Re: [Doh] [Ext] IP address certificates
Paul Hoffman <paul.hoffman@icann.org> Sun, 17 March 2019 20:51 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 929621311E2
for <doh@ietfa.amsl.com>; Sun, 17 Mar 2019 13:51:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Z-4d-2racLR3 for <doh@ietfa.amsl.com>;
Sun, 17 Mar 2019 13:51:15 -0700 (PDT)
Received: from out.west.pexch112.icann.org (out.west.pexch112.icann.org
[64.78.40.7])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C2CF91311E7
for <doh@ietf.org>; Sun, 17 Mar 2019 13:51:14 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by
PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server
(TLS) id 15.0.1367.3; Sun, 17 Mar 2019 13:51:12 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by
PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id
15.00.1367.000; Sun, 17 Mar 2019 13:51:12 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Martin Thomson <mt@lowentropy.net>
CC: "doh@ietf.org" <doh@ietf.org>
Thread-Topic: [Ext] [Doh] IP address certificates
Thread-Index: AQHU3QMnMWf8Y1GqUkO+1z5iZ9C9zA==
Date: Sun, 17 Mar 2019 20:51:12 +0000
Message-ID: <A4091E6C-6521-4CBF-A6BD-3CAB7E3B51E1@icann.org>
References: <CAHbrMsCNyeabhk0sVexOHVedVkgG2dvV9T8wWL++om5juAUvEw@mail.gmail.com>
<ED16E0D8-BBCB-4316-A116-BA8513F523A3@sky.uk>
<F680895B-2BCA-48D9-8C28-C34E93BF73A3@icann.org>
<2cbff385-7e78-452d-b82d-08acf56ab4df@www.fastmail.com>
In-Reply-To: <2cbff385-7e78-452d-b82d-08acf56ab4df@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4692D0667D58AC4A9B55CAFCFB7E5638@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/7JDr7P2StME-ly1ND6k0pZWTnZQ>
Subject: Re: [Doh] [Ext] IP address certificates
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>,
<mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>,
<mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Mar 2019 20:51:18 -0000
On Mar 17, 2019, at 1:45 PM, Martin Thomson <mt@lowentropy.net> wrote: > > On Sat, Mar 16, 2019, at 03:22, Paul Hoffman wrote: >> Can you say why they are bad? They are not common, but they are >> certainly available and have proven useful in some environments for a >> long time. > > Didn't we already discuss this? Yes, but I was asking the person who brought it up for clarity. > Sure they can be issued and relied upon, which makes them useful in some environments. They also tend to be useless in more situations than not. Do you feel that they are useful or useless for the protocol in draft-ietf-doh-resolver-associated-doh that lets a resolver advertise its related servers? --Paul Hoffman
- [Doh] Reviewing Resolver-Associated DOH Ben Schwartz
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Winfield, Alister
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Winfield, Alister
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Loganaden Velvindron
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Winfield, Alister
- [Doh] IP address certificates Paul Hoffman
- [Doh] Use of TXT records Paul Hoffman
- Re: [Doh] Use of TXT records Ben Schwartz
- Re: [Doh] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] Use of TXT records Hewitt, Rory
- Re: [Doh] Use of TXT records Ben Schwartz
- Re: [Doh] Use of TXT records Hewitt, Rory
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Adam Roach
- Re: [Doh] Use of TXT records Eliot Lear
- Re: [Doh] [Ext] Use of TXT records Paul Hoffman
- Re: [Doh] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Paul Hoffman
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] IP address certificates Martin Thomson
- Re: [Doh] [Ext] IP address certificates Paul Hoffman
- [Doh] Talking to my resolver Martin Thomson
- Re: [Doh] [Ext] IP address certificates Martin Thomson
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Martin J. Dürst
- Re: [Doh] Talking to my resolver nusenu
- Re: [Doh] Talking to my resolver Martin Thomson
- Re: [Doh] Talking to my resolver Ben Schwartz
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] Talking to my resolver nusenu
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Mark Nottingham
- Re: [Doh] Talking to my resolver Ben Schwartz
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Adam Roach
- Re: [Doh] security goals nusenu
- Re: [Doh] [Ext] security goals Paul Hoffman
- [Doh] DoH discovery security goals nusenu