Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertola-bcp-doh-clients

Brian Dickson <> Wed, 13 March 2019 21:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0DA311311B9; Wed, 13 Mar 2019 14:06:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QH8q9PY2V2Sc; Wed, 13 Mar 2019 14:06:37 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 09D471311B2; Wed, 13 Mar 2019 14:06:37 -0700 (PDT)
Received: by with SMTP id z25so3644560qti.13; Wed, 13 Mar 2019 14:06:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5llX2gMV8NK694d5GX27kbyv+7hGqVUAUXLfZ2NHy9M=; b=VAJUYpRSQqY8NG9nUBQg+cdxREBhWxykHWouhpbbGF7VWXBcIXpUPUhN3enZPyGbhQ wKM9Oddw2W6SayMrgsccFI9HLfl2sZWwmqLv3P0HUkAcY7cNlYvZY3oaKTN6jLFVMEUp vAf5KoGSB7Gx0m2mh6cqR3c8QJ1veWrMznuxdtnHI15vY4p6bnx05xHyZMy50WpVtgZL 6c0UKAI4kTBxFckT2nFHOlodOfVpOEHmkY/TWXIFVcSLtBXPhI6E79oZQppTBN1SzgYB gssbq1/uvhMQmZGo6/in6Qw5l9XJC6C31d34lkt4KpTOu2Bi/uWOmniQeOXz3GinSTuH 0PnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5llX2gMV8NK694d5GX27kbyv+7hGqVUAUXLfZ2NHy9M=; b=WyYYr1f8lvG1u5RiOHz5y4w25PLuvntQkhTGtr4g4cbJFUIkgGix+MyYFz3zgLA+FR ArPZpomHwoO9aPQ4Cm2N8i12TASonEycFo+uDQUzqS38ivQl4Omjj4WTUxnQtRrVtAwx fwN8KDG9OO3XYx5OO0vW08xBm5MK5WlRK0IHxwtUu7oHOP4Awz/u8rqqw5nVpXNo6Esx VyjVwKbMPhyFAm1b1J6l7oIrGbil/GJjmHSr4pMmLsV8e+kEikPDQQMLx6O959Diuv/a Wm1voplnaj2gSrBrwJnhTrZmCyzPLnGAN05mrfMszvohFtE2+KPPmX7RRTAdFn9LZuTl VSZw==
X-Gm-Message-State: APjAAAWPbbylPTXMquUGR2qPl9Vf8R4cWV7mtWBVTRfSQxS9hTTNvsvG +dpanYqY2aRLY4H3zE2kxcekoFmEegVCYV7Tlz4=
X-Google-Smtp-Source: APXvYqx3HWZd+fi///YqTPBYcIpAb/P6VpqWBe44Pf2ErEmaVX21n3M077HaPADIeg4DzNXaeF8DVQIfHuPjYOBlRkQ=
X-Received: by 2002:ac8:96c:: with SMTP id z41mr35679084qth.305.1552511196048; Wed, 13 Mar 2019 14:06:36 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <> <4935758.NkxX2Kjbm0@linux-9daj> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Brian Dickson <>
Date: Wed, 13 Mar 2019 14:06:13 -0700
Message-ID: <>
To: Stephen Farrell <>
Cc: Christian Huitema <>, "" <>, "Livingood, Jason" <>, "" <>
Content-Type: multipart/alternative; boundary="00000000000059b41b0584002e86"
Archived-At: <>
Subject: Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertola-bcp-doh-clients
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 13 Mar 2019 21:06:39 -0000

On Wed, Mar 13, 2019 at 1:43 PM Stephen Farrell <>

> (dropping dprive list at WG chair request)
> Hiya,
> On 13/03/2019 20:29, Brian Dickson wrote:
> > The starting place for the conversation needs to acknowledge this, and
> > accommodate it. It is entirely possible that a DoH client that doesn't
> do a
> > minimum level of getting user acknowledgement before violating policies,
> > laws, or contracts, might itself be illegal in some jurisdictions
> > (jurisdictions that could include some US states, some western countries,
> > some larger entities like EU, etc.).
> I almost agreed with you that people need to ack others'
> priorities. But the above means I can't agree with your
> mail as "might be illegal" is vastly overstated, there
> being no relevant difference between DoT and DoH clients
> in this respect.

You are correct, on the difference issue.

This is about the base requirements, even if they are not different between
DoH and DoT.
And I agree, both DoH and DoT would need to meet the same set of
requirements wrt to contracts, laws, informed users, and everything.

I don't believe I am overstating the issue, at least in some places.
E.g. I am not aware of any place where an end user can modify an EULA, sign
it, and have that legally binding. Doing DoH/DoT in any such environment
where the Ts & Cs prohibit their use, would at least be a contract
violation. Things like DMCA and its ilk might raise the software to the
level of "illegal" rather than just a contract violation by a user.

> Such overstatement doesn't help and merely
> makes it more likely that some of the reasonable points
> you make will just get lost in the noise (IMO anyway).
> The same goes for talk of "wars" btw.
> Yeah, that's not one term I have used, but I agree.