPmpN-cEPK92QQW3bkvc41Cx5g7B_YuUXCJK3j1qF995Q@mail.gmail.com> <20190322.101434.307385973.sthaug@nethelp.no> <32A78B0C-52B6-46E5-A46F-D63D21DEC52C@sky.uk>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/pooQiePnY6f4_KUdNla2IYsu3To>
Subject: Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-reid-doh-operator
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 10:20:35 -0000

On 22 Mar 2019, at 11:15, Winfield, Alister <Alister.Winfield=40sky.uk@dmarc.ietf.org> wrote:

> Okay sorry perhaps I should put it differently...
> 
> Don't overplay the privacy provided by DoH it has no effect on the DNS provider so any hint of 'privacy' should be caveated by stating its only as private as the company and country in which that company is founded, and where it operates servers.

100% agree that any choice by a sophisticated user would be less than full-informed if the endpoint wasn't considered along with the transport between the user and that endpoint.


Joe