Re: [dnsoverhttp] Configured as trustworthy

Göran Eriksson AP <goran.ap.eriksson@ericsson.com> Fri, 16 June 2017 22:15 UTC

Return-Path: <goran.ap.eriksson@ericsson.com>
X-Original-To: dnsoverhttp@ietfa.amsl.com
Delivered-To: dnsoverhttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BD3E12944E for <dnsoverhttp@ietfa.amsl.com>; Fri, 16 Jun 2017 15:15:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6WlsM5Z35Ufv for <dnsoverhttp@ietfa.amsl.com>; Fri, 16 Jun 2017 15:15:13 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 839E5129455 for <dnsoverhttp@ietf.org>; Fri, 16 Jun 2017 15:15:08 -0700 (PDT)
X-AuditID: c1b4fb2d-ef7ff7000000080d-4d-59445868dc2f
Received: from ESESSHC001.ericsson.se (Unknown_Domain [153.88.183.21]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 79.30.02061.86854495; Sat, 17 Jun 2017 00:15:06 +0200 (CEST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (153.88.183.145) by oa.msg.ericsson.com (153.88.183.21) with Microsoft SMTP Server (TLS) id 14.3.339.0; Sat, 17 Jun 2017 00:15:04 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.onmicrosoft.com; s=selector1-ericsson-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4jf5XGNrz4fz6tDS9NuOcopm3tHepCEMbptlHfDtcGg=; b=eWJ5mh1VPg9Y2+i5apExj++gDP13pKwynZXhr3kNn+olybgQ0j1hFrwSiYTWjinAN5FCtHOsMvRUmSvhYemnzzo+zMwZlMm/9uLcuCF2egsCMVzh3o9eUD0BmiKlkKAPWbN0nvfWchmqih3yyV6FKYjxu9tLEa9NnvAawO3UucM=
Received: from VI1PR0701MB2128.eurprd07.prod.outlook.com (10.169.137.9) by VI1PR0701MB3040.eurprd07.prod.outlook.com (10.173.73.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1178.10; Fri, 16 Jun 2017 22:15:03 +0000
Received: from VI1PR0701MB2128.eurprd07.prod.outlook.com ([fe80::d844:db3c:b093:2f2f]) by VI1PR0701MB2128.eurprd07.prod.outlook.com ([fe80::d844:db3c:b093:2f2f%17]) with mapi id 15.01.1178.013; Fri, 16 Jun 2017 22:15:03 +0000
From: =?Windows-1252?Q?G=F6ran_Eriksson_AP?= <goran.ap.eriksson@ericsson.com>
To: Patrick McManus <pmcmanus@mozilla.com>
CC: "dnsoverhttp@ietf.org" <dnsoverhttp@ietf.org>
Thread-Topic: [dnsoverhttp] Configured as trustworthy
Thread-Index: AQHS5ukzKAqHxQzn/0KVwRVJ5a4LraIoBmEAgAApUoA=
Date: Fri, 16 Jun 2017 22:15:03 +0000
Message-ID: <D56A2069.3D8C6%goran.ap.eriksson@ericsson.com>
References: <D56A1CF5.3D8C3%goran.ap.eriksson@ericsson.com> <CAOdDvNphAaeLmDnaOPYi_ZNbVVb76uWT6ge=stfc1DKFgUDxOw@mail.gmail.com>
In-Reply-To: <CAOdDvNphAaeLmDnaOPYi_ZNbVVb76uWT6ge=stfc1DKFgUDxOw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.2.170228
authentication-results: mozilla.com; dkim=none (message not signed) header.d=none;mozilla.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [78.70.164.58]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0701MB3040; 7:4EL7QYq9syMNROzhSjRB5EBWcIoy4u8FgywJvwyNXEAexK8dhJNpa4U+05XsKPX18cBu59e1QBKGXsTeOsRiwvpOPIcN/nR7oV2rkAsIYk7TOaSrOY629lemv2MktukJYFwnbz/0KQoa7zRpH1SA1hlhYZ+gGwU5ce4LD5o02iGFlX5uuU3sj7JQMr9fXWGsD6sB4B1dRphERf4eHzzQ8sZ08Oys8buS/R8UoEXKLbB8gOCQvFrDqHiXVXWYRnGvDw57hmEonCDtpns+fUleDRKJBO7ZaRmZI0osNTE2fDk2J8Z8gR5nqLKPdCYmTggaQpLoK3IHBWKCDhylqDDTORwJHxUPeXMoMxqMS9I3n9ZdATOywOozcznEzNG/bczeYI7kELjAHyC/mxGandHqmUZnGFaXjJqCXvc6ONDJoj0MNbh3vk70JZuyyd5eqz5Rtf30abcGIwc8envWv3/rjJgqa5b5sU/KOGah0zDfqnENMilzxRPprHzbIsiKFhTHFyVr32+X7h7Xb6iXI9mpN0BJpWgbmcAMeX0BFlYopgpiq+WUyBqJ1Uitn+n25jeVvA4Cf2wojXZOty7YeiEDiUF7zIkicnlAdZqf0gg/PiEToXh5ObPMjMnbvO1KOK5haF2+2r/y//mMZT/YGXiPlCHcjyplAl6qA3t++jAzAaVHF69fsFcmARn9D1lylAgrOOYpULBunJssFXG3ZtUz2tHjDYnIFlAyKkryjHGbHIWobP0m+LXUAgpSipcdvP7YxiVy2YDeZpgQmNKMBqu+UO8oa0Atwy/VCX6tyYLVVwM=
x-ms-office365-filtering-correlation-id: 5364f102-964e-41ae-7265-08d4b5052345
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081)(201702281549075); SRVR:VI1PR0701MB3040;
