Re: [DNSOP] Draft for dynamic discovery of secure resolvers

sthaug@nethelp.no Sun, 19 August 2018 18:48 UTC

Return-Path: <sthaug@nethelp.no>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F49B130E96 for <dnsop@ietfa.amsl.com>; Sun, 19 Aug 2018 11:48:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QaDIRDDkDTZw for <dnsop@ietfa.amsl.com>; Sun, 19 Aug 2018 11:48:44 -0700 (PDT)
Received: from bizet.nethelp.no (bizet.nethelp.no [IPv6:2001:8c0:9e04:500::1]) by ietfa.amsl.com (Postfix) with ESMTP id D5553130E93 for <dnsop@ietf.org>; Sun, 19 Aug 2018 11:48:43 -0700 (PDT)
Received: from localhost (bizet.nethelp.no [IPv6:2001:8c0:9e04:500::1]) by bizet.nethelp.no (Postfix) with ESMTP id 1DDCBE6077; Sun, 19 Aug 2018 20:48:42 +0200 (CEST)
Date: Sun, 19 Aug 2018 20:48:41 +0200
Message-Id: <20180819.204841.532639858.sthaug@nethelp.no>
To: Ted Lemon <mellon@fugue.com>
Cc: Doug Barton <dougb@dougbarton.us>, dnsop@ietf.org
From: sthaug@nethelp.no
In-Reply-To: <CAPt1N1muo07jvDmyM+oL96Ow1RXGcsgVKX51S86CUcedirzvew@mail.gmail.com>
References: <CAPt1N1nEH86yPvtoNqJ+xM-OFunEqr2x8s2LV_yFU1fkVt9WUQ@mail.gmail.com> <53074d98-a8ef-9127-edc7-d3e3188c2453@dougbarton.us> <CAPt1N1muo07jvDmyM+oL96Ow1RXGcsgVKX51S86CUcedirzvew@mail.gmail.com>
X-Mailer: Mew version 6.7 on Emacs 26 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/tvYiGVNEgZFfRJE_My-9CvhqbCM>
Subject: Re: [DNSOP] Draft for dynamic discovery of secure resolvers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Aug 2018 18:48:46 -0000

> The DHCP solution is compatible only with trust relationship two.   So if
> the IETF were to recommend this way of configuring DoH and DoT, we would
> essentially be throwing away the privacy benefits of DoH and DoT (assuming
> that such benefits exist).

I don't believe people are saying that the IETF should *recommend*
this way of configuring DoH and DoT - they're saying the DHCP option
should be *available*.

Are you saying that all DHCP options introduced so far have been the
IETF recommended way of configuring things?

Are you saying that no new DHCP option can be made available unless
the IETF recommends this way of configuring things?

Both of these sound equally unreasonable/unlikely to me...

Steinar Haug, AS2116