Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator

Joe Abley <jabley@hopcount.ca> Fri, 22 March 2019 18:52 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5381213148D for <doh@ietfa.amsl.com>; Fri, 22 Mar 2019 11:52:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cx9Q68Uouu1Q for <doh@ietfa.amsl.com>; Fri, 22 Mar 2019 11:52:05 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DE8E131495 for <doh@ietf.org>; Fri, 22 Mar 2019 11:51:59 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id r25so2066639lfn.13 for <doh@ietf.org>; Fri, 22 Mar 2019 11:51:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:mime-version:references:in-reply-to:date:message-id:subject:to :cc; bh=ezst+uPNGxbTwfPuz0yHFz4Wn8Z/mWGAWteaGQLb56o=; b=QpJ7BMY/XurrfwKOKHbzFXFtSA8d6phSzaOAIVR3fDdmMuoDDAxJhxHYwZJ3Ehwqtt RjhsQ6mqn8VSodZnZvPFdzrz5NWyq1k/ZNJzfrBj6lycYSNB4is9YozJsnZaN2pz1DYf Ugy7dwUlsW80A7ZEoqSP0EwMQw1tL8wJckT68=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:references:in-reply-to:date :message-id:subject:to:cc; bh=ezst+uPNGxbTwfPuz0yHFz4Wn8Z/mWGAWteaGQLb56o=; b=bTnYjizMF5A1RNx1nPpDu9ZXzijDNIKvBN229rSdS9/ucIfhoCDRNEDBu4fUMcY22F Ifao+eltHAIRLB3JhYUGtWf1BZCLRVBY8s6ypL6JSwc/DKwkEyu3MwLQ1MtWUyQ/KIJF Rrzoy2ZInWvl/l0dxLJSr/lSHXbO1ZmEOrf7vDebSz6sB42KIN0ocnGhc7+1uDSPjrBm edYGUozvzR9Fh9OJMDgT+KAteh+fMEyuQRFLFGK4u20c9RRcoHAi6V4umGZuRk+hzTYl hYlLo001zkbkuT3gZtng/hqGI6om34IxAgp/fNzacywqIipPnZrInfuYfxZt3hpFInD4 MAWg==
X-Gm-Message-State: APjAAAWKyGpo9zVb4uGFqXk9CEffnVsOZWuQC2uCZLkvXNldHR69Ok9S +rceMzalD90m1bfEJXIxhu79W461DfBMDdsOUFbcpg==
X-Google-Smtp-Source: APXvYqyXUTdJt2SJcWq0ybOutMIxhf/2lCWD5mBGzTfN8vIpsfdUFQ7t/4ogX6u+y11hDNHJDgnPxAYGNyLlzmNhymw=
X-Received: by 2002:a19:8c1e:: with SMTP id o30mr5659987lfd.137.1553280717783; Fri, 22 Mar 2019 11:51:57 -0700 (PDT)
Received: from unknown named unknown by gmailapi.google.com with HTTPREST; Fri, 22 Mar 2019 11:51:56 -0700
From: Joe Abley <jabley@hopcount.ca>
Mime-Version: 1.0 (1.0)
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <3457266.o2ixm6i3xM@linux-9daj> <CA+9kkMDkKQtBDrXx9h8331_6zDtcChUTfqFe0W3JByxyB=4xLw@mail.gmail.com> <1914607.BasjITR8KA@linux-9daj> <CA+9kkMAYR19CCCLN00A5Oy_=9Z97FQogCz-vdC=M7Ffn47fTgQ@mail.gmail.com> <a38cf205-b10e-e8e2-62cf-8e0377dfc1ef@brokendns.net> <4599B066-BA82-4EA8-92C1-F1BE1464A790@puck.nether.net> <b8c58757-3945-ea19-b018-8e59292abf30@cs.tcd.ie> <CAH1iCirBm0NKA2-zw--ZKd3gN1ZCmwZ7_ZOSyaTk+2SMmrtxKg@mail.gmail.com> <EA89EA1A-A1EA-4887-9294-4F68AB5C3211@puck.nether.net> <91A0BBD0-CB73-498E-B4E0-57C7E5ABE0B4@hopcount.ca> <2145465817.5147.1553119548565@appsuite.open-xchange.com> <yblh8bv95l0.fsf@w7.hardakers.net> <04C556AF-D3B3-41A5-B119-8FE5F81FB9A7@huitema.net> <1878722055.8877.1553241201213@appsuite.open-xchange.com> <74AC9916-41B8-4E54-8649-B32B02845988@pch.net> <9ee04824-4cb5-8d6c-eb6c-546f01455eda@redbarn.org>
In-Reply-To: <9ee04824-4cb5-8d6c-eb6c-546f01455eda@redbarn.org>
Date: Fri, 22 Mar 2019 11:51:56 -0700
Message-ID: <CAJhMdTNA9v8_yKMJm5mGtuRngz7kYKEs8L9uDah2sT-tv5nkHQ@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: Bill Woodcock <woody@pch.net>, Wes Hardaker <wjhns1@hardakers.net>, dnsop <dnsop@ietf.org>, DoH WG <doh@ietf.org>, Christian Huitema <huitema@huitema.net>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006b98ec0584b359e4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/FfG6U4PwoTdD5o4u2NboPaF8ORY>
Subject: Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 18:52:07 -0000

On Mar 22, 2019, at 18:35, Paul Vixie <paul@redbarn.org> wrote:

all statements made to date by the india and united kingdom governments
have indicated that their plans to support in-country RDNS will not be
mandatory, just as canada's (operated by CIRA) is not mandatory.
Others here can speak more authoritatively than me, e.g. because they work
for CIRA and I don't, but as far as I know the recursive DNS service that
CIRA runs is a commercial product that they sell.

https://cira.ca/cybersecurity/firewall

While I am aware CIRA has taken steps to educate people about the privacy
implications of sending traffic across the border, and no doubt follow
their own advice in the way they build and operate their own
infrastructure, I don't believe this product is related to any kind of
government aspiration to constrain or encourage resolver traffic to stay
local.


Joe