Re: [Doh] Mozilla's plans re: DoH

Vittorio Bertola <> Thu, 28 March 2019 20:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BF7AA1202C0 for <>; Thu, 28 Mar 2019 13:41:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xeF5_AvppwMt for <>; Thu, 28 Mar 2019 13:41:51 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 36F2D120287 for <>; Thu, 28 Mar 2019 13:41:50 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 360A56A273; Thu, 28 Mar 2019 21:41:48 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=201705; t=1553805708; bh=yMXWAwdpnDQNXBaSbDiA20cAcRwfsAk+mAqlRsMH/lQ=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=xA6Orl0smsj1LdqctZYQsuDY2P983SsfX8VoUH28D0mqmrt+e5QW+DiFj0g8t3LZU zthnY7b2a8y7HRihUhog82DnhxEoREjHmgSX5ag5PXSX/y3uXOr+5EZo7YwMYcgxP0 4uhej75FZOZmZvkIQ9RlqGUYyd4ZHqIBUevRnAVWRY8/HT+SBOjFot9/3fGLtgo9ns XIpjqNP4XqYGMQbcWkQnlZIPeTKs9/m24EleFre4hHJzOZSwc/NucgR1TfTGxz1uUp dlmOaFL+AJAjEbMAG+ksedRfmGiizTXU8k53PY5rW0SD0dykqVzpvgj/hDTrWF1Pf2 MzxGRoC6baQCA==
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 1DB213C02AF; Thu, 28 Mar 2019 21:41:48 +0100 (CET)
Date: Thu, 28 Mar 2019 21:41:47 +0100 (CET)
From: Vittorio Bertola <>
To: Stephen Farrell <>
Cc: DoH WG <>
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_26604_751381821.1553805708032"
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.1-Rev9
X-Originating-Client: open-xchange-appsuite
Archived-At: <>
Subject: Re: [Doh] Mozilla's plans re: DoH
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Mar 2019 20:41:55 -0000

>     Il 28 marzo 2019 alle 12.29 Stephen Farrell < > ha scritto:
>     Hiya,
>     On 28/03/2019 08:44, Vittorio Bertola wrote:
>         > >         The problem is that, in DoH's "obfuscated traffic mode" (is that
> >         better than "dissident mode"?),
> > 
> >     >     Better, but still not good:-) I'm not sure we ought think about
>     different modes of operation at all tbh - that may be assuming
>     that we're dealing with a single dimension when we're not.
Well, this is a discussion that we need to have, and having it without clear terminology makes it confusing. We could name the different technical deployment models that have been mentioned (port 443 on dedicated IP addresses, new protocol-specific port, or port 443 on existing web servers) without attributing them directly to any use case (this is why I agree that "dissident mode" is a bad name). Once we have them, we could discuss whether different use cases would benefit from different models.

Same for the rest - I am happy to let you challenge my proposals, but first of all we should focus on an agreed statement of the issues.

>         > >         More generally, beware that if you build an Internet that is designed
> >         to work as if everyone on the planet were a dissident in an
> >         authoritarian country, it is not unlikely that you will then get an
> >         Internet regulatory and access environment that looks like the one of
> >         authoritarian countries, even in democratic ones.
> > 
> >     >     +1 to what Adam said.
Ok, but is this off topic or not? I replied to Adam privately, I am happy to do it in public as well.

Vittorio Bertola
Head of Policy & Innovation

Cell: 	+39 348 7015022
Direct Chat: 	vittorio.bertola

Twitter: @openexchange - Facebook: OpenXchange - Web:
Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne HRB 95366
Managing Board: Rafael Laguna de la Vera, Carsten Dirks, Michael Knapstein, Stephan Martin
Chairman of the Board: Richard Seibt

European Office:
Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718
Managing Director: Frank Hoberg

US Office:
Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA

Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.