Re: [Doh] [Ext] A question of trust (was Re: Draft -09 and WGLC #2)
Paul Hoffman <paul.hoffman@icann.org> Wed, 30 May 2018 14:46 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCF4412D88A for <doh@ietfa.amsl.com>; Wed, 30 May 2018 07:46:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9M762XCMqHCq for <doh@ietfa.amsl.com>; Wed, 30 May 2018 07:46:23 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-2.pexch112.icann.org [64.78.40.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C57D12D86E for <doh@ietf.org>; Wed, 30 May 2018 07:46:23 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 30 May 2018 07:46:21 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1367.000; Wed, 30 May 2018 07:46:21 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Andrew Sullivan <ajs@anvilwalrusden.com>
CC: "doh@ietf.org" <doh@ietf.org>
Thread-Topic: [Ext] [Doh] A question of trust (was Re: Draft -09 and WGLC #2)
Thread-Index: AQHT+CT5Axi7M/HFtUWkwFRL5Ez03w==
Date: Wed, 30 May 2018 14:46:21 +0000
Message-ID: <197F1CB0-DFA5-4720-94E0-223D708B0D79@icann.org>
References: <382ba525100a4561b086fe8b8b6527be@ustx2ex-dag1mb3.msg.corp.akamai.com> <603D7553-D1A9-4DCC-9E74-199059C56A9F@sinodun.com> <1daad94d-99c1-803a-f52c-1dd17adefb7a@o2.pl> <CAOdDvNrpLwF5jpn1YA4-HXsfGxVkdds+xHVd6Bxy0Ux+3nrcrA@mail.gmail.com> <CA9BEE64-9F16-4CCC-A1E0-4C7FD45C455C@icann.org> <20180528161043.GB12038@mx4.yitter.info> <CABkgnnV3kKFCzKLfPf_0WZh95jr2vEt652Rb4EozfqROCVsJdA@mail.gmail.com> <CAOdDvNrPU9WM3WgcX1AVF39D3bGdxCKgPAF_afhfv2Qt0pZR5g@mail.gmail.com> <DB7D40D6-455A-48DD-AB98-DF2CF0866222@sinodun.com> <CAOdDvNopKvs18jQizgyiAQq8UyB4GwdqyXfXPa+25pNrxWg8pA@mail.gmail.com> <20180530143833.GB3110@mx4.yitter.info>
In-Reply-To: <20180530143833.GB3110@mx4.yitter.info>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <E0A417F9F72FBA478C23A31A1BBD306F@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/ExUJU-fnwmqXpVrxLrbhZi4JrFA>
Subject: Re: [Doh] [Ext] A question of trust (was Re: Draft -09 and WGLC #2)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2018 14:46:25 -0000
On May 30, 2018, at 7:38 AM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote: > > Hi, > > On Tue, May 29, 2018 at 09:22:54PM -0400, Patrick McManus wrote: >> I support only specifying direct configuration in this document but either >> way making it more explicit. >> >> >> I would describe [in]direct (or not) as one aspect of discovery, and the >> working group has chosen to stay away from discovery in this document. > > To people who are used to the model of, "I got my resolver from DHCP," > a thing you get from DHCP is not obviously "discovery". It's > (auto)configuration. It's not hard to see how a hotspot portal is > going to extend that metaphor using DOH, and it is still not clear to > me that this text is saying, "Don't do that," though I think it might > be. The new text from the pull request is hopefully clearer: A DNS API client MUST NOT use a different URI simply because it was discovered outside of the client's configuration, or because a server offers an unsolicited response that appears to be a valid answer to a DNS query. This specification does not extend DNS resolution privileges to URIs that are not recognized by the DNS API client as configured URIs. Such scenarios may create additional operational, tracking, and security hazards that require limitations for safe usage. A future specification may support this use case. That "future specification" might come out of DRIU, or from this WG. --Paul Hoffman
- [Doh] WGLC #2 Ben Schwartz
- Re: [Doh] WGLC #2 Hewitt, Rory
- [Doh] "Selection of DNS API Server": make it a co… Mateusz Jończyk
- Re: [Doh] WGLC #2 Sara Dickinson
- Re: [Doh] WGLC #2 Mateusz Jończyk
- Re: [Doh] WGLC #2 Mateusz Jończyk
- Re: [Doh] WGLC #2 Hewitt, Rory
- Re: [Doh] WGLC #2 Patrick McManus
- Re: [Doh] WGLC #2 Tom Pusateri
- Re: [Doh] WGLC #2 Patrick McManus
- Re: [Doh] WGLC #2 Patrick McManus
- Re: [Doh] WGLC #2 Tom Pusateri
- Re: [Doh] WGLC #2 Patrick McManus
- Re: [Doh] WGLC #2 Patrick McManus
- [Doh] Draft -09 and WGLC #2 Paul Hoffman
- Re: [Doh] Draft -09 and WGLC #2 Andrew Sullivan
- [Doh] A question of trust (was Re: Draft -09 and … Martin Thomson
- Re: [Doh] A question of trust (was Re: Draft -09 … Patrick McManus
- Re: [Doh] A question of trust (was Re: Draft -09 … Mark Nottingham
- Re: [Doh] A question of trust (was Re: Draft -09 … Martin Thomson
- Re: [Doh] Draft -09 and WGLC #2 Patrick McManus
- Re: [Doh] Draft -09 and WGLC #2 Andrew Sullivan
- Re: [Doh] A question of trust (was Re: Draft -09 … Sara Dickinson
- Re: [Doh] WGLC #2 Ben Schwartz
- Re: [Doh] A question of trust (was Re: Draft -09 … Mateusz Jończyk
- Re: [Doh] WGLC #2 Martin Thomson
- Re: [Doh] A question of trust (was Re: Draft -09 … Patrick McManus
- Re: [Doh] A question of trust (was Re: Draft -09 … Patrick McManus
- Re: [Doh] Draft -09 and WGLC #2 Patrick McManus
- Re: [Doh] A question of trust (was Re: Draft -09 … Andrew Sullivan
- Re: [Doh] [Ext] A question of trust (was Re: Draf… Paul Hoffman
- Re: [Doh] Draft -09 and WGLC #2 Andrew Sullivan
- Re: [Doh] A question of trust (was Re: Draft -09 … Patrick McManus
- Re: [Doh] A question of trust (was Re: Draft -09 … Mateusz Jończyk
- Re: [Doh] A question of trust (was Re: Draft -09 … Patrick McManus
- Re: [Doh] [Ext] A question of trust (was Re: Draf… Sara Dickinson
- Re: [Doh] [Ext] A question of trust (was Re: Draf… Paul Hoffman
- Re: [Doh] [Ext] A question of trust (was Re: Draf… Andrew Sullivan
- Re: [Doh] [Ext] A question of trust (was Re: Draf… Paul Hoffman
- Re: [Doh] [Ext] A question of trust (was Re: Draf… Mateusz Jończyk
- Re: [Doh] [Ext] A question of trust (was Re: Draf… Paul Hoffman
- Re: [Doh] [Ext] A question of trust (was Re: Draf… Mateusz Jończyk