Re: [Doh] [EXTERNAL] Re: [Ext] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh

"Winfield, Alister" <Alister.Winfield@sky.uk> Tue, 22 January 2019 12:15 UTC

Return-Path: <Alister.Winfield@sky.uk>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF2DB130F28 for <doh@ietfa.amsl.com>; Tue, 22 Jan 2019 04:15:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.553
X-Spam-Level:
X-Spam-Status: No, score=-6.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-4.553, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sky.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qz0gstEnY2kd for <doh@ietfa.amsl.com>; Tue, 22 Jan 2019 04:15:29 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150055.outbound.protection.outlook.com [40.107.15.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DEF2130F21 for <doh@ietf.org>; Tue, 22 Jan 2019 04:15:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PiT0H1OEgi/dBwmx2FtByUn9si+ckB5vyLphuClF4as=; b=fKNcySb3fpeYLe4AXfC7NNJkfBii5fQFh9+/SCGVYhnQVraY0zXeiNaFMwXIgiu/SiboHgfQI09Aag15XDRL3/DqNCxucXc0hckDWoBesg/EUcBdhSGRkEbQDh9DVi5+gqpb2ww55z+wnJCsjm4pcSkfwMKgbWf43jVr+j5CS7s=
Received: from DB6PR0601MB2184.eurprd06.prod.outlook.com (10.168.57.137) by DB6PR0601MB2151.eurprd06.prod.outlook.com (10.168.57.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1537.27; Tue, 22 Jan 2019 12:15:26 +0000
Received: from DB6PR0601MB2184.eurprd06.prod.outlook.com ([fe80::b5e6:9692:98b9:83]) by DB6PR0601MB2184.eurprd06.prod.outlook.com ([fe80::b5e6:9692:98b9:83%6]) with mapi id 15.20.1537.031; Tue, 22 Jan 2019 12:15:26 +0000
From: "Winfield, Alister" <Alister.Winfield@sky.uk>
To: John Dickinson <jad@sinodun.com>, Paul Hoffman <paul.hoffman@icann.org>, "doh@ietf.org" <doh@ietf.org>
Thread-Topic: [EXTERNAL] Re: [Doh] [Ext] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh
Thread-Index: AQHUretdwnoFIE+c3UubPsBPQiKgY6W7N8GAgAAEuAA=
Date: Tue, 22 Jan 2019 12:15:26 +0000
Message-ID: <E01E2A24-DEEB-47AF-9A4E-84C697AB596B@sky.uk>
References: <8999D6F3-600E-4F1A-903C-10F8CAA6E4F3@icann.org> <1547674141.291889.1636540384.54D5BB3E@webmail.messagingengine.com> <78C9AA8D-1599-46F1-91C7-356E58DD960A@icann.org> <FDE64B61-4CD2-4076-8075-909DB6AC1B49@sinodun.com>
In-Reply-To: <FDE64B61-4CD2-4076-8075-909DB6AC1B49@sinodun.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.15.0.190115
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alister.Winfield@sky.uk;
x-originating-ip: [90.216.150.239]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB6PR0601MB2151; 6:skBOamSmKKoKfLyEvAckA3BMEZRcjNTi5+0DXXcWh78pt4jgAThjpj62RGzZrAZ0iUZ5z0zOujldW9hl6qhwoZXufgya/EpmOSWkfw2JauT7iNDpBzm5dUAz/nxiz2CNHTc0K3LN4J2Ph8Lhe3tI9a9ghV9Wxd7QkL2UeHn0YoMPmGxITOPuePS/ZGphJN/JulC68YLIJIVWlDNDhwf7WVvxSLaLHnoKlVMTdXm4ffwuB3QCnkEFt/qMLmra1V1AAxGOqH6kDzgKh80ADA5aFL+y5ZlKXZly5cbCFmN5txbOd5USuVlxFMdi7F8xQ6UCFRM0SQTGadVfTy5ORac83fm0ACckQdLUiVHs1CSw7rvhvNSa/HaUgGqEv1XHR97qJvq1ouodKX+Ln19sr0q8n5wEEqAg/SCrf22pfwyumiJ8qMypNixrhzdu3vWEw3zleQwBJErF7J/+rFEf4bbuRg==; 