Re: [Doh] [Ext] Fallback to untrusted DOH servers

Tom Pusateri <pusateri@bangj.com> Mon, 23 April 2018 20:13 UTC

Return-Path: <pusateri@bangj.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D061D126D45 for <doh@ietfa.amsl.com>; Mon, 23 Apr 2018 13:13:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KD_iri-Sv5XQ for <doh@ietfa.amsl.com>; Mon, 23 Apr 2018 13:13:54 -0700 (PDT)
Received: from oj.bangj.com (amt0.gin.ntt.net [129.250.11.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F65A126B6E for <doh@ietf.org>; Mon, 23 Apr 2018 13:13:54 -0700 (PDT)
Received: from [172.18.245.14] (pool-108-18-165-70.washdc.east.verizon.net [108.18.165.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by oj.bangj.com (Postfix) with ESMTPSA id E9BDCE4B; Mon, 23 Apr 2018 16:13:06 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Tom Pusateri <pusateri@bangj.com>
In-Reply-To: <302013A3-DA11-4398-A226-64939FC4DA46@icann.org>
Date: Mon, 23 Apr 2018 16:13:48 -0400
Cc: DoH WG <doh@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <978B235F-9700-43DB-833B-C1AA02438E52@bangj.com>
References: <f17cbdf0-cd88-9fa9-c83d-26e2cf13b8c1@o2.pl> <21B4DD30-46B0-4E63-833E-FDE66EF28F95@icann.org> <765e9e5a-9b8c-fa1c-85b5-da824807e609@o2.pl> <CAOdDvNrC6VGQtCYgLOoRvwCGn0kRJuchncFj4m5r_KZ-ig7=NA@mail.gmail.com> <28678acd-f67d-7f95-273f-26ed1115d3ee@o2.pl> <75B0BB57-A222-4328-A155-E5C351DEB7CC@icann.org> <3457562c-5576-18ea-a764-d485d870b5ea@o2.pl> <CAOdDvNqft5RwHcf1Ds-nzCZ=ha1weBTwbP4KzMLoHHwJQt0bVQ@mail.gmail.com> <46145a1e-99a9-405f-9f5c-4b85005feaf9@o2.pl> <BFBE3B13-15DF-45D5-8E8A-A4DC5B476357@icann.org> <CAHbrMsBHV5z5oNJrTvmvAPO79PRSufgGSY_NFePz34xNX4R+vQ@mail.gmail.com> <BF72EBFC-ACFB-49BE-BE7F-5F1AA81E73B0@bangj.com> <302013A3-DA11-4398-A226-64939FC4DA46@icann.org>
To: Paul Hoffman <paul.hoffman@icann.org>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/0nSfrJT3Nkgy2jPveVpvyC2yBUY>
Subject: Re: [Doh] [Ext] Fallback to untrusted DOH servers
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2018 20:13:56 -0000

> On Apr 23, 2018, at 4:05 PM, Paul Hoffman <paul.hoffman@icann.org> wrote:
> 
> On Apr 23, 2018, at 12:45 PM, Tom Pusateri <pusateri@bangj.com> wrote:
>> Willem Toorop and I are working on a DHCPv6 draft for discovering DNS-over-TLS, DNS-over-DTLS, DNS-over-DoH. We have been experimenting with different ISC DHCP options to make it as easy to introduce as possible.
> 
> 1) Why just DHCPv6? DHCPv4 still seems relevant to many of us. :-)
> 

We also planned to do IPv4. We started with IPv6 because the option space was more flexible and we could come up with the optimal format. Then we could do IPv4 and make compromises if needed to handle the differences once we had worked out the ideal solution.

> 2) Is there a mailing list for "DNS resolver discovery" that this is being discussed on?
> 
> --Paul Hoffman

Not that I know of. It’s just private emails between Willem and I. We planned on submitting it to the DHC working group but copying DNS WGs for feedback. I will report back with a forum once we finish writing a few things down. The work is being done on github and we may be able to just use that forum.

Tom