Re: [Doh] WG Review: DNS Over HTTPS (doh)

Adam Roach <> Sat, 16 September 2017 17:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1CCEA132A89; Sat, 16 Sep 2017 10:54:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8s-e47nrv0bk; Sat, 16 Sep 2017 10:54:10 -0700 (PDT)
Received: from ( [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 353FF1321D8; Sat, 16 Sep 2017 10:54:10 -0700 (PDT)
Received: from Orochi.local ( []) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id v8GHs613097553 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sat, 16 Sep 2017 12:54:06 -0500 (CDT) (envelope-from
X-Authentication-Warning: Host [] claimed to be Orochi.local
To: Ted Hardie <>, Mark Nottingham <>
Cc:, Paul Hoffman <>, IETF <>
References: <> <> <> <> <> <> <> <> <>
From: Adam Roach <>
Message-ID: <>
Date: Sat, 16 Sep 2017 12:54:00 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [Doh] WG Review: DNS Over HTTPS (doh)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Sep 2017 17:54:12 -0000

On 9/16/17 12:32, Ted Hardie wrote:
> To avoid that, they would have build udp wireformat parsers into the 
> downloadable javascript.

To be clear, in the scenario I outlined, that's exactly what I was 
intending to describe. It hadn't even occurred to me that one might form 
a model, based on that description, that involved routing the 
information through the local, OS-level stub resolver. Now that you've 
clarified that confusion, I agree: a system that did so would be 
terrifyingly difficult to secure. Let's not do that horrible thing.

And I hope my previous explanation was clear: this isn't the primary use 
case for this work; I used it in my example because it was a very easy 
way to explain the layering issue to anyone with a basic understanding 
of the web platform. I wouldn't over-rotate on it. (That said, I know 
that several people are watching this work precisely because they do 
want to perform these operations in JavaScript. The input draft does not 
preclude doing so, and I see no reason to artificially limit the 
mechanism in a way that prevents it.)