Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator

Jared Mauch <> Fri, 22 March 2019 18:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BA43D1314CC; Fri, 22 Mar 2019 11:59:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id z_G2iJ9Bql4E; Fri, 22 Mar 2019 11:59:37 -0700 (PDT)
Received: from ( [IPv6:2001:418:3f4::5]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5C3B81314C7; Fri, 22 Mar 2019 11:59:37 -0700 (PDT)
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id EFFB9541209; Fri, 22 Mar 2019 14:59:34 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: Jared Mauch <>
X-Mailer: iPhone Mail (16D57)
In-Reply-To: <>
Date: Fri, 22 Mar 2019 19:59:29 +0100
Cc: Jacques Latour <>, Ted Hardie <>, DoH WG <>, Paul Vixie <>, dnsop <>, Ralf Weber <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <1914607.BasjITR8KA@linux-9daj> <> <1900056.F7IrilhNgi@linux-9daj> <> <> <> <>
To: Brian Dickson <>
Archived-At: <>
Subject: Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 22 Mar 2019 18:59:39 -0000

> On Mar 21, 2019, at 11:29 PM, Brian Dickson <> wrote:
> I realize, expressiveness adds complexity. However, it does avoid assumptions and overloading.
> The main criteria is agreement on client vs server (i.e. standardize this stuff), and possibly also add the network as another party involved (for upstream transit ISP vs local ISP), if they have differing policies for allowing offsite/third-party DoH or DoT.

So my thoughts on this real quick: one of the reasons many people are using centralized services like (for example) is its complex to run these servers properly. 

I’m worried about this additional complexity breaking the camels back, or deployment being relegated to those of us that may have overly complex home networks. 

The options and matrix add in complexity when a simple approach is likely desired or needed. 

The small networks that do not run their own servers won’t change. The medium where it’s on the bubble will further centralize. Is this what is needed in the community?

- Jared