IETF Logo Mail Archive

Re: [Doh] [Ext] Fallback to untrusted DOH servers

Patrick McManus <pmcmanus@mozilla.com> Sun, 15 April 2018 19:15 UTC

Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2867412704A for <doh@ietfa.amsl.com>; Sun, 15 Apr 2018 12:15:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KDecPCxN6jVG for <doh@ietfa.amsl.com>; Sun, 15 Apr 2018 12:15:15 -0700 (PDT)
Received: from linode64.ducksong.com (www.ducksong.com [192.155.95.102]) by ietfa.amsl.com (Postfix) with ESMTP id 4A2BB126CE8 for <doh@ietf.org>; Sun, 15 Apr 2018 12:15:15 -0700 (PDT)
Received: from mail-ot0-f171.google.com (mail-ot0-f171.google.com [74.125.82.171]) by linode64.ducksong.com (Postfix) with ESMTPSA id E4A5C3A024 for <doh@ietf.org>; Sun, 15 Apr 2018 15:15:09 -0400 (EDT)
Received: by mail-ot0-f171.google.com with SMTP id f47-v6so15119275oth.2 for <doh@ietf.org>; Sun, 15 Apr 2018 12:15:09 -0700 (PDT)
X-Gm-Message-State: ALQs6tCtq3X5iIFDjn40P2X+jVQuZFloGXoI9XkhR3RKR9MWj5Pzxjv2 kXlczbMmUMhCNIDWpum5QCntgPsIDhLNLrleQTA=
X-Google-Smtp-Source: AIpwx4/7G5oWBSeNMM/yFlBGdEoOmr+J//Xo9PDMjwGbKL+u0pnKZrvufRoVBlXlkRS83sxglnBWK9svW6/iFLG29GY=
X-Received: by 2002:a9d:2874:: with SMTP id h49-v6mr9289261otd.2.1523819709619; Sun, 15 Apr 2018 12:15:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.138.36 with HTTP; Sun, 15 Apr 2018 12:15:08 -0700 (PDT)
In-Reply-To: <765e9e5a-9b8c-fa1c-85b5-da824807e609@o2.pl>
References: <f17cbdf0-cd88-9fa9-c83d-26e2cf13b8c1@o2.pl> <21B4DD30-46B0-4E63-833E-FDE66EF28F95@icann.org> <765e9e5a-9b8c-fa1c-85b5-da824807e609@o2.pl>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Sun, 15 Apr 2018 15:15:08 -0400
X-Gmail-Original-Message-ID: <CAOdDvNrC6VGQtCYgLOoRvwCGn0kRJuchncFj4m5r_KZ-ig7=NA@mail.gmail.com>
Message-ID: <CAOdDvNrC6VGQtCYgLOoRvwCGn0kRJuchncFj4m5r_KZ-ig7=NA@mail.gmail.com>
To: Mateusz Jończyk <mat.jonczyk@o2.pl>
Cc: Paul Hoffman <paul.hoffman@icann.org>, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007e8ad90569e7ec48"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/6osj4ah5mDYSb5gU70Zuq5f4yvM>
Subject: Re: [Doh] [Ext] Fallback to untrusted DOH servers
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Apr 2018 19:15:18 -0000

The document says "must not trust simply because it was discovered".. "only
trust configured".. and explicitly does not go into configuration.

imo you're reading too much into the text. It's just trying to say an
endpoint isn't to be trusted just because it speaks DoH and you found it
(e.g. becuase www.example.com pushed you a DoH request and response). Note
that it doesn't say "must not use" it says "must not trust". Whether or not
you would use an untrusted server if you have no trusted options is not
something that's going to be in scope here.

On Sun, Apr 15, 2018 at 1:39 PM, Mateusz Jończyk <mat.jonczyk@o2.pl> wrote:

> W dniu 14.04.2018 o 22:54, Paul Hoffman pisze:
> > On Apr 14, 2018, at 9:36 AM, Mateusz Jończyk <mat.jonczyk@o2.pl> wrote:
> >>
> >> Hello,
> >> Current DOH draft specifies that:
> >>
> >>   A client MUST
> >>   NOT trust a DNS API server simply because it was discovered, or
> >>   because the client was told to trust the DNS API server by an
> >>   untrusted party.  Instead, a client MUST only trust DNS API server
> >>   that is configured as trustworthy.
> >>
> >> It may happen that either no trustworthy DOH server has been
> configured, or the
> >> configured DOH server is not working. In such cases a DOH client would
> usually
> >> revert to using an untrusted DNS server on port 53, possibly one that
> was
> >> discovered through unsecure DHCP. This DNS resolver would also be able
> to poison
> >> DNS caches then.
> >
> > The topic of how a user (well, really, an OS or browser) choose a DNS
> server to use is a worthy one to look at, but not in this document. If
> someone wants to start such a document, it needs to deal with trust in
> DHCP, DHCP MITMs, DNS-over-TLS, DNS-over-TLS policy, DOH, and DOH policy.
> (There are likely additional topics...)
>
> This draft specifies some limitations on DNS resolvers a client can use.
> Therefore - I would argue - it is fine to discuss whether these
> limitations are
> appropriate and not overbroad.
>
> >
> > --Paul Hoffman>
>
> Greetings,
> Mateusz Jończyk
>
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh
>
>

v2.23.0 | Report a Bug | By Email