Re: [Doh] panel discussion on DoH/DoC

"Ralf Weber" <dns@fl1ger.de> Thu, 07 February 2019 13:22 UTC

Return-Path: <dns@fl1ger.de>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF1AD1294D0 for <doh@ietfa.amsl.com>; Thu, 7 Feb 2019 05:22:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VFTtexCgbJBw for <doh@ietfa.amsl.com>; Thu, 7 Feb 2019 05:22:56 -0800 (PST)
Received: from smtp.guxx.net (smtp.guxx.net [IPv6:2a01:4f8:a0:322c::25:42]) by ietfa.amsl.com (Postfix) with ESMTP id B8C6812872C for <doh@ietf.org>; Thu, 7 Feb 2019 05:22:56 -0800 (PST)
Received: by nyx.guxx.net (Postfix, from userid 107) id B09485F40965; Thu, 7 Feb 2019 14:22:55 +0100 (CET)
Received: from [192.168.2.138] (p4FC21EFD.dip0.t-ipconnect.de [79.194.30.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by nyx.guxx.net (Postfix) with ESMTPSA id 291F45F401BB; Thu, 7 Feb 2019 14:22:55 +0100 (CET)
From: "Ralf Weber" <dns@fl1ger.de>
To: "Shane Kerr" <shane@time-travellers.org>
Cc: doh@ietf.org
Date: Thu, 07 Feb 2019 14:22:53 +0100
X-Mailer: MailMate (1.12.4r5594)
Message-ID: <36F04A63-E7BD-49EC-B908-CAB9A376C9B1@fl1ger.de>
In-Reply-To: <70dc8e21-4808-af5a-1d46-4154fc369954@time-travellers.org>
References: <20190207105106.GB1772@server.ds9a.nl> <C7C3BAF7-4BD4-4EE2-B3F2-1F8B49222980@fugue.com> <20190207130313.7g7hf4swaopnr75e@nic.fr> <FD7BFAFF-88B9-49BF-A652-3649ADCD53F9@fugue.com> <70dc8e21-4808-af5a-1d46-4154fc369954@time-travellers.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/LdTblGl_g3OtlwWh350QSkYFpzM>
Subject: Re: [Doh] panel discussion on DoH/DoC
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2019 13:22:59 -0000

Moin!

On 7 Feb 2019, at 14:16, Shane Kerr wrote:
> In theory one could send DoH queries to the server where you were 
> getting an HTML page from, for any names that need resolution on that 
> page. This would be a anti-DoC, indeed probably more decentralized 
> than DNS itself is today.
>
> If this model requires DNSSEC then it's not even that horrible, since 
> web server operators would not be able to spoof or hijack DNS names.
That model is horrible as it removes the possibility for DNS being a 
central control point and pretty much every enterprise applications out 
there (split horizon). Even with DNSSEC the results could be horrible as 
the CDN view from a server might be way different then from a client. 
Please don’t go there.

So long
-Ralf
—--
Ralf Weber