Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Christian Huitema <huitema@huitema.net> Fri, 22 March 2019 03:40 UTC

Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Christian Huitema <huitema@huitema.net>
In-Reply-To: <yblh8bv95l0.fsf@w7.hardakers.net>
Date: Fri, 22 Mar 2019 04:40:31 +0100
Cc: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, dnsop <dnsop@ietf.org>, DoH WG <doh@ietf.org>, Joe Abley <jabley@hopcount.ca>
Content-Transfer-Encoding: quoted-printable
Message-Id: <04C556AF-D3B3-41A5-B119-8FE5F81FB9A7@huitema.net>
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <3457266.o2ixm6i3xM@linux-9daj> <CA+9kkMDkKQtBDrXx9h8331_6zDtcChUTfqFe0W3JByxyB=4xLw@mail.gmail.com> <1914607.BasjITR8KA@linux-9daj> <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com> <a38cf205-b10e-e8e2-62cf-8e0377dfc1ef@brokendns.net> <4599B066-BA82-4EA8-92C1-F1BE1464A790@puck.nether.net> <b8c58757-3945-ea19-b018-8e59292abf30@cs.tcd.ie> <CAH1iCirBm0NKA2-zw--ZKd3gN1ZCmwZ7_ZOSyaTk+2SMmrtxKg@mail.gmail.com> <EA89EA1A-A1EA-4887-9294-4F68AB5C3211@puck.nether.net> <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca> <2145465817.5147.1553119548565@appsuite.open-xchange.com> <yblh8bv95l0.fsf@w7.hardakers.net>
To: Wes Hardaker <wjhns1@hardakers.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/sT_5Met6mNc7X7Fti6kdoOGvGF0>
Subject: Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator
Precedence: list

> On Mar 22, 2019, at 12:21 AM, Wes Hardaker <wjhns1@hardakers.net> wrote:
> 
> If DNS privacy is a goal, systems and applications SHOULD use DNS over
> TLS to encrypt traffic to their local resolver if possible (unless the
> system and application distrusts the local resolver infrastructure).

Maybe we should start by defining DNS Privacy. There are two issues: using an encrypted transport; and, using a DNS resolver trusted to respect the privacy of queries. Both are necessary. One without the other makes little sense.

Much of the debate is on the second point. One position is that users should be forced to trust the DNS resolver provided by the local infrastructure. Another position is that users have the right to apply their own policy and decide which server they will trust, based on some configuration.

-- Christian Huitema

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Warren Kumari
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephane Bortzmeyer
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ask Bjørn Hansen
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Vittorio Bertola
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Michael Sinatra
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Raymond Burkholder
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Raymond Burkholder
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Winfield, Alister
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator John Todd
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Vittorio Bertola
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Brian Dickson
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ralf Weber
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator John Levine
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eliot Lear
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Lemon
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eliot Lear
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Christian Huitema
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Hardie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eliot Lear
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Winfield, Alister
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Christian Huitema
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephen Farrell
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Brian Dickson
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephen Farrell
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator nalini elkins
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Brian Dickson
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephen Farrell
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Joe Abley
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jacques Latour
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Adam Roach
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator 神明達哉
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jacques Latour
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Vittorio Bertola
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jacques Latour
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Brian Dickson
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator John Levine
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jim Reid
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Wes Hardaker
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Christian Huitema
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Vittorio Bertola
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eric Rescorla
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ray Bellis
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Winfield, Alister
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator sthaug
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Joe Abley
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Winfield, Alister
Re: [DNSOP] [EXTERNAL] Re: [Doh] New I-D: draft-r… Joe Abley
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Eliot Lear
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Ted Lemon
Re: [DNSOP] [Doh] (dhc discovery) New I-D: draft-… Normen B. Kowalewski
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Bill Woodcock
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Livingood, Jason
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Joe Abley
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Puneet Sood
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Stephen Farrell
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Richard Bennett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Richard Bennett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Wes Hardaker
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Jared Mauch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Matthew Pounsett
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Paul Vixie
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Vittorio Bertola
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Paul Wouters
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Olli Vanhoja
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Daniel Stenberg
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Mark Andrews
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ian Swett
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… sthaug
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Valentin Gosu
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ray Bellis
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Stephen Farrell
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Eliot Lear
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Patrick McManus
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Brian Dickson
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ray Bellis
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator Puneet Sood
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Tony Finch
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Ted Lemon
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… Paul Vixie
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… tirumal reddy
Re: [DNSOP] [Doh] [EXTERNAL] Re: New I-D: draft-r… tirumal reddy