5:MPiFoYgNJpI15dnaXjQ8pJU8RikZHl2+3pBkoVxpxH9MkdWWfMjFBTtvKqlg7t5Bo4YBoxTNUC0X4DQncMJEPF4Ciuf2Cm1q1ME/P2nPVrBdkKA+b4XRHPh8kgLo4gSqZbRJN5HUqQZn/nFFO2AIImB9Xt2F7jUDbF1VOr4VMPChCjgr+2fNYvZN0RyIVXEhwPH+2+GXkRvAOJldfZZfnA==; 7:Ves9UPq6v8kEbgv5w8PDoVAwHEq/xGolkOrNmjD3PLENJcPxAgdkgibn3T446bHz5ASUvVBl62M5VcwK+gaaHV5FA3gjBMxjdd6fju7thISYdxzsbI4BZyeFJVu9ln3k+RAI8aV0bSzwVoERUEKCwg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 92f99038-cfe0-40ad-c2cb-08d680634af7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600109)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:DB6PR0601MB2151;
x-ms-traffictypediagnostic: DB6PR0601MB2151:
x-microsoft-antispam-prvs: <DB6PR0601MB2151E79E87E4AC85ED018076E3980@DB6PR0601MB2151.eurprd06.prod.outlook.com>
x-forefront-prvs: 0925081676
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(39860400002)(366004)(346002)(396003)(199004)(189003)(25786009)(2501003)(6436002)(26005)(76176011)(82746002)(99286004)(14444005)(186003)(229853002)(71200400001)(486006)(6512007)(2616005)(476003)(102836004)(446003)(86362001)(256004)(5024004)(71190400001)(11346002)(6486002)(6306002)(83716004)(305945005)(7736002)(316002)(110136005)(105586002)(6116002)(8936002)(81166006)(81156014)(74482002)(53936002)(8676002)(6506007)(36756003)(33656002)(33896004)(68736007)(6246003)(3846002)(72206003)(14454004)(93886005)(97736004)(66066001)(106356001)(58126008)(478600001)(2906002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0601MB2151; H:DB6PR0601MB2184.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: sky.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: jUYkbP3g7tqgiYUNkZ4e6CwyU2YQ5Vhga/g+dA0e6njBodTtXHEmRInAAyZRDNeyVpXHWet4GLgEmNvOLtFixyYArYAQgr2Yt2ZXBxAFYYOwJVCpB21aRSXs6tmOgNnXYo+OOPJoo81OyeWYgChCqQiMTTPIlOQaoAJhWV7KB7I7ZggMMrKPSrNE2Q6CNWUpRua7RUdL3wRMn29KzyNtXyq3j8bmy8+wY7C7v3QNQaaTb2CFVwMw+RlbqxSMTDbKneOF12Vh9O6gFkSg2XfJKhhtI2aoYEG04fvGCnVGeRK2xlhado0+uCYfNa1eLOVHt7LFu4XILa2js+3ovetYb0B41Sl6F2ahcerUZ9xqZR7NHxXecpBuhvk/ooCcnaY9ZiqW/NWFd32ofNd3GurbrLS/ktPKesoKa1d4h82WobQ=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <406594460D17C84AA0894012FD727767@eurprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sky.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 92f99038-cfe0-40ad-c2cb-08d680634af7
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jan 2019 12:15:26.5790 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0601MB2151
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/A1U37EztEryvAngr16eLRcB6UQs>
Subject: Re: [Doh] [EXTERNAL] Re: [Ext] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jan 2019 12:15:32 -0000

    Section 2.1
       “the zone resolver-associated-doh.arpa is
       not actually delegated and never will be.”

       So it can never be DNSSEC signed unless you use a local trust anchor.


Instead of this how about putting the information in the reverse zone for the resolver. For example
If my resolver is a.b.c.d then you could put TXT records in the reverse..

d.c.b.a.in-addr.arpa. TXT doh:https://atrusted.example.com/resolve

This is delegated and could be DNSSEC signed.

--
Alister Winfield.

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD