Re: [Doh] DOH and Induced DNS
Mark Nottingham <mnot@mnot.net> Mon, 06 November 2017 23:50 UTC
Return-Path: <mnot@mnot.net>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F97A13F698 for <doh@ietfa.amsl.com>; Mon, 6 Nov 2017 15:50:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=BH96VWvx; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=mBKs+vMc
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kDUIc3MPTI5E for <doh@ietfa.amsl.com>; Mon, 6 Nov 2017 15:50:23 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA10813FB7E for <doh@ietf.org>; Mon, 6 Nov 2017 15:50:23 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 42F0D20830; Mon, 6 Nov 2017 18:50:23 -0500 (EST)
Received: from frontend2 ([10.202.2.161]) by compute3.internal (MEProxy); Mon, 06 Nov 2017 18:50:23 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=l0wJ49A8Kge8PNVd6X0jAO5K0JGVr K5oqLM4FBEc9dw=; b=BH96VWvxmN63RZD8qcW6eF3QGaNMzltMaO31vycSQZkwQ PihN1CqBF10MUOTo+8Gdy/7YLb3+boE0BYIT7Z5roP+nH9esu9tyL0BASS3Qvs0l dQrJO6zxqP3CrLn4/3T06zJPqXnfSDAsQSUvBhT0byNMrSRtFD9DeZZRrT/iJU3L 6q1ho1s/AkEAbx+XxPwTSUdbO/YdnnNfP9/pqTZLZ6qno7B5Vs+NB0OXFG7S97HM vJPQOQCnD7EZZ8tvfKTrAO1WGB6rbhGjZ6LRErqG+5r98tPcdQIQYf+euT1JgplI 8XtOJvE9TyHYjUmhdgMBKapo2Uc2RJq2+0dPAYjsA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=l0wJ49 A8Kge8PNVd6X0jAO5K0JGVrK5oqLM4FBEc9dw=; b=mBKs+vMcpjzxFrwD8O5MnP e6Wpr5WWc2+YaOUpssA5k3WcDxiFewrh2T4offVfvsucptDosTOWRVWAc5uraAXg F7/ZNTwA+DMBPA7aGmxRkJio0HdbA30LmILgh3V1FMYlMjixQgVKWKlgnduS/JAP 4Yflzjk/trZYZf/3Y5/rQ9qpYGH20hqYufIBZpEJunOaMMEhB6XZ+zbzduWdNmba 4GpWMWyiDU5yj0ahXKbwm6Bl4NTBdbe9lztkqUbFScrfG3IweJBksyNjhkr+Elyd GCeVtRaz6/PKV/MwSuIKaCtIZG47JZ7K5Dq3zs7p+AchsWW7gaOZ4xLzlc+ynzzw ==
X-ME-Sender: <xms:P_UAWjUF_TplfSRj-DHxVw8MeT-NgDtK4eFZaAa8vcEc0wREp4oFqw>
Received: from [192.168.1.18] (cpe-124-188-19-231.hdbq1.win.bigpond.net.au [124.188.19.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 22668242CF; Mon, 6 Nov 2017 18:50:21 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <d409ac29-e3a0-41d2-fb6e-9891c90edcdd@nostrum.com>
Date: Tue, 07 Nov 2017 10:50:18 +1100
Cc: dagon <dagon@sudo.sh>, doh@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <908CFC85-4F7C-46CF-A53D-6271740EFC4C@mnot.net>
References: <20171106170750.GA24665@sudo.sh> <C93D011F-68D3-4B21-BB37-4ABF10488372@mnot.net> <73c2dac6-b3bb-c9f7-4710-e1c3750b50f8@nostrum.com> <24074F51-B167-42A4-83F0-29FCB750ACEB@mnot.net> <d409ac29-e3a0-41d2-fb6e-9891c90edcdd@nostrum.com>
To: Adam Roach <adam@nostrum.com>
X-Mailer: Apple Mail (2.3445.1.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/B1iY7wpyLzF3MiqfW5IkqY1nPSI>
Subject: Re: [Doh] DOH and Induced DNS
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 23:50:29 -0000
> On 7 Nov 2017, at 10:47 am, Adam Roach <adam@nostrum.com> wrote: > > On 11/6/17 5:42 PM, Mark Nottingham wrote: >> >>> On 7 Nov 2017, at 10:39 am, Adam Roach <adam@nostrum.com> wrote: >>> >>> If the notion here is to prevent JS-initiated queries, I'll point out that this is explicitly prohibited by the working group charter: "While access to DNS-over-HTTPS servers from JavaScript running in a typical web browser is not the primary use case for this work, precluding the ability to do so would require additional preventative design. The working group will not engage in such preventative design." >> No, the intent is to allow a DOH server to distinguish between JS-initiated requests and "native" ones, making up its own mind what to do with that information. > > It seems that the information in the "Referrer" header field would already provide this ability, and with far better granularity than a simple "yes/no". It could -- or Origin. -- Mark Nottingham https://www.mnot.net/
- [Doh] DOH and Induced DNS dagon
- Re: [Doh] DOH and Induced DNS Adam Roach
- Re: [Doh] DOH and Induced DNS Mark Nottingham
- Re: [Doh] DOH and Induced DNS Adam Roach
- Re: [Doh] DOH and Induced DNS Mark Nottingham
- Re: [Doh] DOH and Induced DNS Adam Roach
- Re: [Doh] DOH and Induced DNS Mark Nottingham