Re: [DNSOP] [Ext] Re: New draft for consideration:

Warren Kumari <> Sun, 24 March 2019 11:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2BF091310FC for <>; Sun, 24 Mar 2019 04:48:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id f6jauW73hTHh for <>; Sun, 24 Mar 2019 04:48:11 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4EF531310A2 for <>; Sun, 24 Mar 2019 04:48:11 -0700 (PDT)
Received: by with SMTP id g1so3756424qki.5 for <>; Sun, 24 Mar 2019 04:48:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kjYUaYA+kybgBFmyfJ5AJt3OocfOstKxReL1hdCJE54=; b=JNGPPI59CQ95rA6SSf2poIpil43+c3FIbc2Cve95ORG1H6DEkSjt1z/+63TXoYu9n/ ufRqCYpoggGAL61ggi5LbL1RaSJHlGdlYYZLG1kG+OWQ2/IIw/hHJ1J8pD4e7jD2Ydm4 E/hGJO+T0yYSs9OHK5c3cTFoq+UtC6m9N8MyNwMGkzsZAopGQ/fYPcW+JYPB4UQudn8x Q6+iodsIvYKFQ6odi6rM20zCvvNyfEkx9qyLwkv5vUVHLNYa/X4FqQh7J9PJQH7mAduN pgDGMOFsvua78M28uWClK0HuKjx6YgTUvz4vUXXoaqq3UtNLvaMs2MbDhgkCA+TpQXOY olQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kjYUaYA+kybgBFmyfJ5AJt3OocfOstKxReL1hdCJE54=; b=NCnCZNjPmVTwiAkn8Pb+VK9sZf8z+7fwOLvuoTrHltNaY6FocHxAk+F/5xYMeLLiD5 gXFYoyrzCjFhsHp03Z1FBC0HsYQaoHVx20VqE/0vKC0aloOJaXduNADJbgJbhVwuvyX+ RO/RxvBP6c/MvrSqQEd7UsNWy3QMWUO9DFCFynQJdH0Bw2ENHKv5haRpdUrWcOXQxdab +z4VuQTpsogqu36UWIUfsL/J+mDJyNpRtbtxe/cBDrOobwpsLk1VmBnThsql4Zwp2IFy DbW17bcblE/9eoFuz2DJpqaEiN1tzHyr0yl++wuhgq9FlUWB4NUkLci052IXVhWI3uCW zkpg==
X-Gm-Message-State: APjAAAUtZcK25/Qgy3nMgd8PoBlqwGklJFLDWxqHUjYccilK6D924DA6 02sMCQkY5okHjEIqs5YiEpXo/cQGMKWrHJ84AC0XHQ==
X-Google-Smtp-Source: APXvYqyOmtcjZNXLYDtjsg1LGxhR+TbghLIsAaAvapVrgjv4JDOck2/qbsNcJYpuDGGa/1BrUGqtru3EVUbnIT98/FE=
X-Received: by 2002:a05:620a:1008:: with SMTP id z8mr7980696qkj.264.1553428090141; Sun, 24 Mar 2019 04:48:10 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Warren Kumari <>
Date: Sun, 24 Mar 2019 12:47:32 +0100
Message-ID: <>
To: Paul Hoffman <>
Cc: bert hubert <>, dnsop <>
Content-Type: multipart/alternative; boundary="0000000000007f55100584d5a917"
Archived-At: <>
Subject: Re: [DNSOP] [Ext] Re: New draft for consideration:
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 24 Mar 2019 11:48:19 -0000

On Sun, Mar 24, 2019 at 11:46 AM Paul Hoffman <>

> On Mar 24, 2019, at 11:18 AM, bert hubert <>
> wrote:
> > It may be good to add a note that "DoH is the protocol as defined in
> > [RFC8484]. The operation of this protocol by browser vendors and cloud
> > providers is frequently also called 'DoH'. DoH-the-protocol is
> > therefore frequently conflated with DoH being used to perform
> > DNS lookups in a different fashion than configured by the network
> settings
> > (see DaT and DaO)."
> A much better outcome would be that people who are saying DoH when they
> mean DaT or DaO would use the new terms. That is, this is a forward-looking
> document because we're making up new terms.

<no hats>
This is likely to be an annoying comment, but I don't really like the DaO
"acronym", simply because I'm not sure how people will pronounce it -- I
could see people mishearing "DaO" as "DoH", or the other way round --
unfortunately I don't have a better suggestion. Is it just me who has this

</no hats>

> > Secondly, I understand the technical need for the wording of the
> definition
> > of DaO.  But I had to read this all a few times before I understood that
> > 'DaO' includes what I've referred to as DoC (DNS over Cloud). I think
> > definitions should be easy to understand because otherwise they don't
> > function.
> I fully agree; proposed changes to this wording are quite welcome. It's a
> new term, after all.
> > I'm also not too hot for conflating "user consciously changes
> > /etc/resolv.conf or equivalent" with "application makes the choice for
> the
> > user".
> The split here is more "someone changes from traditional without the user
> knowing, when the user cares". If you have a better way to express that,
> that would be great.
> > Perhaps we should talk about 'Per-application stubs'? Because this is the
> > nub.
> Maybe, but I'm hesitant to make the break that way because some
> applications' stubs use the traditional resolver, others don't. I would be
> hesitant to conflate those two.
> > I'm willing to write text once we have discussed this a bit.
> Thanks!
> --Paul Hoffman
> _______________________________________________
> DNSOP mailing list

I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of