x-ms-traffictypediagnostic: VI1PR0701MB3040:
x-microsoft-antispam-prvs: <VI1PR0701MB304066F1A57DDAA4155CFD84D9C10@VI1PR0701MB3040.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(100000703101)(100105400095)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123560025)(20161123555025)(20161123564025)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR0701MB3040; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR0701MB3040;
x-forefront-prvs: 0340850FCD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39450400003)(39840400002)(39860400002)(39410400002)(39850400002)(39400400002)(6436002)(14454004)(5660300001)(8936002)(6246003)(66066001)(6486002)(81166006)(4326008)(8676002)(54356999)(50986999)(76176999)(86362001)(478600001)(25786009)(2906002)(36756003)(5250100002)(3846002)(102836003)(6116002)(38730400002)(6512007)(2900100001)(53936002)(4001350100001)(54896002)(3280700002)(3660700001)(99286003)(110136004)(7736002)(6916009)(6506006)(2950100002)(189998001)(83506001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0701MB3040; H:VI1PR0701MB2128.eurprd07.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_D56A20693D8C6goranaperikssonericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jun 2017 22:15:03.5269 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB3040
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrKKsWRmVeSWpSXmKPExsUyM2K7qG5WhEukwb8mNYuFc7ws9u/5y+7A 5LFkyU8mj74DXawBTFFcNimpOZllqUX6dglcGVMePWIs2KdQ0Xu1m6mB8bx0FyMnh4SAicSJ BVeZuhi5OIQEjjBKNF//D+WcYJRYfuwPM4jDItDLLLHk0z42iMxMJol/74+zQDjPGSWWzXjP DjKMTcBX4v+cvawgtoiAlsTRpRPB4swChhIX759kArGFgRbuWNHIAlFjKnHhymZ2CNtKYl7/ WjYQm0VAVeLw58NgcV4Ba4l72yZD3dTEKPHh/nmgIg4OToFAib/HI0FqGAXEJL6fWsMEsUtc 4taT+UwQzwlILNlznhnCFpV4+fgf2G2iAnoS+/59BfuGUWAio8TNu5tYIIoUJGbveQPVLCtx aX43I0iRhMAjNol1y3ZCJXwlfq2/D9UA1P1irTmErSPx9sVrVpDjJATyJdauE4YIW0usfPWB FWLOMVaJg6s2Q10kI/Fq6QeWCYzas5AcDmHHS3zpWsk6CxwAghInZz5hgYgbSLw/N58ZwtaW WLbwNZStL7Hxy1lGCNtDYkvTVSZkNQsYOVYxihanFhfnphsZ66UWZSYXF+fn6eWllmxiBCam g1t+6+5gXP3a8RCjAAejEg/vCXOXSCHWxLLiytxDjBIczEoivAa+QCHelMTKqtSi/Pii0pzU 4kOM0hwsSuK8DvsuRAgJpCeWpGanphakFsFkmTg4pRoYpc5tONJwJmZO3kee41u/FfExXtt5 cM6RO9fEHOxnWp4MXTdD2TW23fJArlLMJdfc1Xeij3/8ldrIeurlCQPRC99q1UUsefacWt9w 60RCiIRpg+yUPo5l7+Lft13qzcm9nPw+7qi2el1E4PVNHvsWJC3OsXh0skuupvik9yeVIMHy MvlH1ue0lFiKMxINtZiLihMByiexfEgDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsoverhttp/yEZVwFdl8HflkNC07tmIOuJs9rw>
Subject: Re: [dnsoverhttp] Configured as trustworthy
X-BeenThere: dnsoverhttp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of DNS over HTTP <dnsoverhttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsoverhttp/>
List-Post: <mailto:dnsoverhttp@ietf.org>
List-Help: <mailto:dnsoverhttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jun 2017 22:15:16 -0000

Tnx

as with most things https, the protocol doesn't try to define a policy for the client - though I think this could still use a little more non-normative exploration of the possibilities..

Yeah- the value of the MUST is of course dependent of the precision and clarity of the text following it, :-).

the existing text just asks you to consider the scope of authority for the server when considering poisoning attacks. (so a dns api server configured for the role of recursive resolver is basically configured as trustworthy for everything, but other roles have lesser scope..)

Right. Any thoughts about allowing the origin (of a web app) to provide the UA with a ‘signal’ on its preferences (fully aware of this more being an API question but such matters would have a potential impact on the protocol as well)? Or is that outside the scope of this draft/work?