Re: [Doh] [EXTERNAL] Re: Captive portals (was Re: suggested slides for IETF 104 on draft-reid-doh-operator)

"Winfield, Alister" <> Fri, 15 March 2019 09:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1579F13120B for <>; Fri, 15 Mar 2019 02:09:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id a3NYBx_Jm-nT for <>; Fri, 15 Mar 2019 02:08:59 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fe1e::628]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EB7721310CD for <>; Fri, 15 Mar 2019 02:08:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BeBeSYnrR/0e6yulwfNm+eR0ORJODekzRXSuqm/GFDc=; b=V1cP4PyXsAr4oO0H5n9JDsUfNmOqVOdgn/WGEY8xfX37jyxMKzbcNT2UcNt4StRMqhROvdsw7lPqw7Xc54agKyd7j9p6qKqr9xw0MnAj07wr1kbcxFOF/vlHWYCt1OUp51lilsxBKKRVq/EYrI/C6UjGafo5NvXHl4Z+Solnwvs=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1709.14; Fri, 15 Mar 2019 09:08:55 +0000
Received: from ([fe80::ed97:fec5:56f0:586c]) by ([fe80::ed97:fec5:56f0:586c%7]) with mapi id 15.20.1709.011; Fri, 15 Mar 2019 09:08:55 +0000
From: "Winfield, Alister" <>
To: Daniel Stenberg <>
CC: DoH WG <>
Thread-Topic: [EXTERNAL] Re: [Doh] Captive portals (was Re: suggested slides for IETF 104 on draft-reid-doh-operator)
Thread-Index: AQHU2wJlkaNvcWjTr0qOlfUR8kO7NaYMV3kAgAAPaQA=
Date: Fri, 15 Mar 2019 09:08:55 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
authentication-results: spf=none (sender IP is );
x-originating-ip: [2a02:c7d:e20a:2d00:fdf8:995:b7f8:f9bf]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 254628e3-ff9d-4903-beef-08d6a925d9ed
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:AM4PR0601MB2129;
x-ms-traffictypediagnostic: AM4PR0601MB2129:
x-microsoft-antispam-prvs: <>
x-forefront-prvs: 09778E995A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(136003)(396003)(39860400002)(366004)(199004)(189003)(5024004)(8676002)(14444005)(256004)(81156014)(25786009)(186003)(81166006)(7736002)(71190400001)(71200400001)(14454004)(46003)(8936002)(83716004)(305945005)(4326008)(74482002)(5660300002)(2616005)(102836004)(6246003)(11346002)(99286004)(486006)(446003)(72206003)(76176011)(66574012)(6506007)(86362001)(478600001)(53936002)(476003)(6512007)(6436002)(6486002)(93886005)(58126008)(33656002)(2906002)(316002)(68736007)(106356001)(105586002)(36756003)(82746002)(97736004)(6116002)(6916009)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0601MB2129;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: npAta4mScJPU7YTSxlfBc1IjXdBx+bovqWGQ1x1CDXFy3bUFiFZBIJNCdKvcHh/n60MJeW62QTQ6X8raBaVpd4hC5qUjZQjlLNadP9wJXtHVGqk4qzLpnAu9AGo4IKYXf43HDvKTOAFbwVeACt72OKn6FrzpzTHiwJ86nj1bvgeYYQ55NqA+ZSDkC0fD8O7ZsE6qF2Kj2dFe4m5a/lraJjvQZlHn7ht/LNanATb8wR4tMcRn6gO9ifxK6go9k/Ml0lbOJwtYUNlUElzj5/oIsSpcdtB+tAi+DnIjI2ZQfGp+N2+TBatXmI14MLQdW9wi71A6160OjNmYrM3WjaLwvXaCJh4VXEjU/guxDsc2cAksCmOK+oyvX6/d1GeJbx14fRSuECDcIh+eKPOmCqONeV7SEg5tD68yJicdn4EtjdU=
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 254628e3-ff9d-4903-beef-08d6a925d9ed
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2019 09:08:55.3133 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0601MB2129
Archived-At: <>
Subject: Re: [Doh] [EXTERNAL] Re: Captive portals (was Re: suggested slides for IETF 104 on draft-reid-doh-operator)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 15 Mar 2019 09:09:01 -0000

    In those cases, some users have been known to fire up a *separate* browser to
    resolve the captive situation as then the DoH-using browser can come back to
    the living.

This is obviously a technical user. Somewhat north of, I guess, 70% of normal users would either give up or assume that their local service provider can sort out the problem. Any such support agent may well find it near impossible to help, which client, is that using DoH, is the OS using DoH, ... . From personal experience DNS can be one of the hardest things to diagnose when it is not working right, end-users just don't understand the concepts.

Always remember most users haven't a clue about DNS most wouldn't even know that DNS is a thing to know about. Whatever the default behaviour is it better just work for >99% of use-cases.

Alister Winfield

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD