Re: [Doh] panel discussion on DoH/DoC

Joseph Lorenzo Hall <> Thu, 07 February 2019 15:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C1662124C04 for <>; Thu, 7 Feb 2019 07:33:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.099
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KPEazz_0pTXQ for <>; Thu, 7 Feb 2019 07:33:14 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D974E126D00 for <>; Thu, 7 Feb 2019 07:33:13 -0800 (PST)
Received: by with SMTP id u16so394689otk.8 for <>; Thu, 07 Feb 2019 07:33:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fZ8esZE3MyYm6XdqXnqYIL5VoxScYMZb2GVuF+6Kpd8=; b=J2ptf1Hc8xl0T32WVEVtFXcZaE5TZzX9i5XTz/xCyrAxV0Di9UaVdDDBcuM7F//nr0 oAxg35uv7vh0krtu0naOlYMDL+SnqDSMh0SdFI6A6S8Oqwqj+e1WmHbbwI2T/FRepWwA prbMf/KF3buFwOrXDfIEhk4Eu4ukxYJ9UPHLw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fZ8esZE3MyYm6XdqXnqYIL5VoxScYMZb2GVuF+6Kpd8=; b=B+gFKJLOc5HDxzE2lHiY3epqhxG7qy9BhyMwCze8UvO99QTVTdZODifqgbynf7mTZ7 eMfhABIoNYtpUr3K9cq4La00QRLLaA/128uNsXqOTIP8Jc/k/bS1xffPbdKw8FFfcKzs qfym325Q6PiuZxRKeS5SueyZNT979rRgRHDrDQEKTxlGIG8RrV2/q3vVms2twcyD4rvN PKqXb28qdjnhhbFzVLkRMteWiWFmKHjuGSzI+EjBa9dgbXlg/vBRvjflkvvr6OZEMFDD n/qdC862MbiQL3Md3OfVpPw04bUsI+fXM7+3E2IOGmDCKUALA7FjhDaYPGn8yj34hjCW V5Dw==
X-Gm-Message-State: AHQUAubHhiXTehnm2xXn5dvoXaOmxm+glZ+qb+cYm1IkiMiQkiXXN0hf PmN8A80PjYkNWcaCquAHe8ioTe/lg3GWpSvezxZoqQ==
X-Google-Smtp-Source: AHgI3IYHakjnPUWeuJFxGN7jlLE51AVyBKIjyczPP7fFS3p1LbtJE64zPmEE7Jc294SkCGACYReELp6vXIHUKE6g08s=
X-Received: by 2002:aca:b882:: with SMTP id i124mr598937oif.127.1549553592838; Thu, 07 Feb 2019 07:33:12 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Joseph Lorenzo Hall <>
Date: Thu, 07 Feb 2019 10:33:01 -0500
Message-ID: <>
To: Jim Reid <>
Cc: Vittorio Bertola <>,, Ted Lemon <>
Content-Type: multipart/alternative; boundary="00000000000076444605814f8ff3"
Archived-At: <>
Subject: Re: [Doh] panel discussion on DoH/DoC
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 07 Feb 2019 15:33:16 -0000

Heya, I tried to think of a few good questions to the FOSDEM DNS privacy
panel [1] and included the following (forgive what may be a naive


3\. Software like browsers seem to want to have a list of DOH providers
that they can shuffle queries across in order to minimize the raw quantity
of queries any given DOH service sees from a given user. Right now the big
DOH services all have very very different privacy policies and terms of
service making such a list impossible as you'd be comparing apples to
oranges (e.g., one second you are talking to CF's which a very
strong privacy policy and the next minute you are talking to Google's which has a much less strong privacy policy). How should
application developers decide which kind of DOH service to build into their
offerings? (My own organization, CDT, is going to start an effort in a few
months to try and bring DOH providers together to set some baseline "rules
of the road" for these kinds of services and we'd love to work with others
thinking about the "wild west" of DOH.)


I'm about to go on leave for a bit (18-Feb up to Prague) but would love to
help think through what might make sense here. We did a project last year
with VPN providers where we sought to clarify some "rules of the road", so
to speak, and ended up basically with a standard questionnaire that
providers answered ( , ).

best, Joe


On Thu, Feb 7, 2019 at 9:28 AM Jim Reid <> wrote:

> > On 7 Feb 2019, at 14:20, Vittorio Bertola <
>> wrote:
> >
> > but this looks more like a job for DPRIVE, which has the word "policy"
> in its charter and "Document Best Current Practices for operating DNS
> Privacy services"
> OTOH DoH didn’t exist when DPRIVE was created and what was meant then by
> DNS privacy is not quite the same as is meant today.
> I think DoH is the better choice. Though there’s enough ambiguity/overlap
> between the WGs that the ADs might need to decide this.
> _______________________________________________
> Doh mailing list

Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology []
1401 K ST NW STE 200, Washington DC 20005-3497
e:, p: 202.407.8825, pgp:
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

Don't miss out! CDT's Tech Prom is April 10, 2019, at The
Anthem. Please join us: