Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator

Vittorio Bertola <> Fri, 22 March 2019 07:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D84C4130EC0; Fri, 22 Mar 2019 00:53:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yXDGpJ8lv2Fg; Fri, 22 Mar 2019 00:53:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AB9DE130EBF; Fri, 22 Mar 2019 00:53:23 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 507A56A31A; Fri, 22 Mar 2019 08:53:21 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=201705; t=1553241201; bh=BdbWdzpFsSxLv0hag4+1eqFybJyNuT/B12tdDJimlys=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=f+OD/v2HO9CHRE9LtpR9VwvkCPLHufhQZWDz9oiWyrHAwzoKMHz4Y/3jVoRq4vMMm QuhOgFzT4oUgonhVtupY+kxnfnY8KiACPtqoA1EYklGFcwSrmmnLXxFP7KYd10uiHY 2qEJAnx8x2Z8l0Qb+Ga+LGzzFOpXx2dXm45ykB5sypkR1jU9g7XI0o8b5i8KyVImXK k/Din/Ivlb6/vBhr6uow6uVm1MWTLQMJbSER0y3fKuvGFGP7Vbj6/aQ+J8QS68oZe3 73yB2lq7AzJJvt5UTvm1bqCLv1e9Wvn0EW0OnzvOIMvIjhemhNDSstgmX4KjDJFxkz 5e+pTpQoChWmw==
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 43DA73C0019; Fri, 22 Mar 2019 08:53:21 +0100 (CET)
Date: Fri, 22 Mar 2019 08:53:20 +0100
From: Vittorio Bertola <>
To: Christian Huitema <>, Wes Hardaker <>
Cc: DoH WG <>, dnsop <>
Message-ID: <>
In-Reply-To: <>
References: <> <3457266.o2ixm6i3xM@linux-9daj> <> <1914607.BasjITR8KA@linux-9daj> <> <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.1-Rev9
X-Originating-Client: open-xchange-appsuite
Archived-At: <>
Subject: Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 22 Mar 2019 07:53:26 -0000

> Il 22 marzo 2019 alle 4.40 Christian Huitema <> ha scritto:
> Much of the debate is on the second point. One position is that users should be forced to trust the DNS resolver provided by the local infrastructure. Another position is that users have the right to apply their own policy and decide which server they will trust, based on some configuration.

I think this is a mischaracterization of the debate, which actually started because of a third position that you don't mention: Mozilla's public statement that in the future they will force (or, at least, make as a default - clarification requests haven't solved the doubt yet) Firefox users to use a remote resolver chosen within a shortlist that they will manage.

There are some people advocating that in some cases people should have to use the local resolver so that the local network can monitor them and apply policies, but that's always been limited to private / corporate / high security networks. I don't think anyone has ever proposed that all users be always required to use a local resolver, full stop; though, if DoH deployment continues this way, I do see some governments - even in Europe - trying to go in that direction, either by mandating the use of in-country resolvers or by passing GDPR-style legislation that requires any global operator to apply national DNS policies when serving their citizen, or be fined for 4% of their revenues.

In the end, I think that everyone should agree on the principle of user choice (which is actually the first recommendation in my draft). There will then be some discussion on whether the local resolver should continue being the silent default or not; though I note that the opposite policy, i.e. letting each application pick its own default resolver, creates a fragmented mess of a network and makes it much harder for the user to implement any practical choice. But anything different than "users are fully in charge as far as they want" is IMHO dangerous and unmanageable.


Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
Office @ Via Treviso 12, 10144 Torino, Italy