Re: [Doh] [Ext] panel discussion on DoH/DoC

Eliot Lear <> Thu, 07 February 2019 17:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B0D94129508 for <>; Thu, 7 Feb 2019 09:00:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -12.6
X-Spam-Status: No, score=-12.6 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id U-OkylLmk_4U for <>; Thu, 7 Feb 2019 09:00:23 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 823D4129284 for <>; Thu, 7 Feb 2019 09:00:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=5131; q=dns/txt; s=iport; t=1549558821; x=1550768421; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=3VdBXMrYCm0jAD9wkr+jqDqKWYxIq1cnFYa8uC+6YVg=; b=RW0RgQdL0sX6no2V//ckVEJomP/FLwE8kBnngU7Fw0QocN330I83FHHx pZr4e3ta/SankzSrXITqSQvIDVLER4xgO2agZclib4qch/mV7QPa+hTNd +rkRYXBgU02fl3Gk35jo2hQ8pX82h8S4r1VotkftXUCUfC2oFfn8QpBJJ E=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.58,344,1544486400"; d="asc'?scan'208,217";a="9879799"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2019 17:00:19 +0000
Received: from [] ([]) by (8.15.2/8.15.2) with ESMTPS id x17H0I3d030098 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 7 Feb 2019 17:00:18 GMT
From: Eliot Lear <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_68649E47-3EE6-4408-8263-89E1CC4CA047"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Thu, 07 Feb 2019 18:00:16 +0100
In-Reply-To: <>
Cc: Paul Hoffman <>, DoH WG <>, Ted Lemon <>, Joseph Lorenzo Hall <>
To: Adam Roach <>
References: <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3445.102.3)
X-Outbound-SMTP-Client:, []
Archived-At: <>
Subject: Re: [Doh] [Ext] panel discussion on DoH/DoC
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 07 Feb 2019 17:00:26 -0000

Hi Adam,

> On 7 Feb 2019, at 17:49, Adam Roach <> wrote:
> On 2/7/19 10:04 AM, Eliot Lear wrote:
>> And so this brings up a key research question that would be useful to answer, and perhaps those at FF and Chromium could answer it:
>> Is there a suitable user interface that will keep users from harming themselves with DoH?
> If there were a pat answer to this question, we would have gone to release with DoH last summer. The user experience around activating and configuring DoH remains, as you suggest, a research topic. The standard here is informed consent.

Again, I haven’t been tracking this for quite some time, and so I didn’t want to presume that there wasn’t work done in this space.  Also, I’m quite certain you meant “meaningful consent” above.  Another question I wonder is whether there are times when DoH will be active and when it will not be active, again somewhat based on the enterprise use case, or whether it should either be enabled or disabled.  The issue is that if it can flip from one to the other, do you have to signal the user?  If you do, that becomes both real estate and signalling issues, the latter of which is subject to habituation.

Again, researchy stuff.  Which leads me to another question- if DoH has mostly finished in the IETF, maybe this becomes more of a topic for the IRTF?