Re: [Doh] WG Review: DNS Over HTTPS (doh)

Eliot Lear <> Tue, 19 September 2017 05:35 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AC765134230; Mon, 18 Sep 2017 22:35:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id E4ujHB_Dx-SA; Mon, 18 Sep 2017 22:35:53 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B489F132EA7; Mon, 18 Sep 2017 22:35:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=5268; q=dns/txt; s=iport; t=1505799353; x=1507008953; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=zvWNnSJE3JOASHeOPYQ3hdR86WoHgyA5p/rnnNackrU=; b=cdOLg2Kg8deVF/2y+NV2vTTGnOyTXxkfKH0+Qx1DDOKyuMsoQclPzZiO Q9yjsZKtdmSZMpfINaqQPT0HrBmtyiKWlzIlho5YLKmk0mgbA6RpKHOlo kaK+zeFqr07R3oc/riag1bwzNPol/m3qUDdB8oGT2NnRlIyQ8mtJs/L87 c=;
X-Files: signature.asc : 481
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AFAgCwq8BZ/xbLJq1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBhD5uhByLFJBMK5BmhU2CBAcDhTsChQ8VAQIBAQEBAQEBayiFGQE?= =?us-ascii?q?FI1YQCwQBCQoqAgJXBgEMCAEBii+pZYInJ4sBAQEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBDg+DK4Vggn2ERQESAYMygmAFoQuEOoIhjXuLV4cilTeBOTUigQILMiEIHBW?= =?us-ascii?q?HZz6GX4IyAQEB?=
X-IronPort-AV: E=Sophos;i="5.42,416,1500940800"; d="asc'?scan'208,217";a="655749539"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Sep 2017 05:35:50 +0000
Received: from [] ( []) by (8.14.5/8.14.5) with ESMTP id v8J5ZnsX021897; Tue, 19 Sep 2017 05:35:50 GMT
To: Mark Nottingham <>, Ted Hardie <>
Cc:, Paul Hoffman <>, IETF <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
From: Eliot Lear <>
Message-ID: <>
Date: Tue, 19 Sep 2017 07:35:51 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="VjF1SXRHUk3oN1ToqbNWaqM9vecj3J6xX"
Archived-At: <>
Subject: Re: [Doh] WG Review: DNS Over HTTPS (doh)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Sep 2017 05:35:54 -0000

Hi Mark,

On 9/19/17 2:26 AM, Mark Nottingham wrote:
> The use case that I believe most have in mind is "as a user, I want to configure my [browser, OS] to use *this* DOH service for DNS resolution" -- where that configuration is manual; e.g., a configuration textbox or dropdown in the browser, or a file in /etc. It might be made more user-friendly; e.g., it could be automatic when the user goes into the ill-defined "private mode." 

Your first sentence should probably be recognizable in the charter (it's
not, and thus all the email).  That would at least allow for operations
that are congruent with existing methods so that split DNS and malware
protection functions can take place.  It also at least roughly matches
the security considerations text already in the draft.

As to the 2nd sentence, ain't nothing stopping that, but some text
should probably make it into the draft that *someone* is going to know
what queries you're making.  That's not a charter issue, of course.