Re: [Doh] WG Review: DNS Over HTTPS (doh)
Eliot Lear <lear@cisco.com> Tue, 19 September 2017 05:35 UTC
Return-Path: <lear@cisco.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC765134230; Mon, 18 Sep 2017 22:35:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E4ujHB_Dx-SA; Mon, 18 Sep 2017 22:35:53 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B489F132EA7; Mon, 18 Sep 2017 22:35:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5268; q=dns/txt; s=iport; t=1505799353; x=1507008953; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=zvWNnSJE3JOASHeOPYQ3hdR86WoHgyA5p/rnnNackrU=; b=cdOLg2Kg8deVF/2y+NV2vTTGnOyTXxkfKH0+Qx1DDOKyuMsoQclPzZiO Q9yjsZKtdmSZMpfINaqQPT0HrBmtyiKWlzIlho5YLKmk0mgbA6RpKHOlo kaK+zeFqr07R3oc/riag1bwzNPol/m3qUDdB8oGT2NnRlIyQ8mtJs/L87 c=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AFAgCwq8BZ/xbLJq1cGQEBAQEBAQEBAQEBBwEBAQEBhD5uhByLFJBMK5BmhU2CBAcDhTsChQ8VAQIBAQEBAQEBayiFGQEFI1YQCwQBCQoqAgJXBgEMCAEBii+pZYInJ4sBAQEBAQEBAQEBAQEBAQEBAQEBAQEBDg+DK4Vggn2ERQESAYMygmAFoQuEOoIhjXuLV4cilTeBOTUigQILMiEIHBWHZz6GX4IyAQEB
X-IronPort-AV: E=Sophos;i="5.42,416,1500940800"; d="asc'?scan'208,217";a="655749539"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Sep 2017 05:35:50 +0000
Received: from [10.61.83.137] (ams3-vpn-dhcp5002.cisco.com [10.61.83.137]) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id v8J5ZnsX021897; Tue, 19 Sep 2017 05:35:50 GMT
To: Mark Nottingham <mnot@mnot.net>, Ted Hardie <ted.ietf@gmail.com>
Cc: doh@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>, IETF <ietf@ietf.org>
References: <150549029332.2975.12341647131707994474.idtracker@ietfa.amsl.com> <CA+9kkMBJAP23GmGf_ix-DMeOMB=Rbas+qsBQhrVwZuA5-Cv7Mg@mail.gmail.com> <EB3D58DB-1F8D-4E32-AE71-841EBCDDC3CA@vpnc.org> <42309404-8991-5d1d-7834-59087f273d41@nostrum.com> <CA+9kkMDokEDbBiCR_TRQda2RBHxoHag6mQL57Uzn7ALqakm1Og@mail.gmail.com> <e4a02fff-6803-28c7-c01d-f27a1b282d50@nostrum.com> <CA+9kkMCPRfjazW7Kk7GGnu1a0f2QNvgERV-5SGXWzp2HRmPJ=A@mail.gmail.com> <0EA5CC8C-D4B0-47F4-A8CF-950BDB1A1D55@mnot.net> <CA+9kkMDRdje0LTjAXLJkU6MeEP9tgJOmTjEP3jbtogyFtYYAwA@mail.gmail.com> <32479A66-5D72-48CF-8C33-2D131AEB2B5B@mnot.net> <CA+9kkMCHPO_VO8sO2YUFLHCw8fTKFwoB4-Jy3V22ODHjtVs5YA@mail.gmail.com> <89896E61-3275-4214-BEC5-59D40B6DDA4A@mnot.net>
From: Eliot Lear <lear@cisco.com>
Message-ID: <29e7cf85-375d-2d62-18a6-7c8fc99e3336@cisco.com>
Date: Tue, 19 Sep 2017 07:35:51 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <89896E61-3275-4214-BEC5-59D40B6DDA4A@mnot.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="VjF1SXRHUk3oN1ToqbNWaqM9vecj3J6xX"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/I6KMjpkUiMT8iwEkxTA8PuiLL5M>
Subject: Re: [Doh] WG Review: DNS Over HTTPS (doh)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Sep 2017 05:35:54 -0000
Hi Mark, On 9/19/17 2:26 AM, Mark Nottingham wrote: > The use case that I believe most have in mind is "as a user, I want to configure my [browser, OS] to use *this* DOH service for DNS resolution" -- where that configuration is manual; e.g., a configuration textbox or dropdown in the browser, or a file in /etc. It might be made more user-friendly; e.g., it could be automatic when the user goes into the ill-defined "private mode." Your first sentence should probably be recognizable in the charter (it's not, and thus all the email). That would at least allow for operations that are congruent with existing methods so that split DNS and malware protection functions can take place. It also at least roughly matches the security considerations text already in the draft. As to the 2nd sentence, ain't nothing stopping that, but some text should probably make it into the draft that *someone* is going to know what queries you're making. That's not a charter issue, of course. Eliot
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Cullen Jennings
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- [Doh] WG Review: DNS Over HTTPS (doh) The IESG
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Spencer Dawkins at IETF
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Patrick McManus
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Tim Wicinski
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] [Ext] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] [Ext] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] [Ext] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ask Bjørn Hansen
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ask Bjørn Hansen
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Magnus Westerlund
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Toerless Eckert
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Toerless Eckert
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Toerless Eckert
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Tony Finch
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Patrick McManus
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Warren Kumari
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Warren Kumari
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Martin Thomson
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Martin Thomson
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Patrick McManus