Re: [Doh] panel discussion on DoH/DoC

Ted Lemon <> Thu, 07 February 2019 13:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B51261294D0 for <>; Thu, 7 Feb 2019 05:23:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.041
X-Spam-Status: No, score=-2.041 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XNBPLKNCxlwE for <>; Thu, 7 Feb 2019 05:23:14 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2D02A130E0E for <>; Thu, 7 Feb 2019 05:23:14 -0800 (PST)
Received: by with SMTP id u188so6402259qkh.8 for <>; Thu, 07 Feb 2019 05:23:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=BCiTwH/iwz/dsFDE+4yH7D7M05Z0zmXD1w0Rngm/BPs=; b=rtRbX8J1JD4VL0vNhvPclX8Hrsy3J1G6slA6AE06MdThNlfuLT4TfnOpbPMpCzQMXV C7fzmpRAMLZqNmQiURd0Q+uJ+/8Vw5uWtmlDoVnSeVADMVGzOD1E2UXIC42CIhG8USt8 vIvvF6AlSiYzfr262qoVJQoMhXvBGZA6nULSxkIV4ILV/1hnVMotJrGOkAbrmrxF7tnY XwM0qRo9LEISEYllINbCk8p5ZJ42Re4GK5MgaVuVxx/ohemBWXatMJGhyEh8pDzuwT6i JMVp76LX1uqnvsLVw10WzS18WevfQpDLUAZdMoNGOOtwYJCz89iKNkiZbGqHcwuTGXnw lllg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=BCiTwH/iwz/dsFDE+4yH7D7M05Z0zmXD1w0Rngm/BPs=; b=DAn086Q+ea7o4yXGzxRleW4A7bxPX7Oqz4Z1Bx8SsVohL1f+/gLvP1RLuS+Goh0aRC VRPb4iXNQ386uF41u8EpiuCFo7bvlgo/mMfdcXqEbM2yX4a+Z92fbrbd01Ku2G62Ban8 h+rhuUDJHSV/4by3YItjN0OSnDSPbC3Voc5b3DTi+e1v8kS1DAZIjjM244g4nMBu7lMa RvuZZwNDw1LWxF4WRhrzyeXR7jddIzOBnbYiL0rvmBf2vmeDOeRGZgAg25oB19QLkf5B WrPFwfU39d+KhRCVLDK4Rtq0TUqxot5zHdng8WuXPUodKJ/jiUrE4yLcPwjzQBI2gYRQ 2t3Q==
X-Gm-Message-State: AHQUAuaQjS6LEaqckVwbJZVqbFH5iAaym4Fo8C0IfgOWPpA9zD5LO2S1 5auRHUFLrVDCUm+smxhN/S4zcqnQ3Sk=
X-Google-Smtp-Source: AHgI3IYaO5nG34YqLHhylAvuq6ROc9qAUptzrVdR7OdWqf2IDIUiw5/aUvRF+KjW4K/vUcgKA3r2Rw==
X-Received: by 2002:a37:8b41:: with SMTP id n62mr11485186qkd.262.1549545793222; Thu, 07 Feb 2019 05:23:13 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id e49sm22482058qta.0.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Feb 2019 05:23:12 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_3E66A327-F684-47C0-8972-6B1972C71B68"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Ted Lemon <>
X-Priority: 3
In-Reply-To: <>
Date: Thu, 07 Feb 2019 08:23:11 -0500
Message-Id: <>
References: <> <> <> <> <>
To: Vittorio Bertola <>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <>
Subject: Re: [Doh] panel discussion on DoH/DoC
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 07 Feb 2019 13:23:16 -0000

On Feb 7, 2019, at 8:17 AM, Vittorio Bertola <> wrote:
> Which of course depends on a) having a practical possibility of choice among many browsers having many different policies, and b) the browsers letting you configure your resolver freely.

Yes, it does.   UTSL?

> On Feb 7, 2019, at 8:16 AM, Shane Kerr <> wrote:

> In theory one could send DoH queries to the server where you were getting an HTML page from, for any names that need resolution on that page. This would be a anti-DoC, indeed probably more decentralized than DNS itself is today.
> If this model requires DNSSEC then it's not even that horrible, since web server operators would not be able to spoof or hijack DNS names.

Except that perhaps I want to block, I don’t know, name resolution for various ad bug sites?   And then if the browser has a secure way past my block, suddenly I’m seeing ads again.   Whether you believe that ads are immoral or not, the fact is that this wrests control away from the end user.