Re: [Doh] panel discussion on DoH/DoC

Jim Reid <> Thu, 07 February 2019 13:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E469E126CC7 for <>; Thu, 7 Feb 2019 05:52:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nhHYfF1MmYJl for <>; Thu, 7 Feb 2019 05:51:58 -0800 (PST)
Received: from ( [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3495B124BE5 for <>; Thu, 7 Feb 2019 05:51:58 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 04E09242109D; Thu, 7 Feb 2019 13:51:55 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <>
In-Reply-To: <>
Date: Thu, 07 Feb 2019 13:51:54 +0000
Cc: Stephane Bortzmeyer <>,, bert hubert <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <>
To: Ted Lemon <>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <>
Subject: Re: [Doh] panel discussion on DoH/DoC
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 07 Feb 2019 13:52:01 -0000

> On 7 Feb 2019, at 13:08, Ted Lemon <> wrote:
> There isn’t a criticism in here from me—it seems clear that DoC is something that exists or doesn’t based on what browser vendors do, and if we really care about it, the knob we have to turn is not not having the specification, but rather being selective in what browsers we use, or in how they are configured.

Up to a point Ted. However we’d be missing *a lot* if the focus was just on those configuration and control hooks for web browsers. Suppose OS vendors use DoH/DoC instead of (the equivalent of) libresolv. Then there are all the web-based apps on our smartphones. Can I trust my bank to pick the right trusted DoH/DoC provider? Or will these just use whatever Apple and google decide are the trusted defaults for iOS and Android? For some definition of trust..,

These sorts of meta-issues need to be documented and I think this WG might be the best place to do that.