Re: [Doh] ISP position re. hardcoded DoH servers

JW λ John Woodworth <> Thu, 25 July 2019 22:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ED67C1201F1 for <>; Thu, 25 Jul 2019 15:19:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UGKCWDrXgFHP for <>; Thu, 25 Jul 2019 15:19:53 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9CC891201D1 for <>; Thu, 25 Jul 2019 15:19:53 -0700 (PDT)
Received: from ( []) by (8.14.4/8.14.4) with ESMTP id x6PMJokP030192 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <>; Thu, 25 Jul 2019 18:19:51 -0400
Message-Id: <>
Received: (qmail 20119 invoked by uid 0); 25 Jul 2019 22:19:50 -0000
Received: from unknown (HELO ? ( by 0 with ESMTPA; 25 Jul 2019 22:19:50 -0000
Date: Thu, 25 Jul 2019 18:19:46 -0400
In-Reply-To: <>
Importance: normal
From: JW λ John Woodworth <>
To: David Lamparter <>, Ted Lemon <>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=""
Archived-At: <>
Subject: Re: [Doh] ISP position re. hardcoded DoH servers
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Jul 2019 22:19:57 -0000

-------- Original message --------From: David Lamparter <> > Ok, let's get into a discussion about whether it's philosophical> or not...> But, first, just for completeness sake, it's been pointed out to me> that browser vendors tried to clarify that they're putting up a user> choice and there is FUD involved here.  I'm perfectly happy if> browsers offer the users the choice to use some DoH server.> That's informed consent.Agreed.I don't personally have an issue with implementing a new transport mechanism and for the most part the encryption.Actually, as a _user_ I love the encryption aspect of DoT and DoH.  My _personal_ preference would be a local service à la nsswitch to offer some consistency around my UX.However, as that same user, I don't want the proverbial rug pulled out from under me.  Applications that do the unexpected are generally considered buggy or malware (sometimes both?).  In other words -- when it comes to moving my cheese, ask, or for the love of everything sacred -- don't do.2¢,User John