Re: [Doh] panel discussion on DoH/DoC

Ted Lemon <> Thu, 07 February 2019 13:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CE683130934 for <>; Thu, 7 Feb 2019 05:09:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.042
X-Spam-Status: No, score=-2.042 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LWTBqlHO5ZAv for <>; Thu, 7 Feb 2019 05:09:01 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5BFCA12F1A6 for <>; Thu, 7 Feb 2019 05:09:01 -0800 (PST)
Received: by with SMTP id y16so6371792qki.7 for <>; Thu, 07 Feb 2019 05:09:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=07IphiE+9aC1UuQb1Gv6dtLb+mNwfA3s32qGZYc/whk=; b=vNkpoiQTUQqGJ++9PeyC8T0AovbZ8H/uJCz1ou6DElNo4mJf0fjvFKyZKPwUXw+Ibp 9Sz2r1UyDgswYNevmOf73hsG1hL8VYrgo1dJnuctKNW9mndpvI+Jy7e3PnQhf3ryk1sw ma7MGcX26NeYLtf6IeJpHfO36yQXXUh1MsgHli8HpkYP7/DdaaNnl7RguamMryI3qNDz F4PF2GJMFAHObEsTwA5EoOytXmh0DE1nzwpLtpoexfw7I0N6lfq+7mbKj/3wvGjWhe9v pAG2YlkKHM07mignEZaBV+1+2g9ZF9G0d0RwSy2BL1LoaQWqOelJm4KgRwi7O33GXqYu g/Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=07IphiE+9aC1UuQb1Gv6dtLb+mNwfA3s32qGZYc/whk=; b=t9yVmCERNaxcoM7DB4hSZWjqnYcMYit0FpIlvauKS5ZMBE/44QdptjuJ46z51uuKV/ ptOUdWghkh7XhVmEJErvyIG3hY50ZYjleVxwF9H6KGjdizZuIK8tpNmRDTvd0bj03Kdi KGrJVN7uxlUISXIKAwXZ4UHcgHsMQq4xlfLZSVzgVV5oLHdwF3cHMp4iI9VHRnsce/jX nxZLW351kvNNJiWzI/77iJQF9nOQIaO8CRtC9/yuQ4p5him4BRtcb8Y8fdyBQJJvwI5z 3DJdC+mi/dWXflHF0aHcFQ9bC9nAkDZhL/0MQnUr2ULVfF1PSsO5SCAumJRW9je3TWls VNmg==
X-Gm-Message-State: AHQUAuZ1UyJOzH7Yj+FmFVDRD+9i+7ieTaq9hcrC33vsIqBQaI4PaDkh zx+1CWsLkUnlbjMKqkSl2d6h2w==
X-Google-Smtp-Source: AHgI3IapUabNSNNpVae7JynfUMYcyoPvmTuYilRSBzBCCEjfKvvC1Gk6tWMIG8nZ50NZWm3fn8wNsg==
X-Received: by 2002:a37:6e86:: with SMTP id j128mr11828906qkc.46.1549544940480; Thu, 07 Feb 2019 05:09:00 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id b27sm13824177qkj.17.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Feb 2019 05:08:59 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Ted Lemon <>
In-Reply-To: <>
Date: Thu, 07 Feb 2019 08:08:58 -0500
Cc: bert hubert <>,
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <>
To: Stephane Bortzmeyer <>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <>
Subject: Re: [Doh] panel discussion on DoH/DoC
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 07 Feb 2019 13:09:08 -0000

On Feb 7, 2019, at 8:03 AM, Stephane Bortzmeyer <> wrote:
> The protocols are not innocent (they enable, they encourage, they
> discourage) but they are not everything either. The dominance of Gmail
> is not written in RFC 5321. DoH helps DoC ("helps", not "enables", DNS
> over HTTPS was possible before), it does not decide DoC.

Of course, but in fact it appears that one of the primary use cases for DoH is DoC.   I would have thought that the primary use case for DoH was to bypass network censorship, but when I suggested as much during the discussion on the draft, the response I got suggested that the authors really hadn’t had that in mind, and that indeed the use case they had had in mind was DNS resolution in HTTP sessions by Javascript clients.   Which is, pretty much, DoC, although not the use case that subsequently emerged, where browsers do it instead of using the local resolver.

There isn’t a criticism in here from me—it seems clear that DoC is something that exists or doesn’t based on what browser vendors do, and if we really care about it, the knob we have to turn is not not having the specification, but rather being selective in what browsers we use, or in how they are configured.