Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

Michael Sinatra <michael@brokendns.net> Thu, 14 March 2019 16:18 UTC

Return-Path: <michael@brokendns.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC15D1312BB; Thu, 14 Mar 2019 09:18:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHE95SiuHTNS; Thu, 14 Mar 2019 09:18:38 -0700 (PDT)
Received: from burnttofu.net (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4FAE1312B2; Thu, 14 Mar 2019 09:18:30 -0700 (PDT)
Received: from elwha.brokendns.net (elwha.brokendns.net [IPv6:2607:f2f8:a544:0:0:0:0:2]) by burnttofu.net (8.15.2/8.15.2) with ESMTPS id x2EGIEJj070189 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Thu, 14 Mar 2019 12:18:16 -0400 (EDT) (envelope-from michael@brokendns.net)
Received: from nofx.lbl.gov (nofx.lbl.gov [IPv6:2620:83:8000:107::f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by elwha.brokendns.net (5.65c/IDA-1.4.4/5.63) with ESMTPSA id D7B4865BBA; Thu, 14 Mar 2019 09:18:15 -0700 (PDT)
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Brian Dickson <brian.peter.dickson@gmail.com>, Christian Huitema <huitema@huitema.net>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>, "Livingood, Jason" <Jason_Livingood@comcast.com>, "doh@ietf.org" <doh@ietf.org>
References: <1700920918.12557.1552229700654@appsuite.open-xchange.com> <76386691-c1aa-c48a-9b0d-67eb36a08a4f@redbarn.org> <CABcZeBOWM0Ps-j3V-CK6VPy0LAqeo7-t7odUZy+dk9d-oCSDsg@mail.gmail.com> <4935758.NkxX2Kjbm0@linux-9daj> <c2c2be47-0855-a9d1-dd53-2404edf4d02b@huitema.net> <807193999.19916.1552445819087@appsuite.open-xchange.com> <9e40ac38-fa10-bbdc-1bfc-302e0ca170df@huitema.net> <C72A7196-98CF-40DC-84C7-DA95BADD24B8@cable.comcast.com> <b52e7891-da9f-6972-fc42-bf3aeea0a10f@huitema.net> <CAH1iCioc7xbMRnfzukFNK+RE7ScFru8xEk32F=XbR0Mo+E371w@mail.gmail.com> <e1d74ebd-0a63-700f-f032-faaeeef73993@cs.tcd.ie> <ee21337b-65dc-7e81-2f2c-c1a7dec9440f@brokendns.net> <d118ab72-3b6f-32bb-1286-a716ce89171b@cs.tcd.ie>
From: Michael Sinatra <michael@brokendns.net>
Message-ID: <3bea2834-2fa7-958c-36e7-c74e6bed512f@brokendns.net>
Date: Thu, 14 Mar 2019 09:18:12 -0700
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.5.2
MIME-Version: 1.0
In-Reply-To: <d118ab72-3b6f-32bb-1286-a716ce89171b@cs.tcd.ie>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.6.2 (burnttofu.net [IPv6:2607:fc50:1:9d00:0:0:0:9977]); Thu, 14 Mar 2019 12:18:18 -0400 (EDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vPQth5anJrTGlTAjBJ6cKRHKtFs>
Subject: Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 16:18:54 -0000


On 3/13/19 6:17 PM, Stephen Farrell wrote:

> Those seem like unrelated (and repetitive) points, except for your
> attempt to try equate (I assume) a browser using DoH with malware.> That's the kind of overblown statement that detracts from any other
> reasonable points you may make (for me at least).

No, that's not quite it.  My point is that lots of people who support
DoH say that this cat is already out of the bag.  My point is to agree
with Paul and Jim and others who have noted that it's a matter of scale
and legitimization as a proposed standard that *differentiates* DoH from
malware.

Apologies if my previous post was too wordy or repetitive, so I'll just
sum it up: I question the assumption, made in these threads, that DoH
affords users more control.

thanks,
michael