Re: [Doh] Mozilla's plans re: DoH
Petr Špaček <petr.spacek@nic.cz> Fri, 29 March 2019 11:05 UTC
Return-Path: <petr.spacek@nic.cz>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 3427E1203E1
for <doh@ietfa.amsl.com>; Fri, 29 Mar 2019 04:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.019
X-Spam-Level:
X-Spam-Status: No, score=-6.019 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, LOTS_OF_MONEY=0.001,
RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id JjohGHyXTM2Q for <doh@ietfa.amsl.com>;
Fri, 29 Mar 2019 04:05:05 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 5532D1203DB
for <doh@ietf.org>; Fri, 29 Mar 2019 04:05:05 -0700 (PDT)
Received: from pc-cznic19.fit.vutbr.cz (unknown
[IPv6:2001:67c:370:128:1d50:ab32:aa3f:f88c])
by mail.nic.cz (Postfix) with ESMTPSA id 1D5576055B;
Fri, 29 Mar 2019 12:05:03 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default;
t=1553857503; bh=ejUy8S1JWmTMYQFhHCKUiOf4FQ+siN5T0UksiOgUtLA=;
h=To:From:Date;
b=Lnj2GMbG5Ql3vqAMEDw4xkIhumBL8nswnVKSM0EZ/J6uxq0RXJVSU0oaNBhvRdp+4
DNoo8DrAu557GtP/ISmh1P54N5Al8WToIoehgDjDrdBQG47q5/ubxl+HvOO9nviHJa
dUXxVEw3ZR82l1iYH4eQbGDyhsUppBliZlj4QB0k=
To: Eric Rescorla <ekr@rtfm.com>, Tony Finch <dot@dotat.at>
Cc: DoH WG <doh@ietf.org>
References: <CABcZeBOk5bM+3G2Jd3Lu33Z08gc=AeoZ8UFHzN6AYk4f_hjZ8Q@mail.gmail.com>
<CABcZeBPUh6x=D+GfKg11+4bRouZdm1LcZvLm1jd4UUEJA832BQ@mail.gmail.com>
<alpine.DEB.2.20.1903271629430.13313@grey.csi.cam.ac.uk>
<CABcZeBOv0S8gHMYejhGkSncB4kX7KVFiYP3bHPLimdZ==epQQg@mail.gmail.com>
From: =?UTF-8?B?UGV0ciDFoHBhxI1law==?= <petr.spacek@nic.cz>
Openpgp: preference=signencrypt
Autocrypt: addr=petr.spacek@nic.cz; prefer-encrypt=mutual; keydata=
mQINBFhri/0BEADByTMkvpHcvPYwyhy0IDQ1B2+uU6AWP0QJQB3upM/YqxoJBeMQ5SxpO+W6
BsU0hTIF90AKIgiiDtMH1oNhHnzRXqePKORIgL3BbH5OxGcbqCYk1fIKk43DliCN1RcbTyRV
REnCRQGWMTUbRS/jQ3uyTAX4rT0NhPWhPy6TMLGEg6WJJz0IzhBEw3TitvAlq6XHbi5EZYwU
AHqIcuqr3sS+qkWqlIBlahu1hqhTcmYGz7ihjnWkOFi1rjRfLfudAtgFpUSmsixh2tifdy+C
d8OBQbtF2kM7V1X5dUzw/nUBXm1Qex2qohRmCspwqivu7nlDMrLoilmPaeoR5evr5hpIDdfP
cJAPTJk4n56q6MTHFJWkGa0yq13AJHLANNjQ/dF+W6Dhw9w2KBpuw0iGZQBBf5G9SQ1xJ+tU
9filaldsTAX1gMkVso//kGEbuRIJnJr7Z8foE/zofFyoAv21VWy2vpgQ3CnEWOZMSmYH7/gZ
qcM7nfkjk4zAijpjYA3qlXoWa44/nrkAGvt7sAMsxY1C2H7tr3h3/rwyfbBqQ9nMpNwYLXXa
Dil7uzyqlpKDjwWCzYd3sH7ATyT4htrd0BY5+IFimSfHyLwixhakH8E14YYyV9tzkrB7fiWd
g7+zDThLtZMvtrehtkjVDPT50xg8TMr68hd3GRWBUJHszMTnlQARAQABtCBQZXRyIFNwYWNl
ayA8cGV0ci5zcGFjZWtAbmljLmN6PokCVAQTAQgAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIe
AQIXgBYhBL4m67nL4FmzkQyjW86N1qGlCiHkBQJcEOXhBQkFp4LgAAoJEM6N1qGlCiHkxNwQ
ALFyQ7Rrghf0rM9GN2+kgP92Qvot21h8/Je3bRTvoLyhYUXcAMRmODZQ/0EsjExFc+pRwn+E
0GD2TpiorDnRMpJYEmHqenYGIrZ5TE0lHwwu0fi/X3evDY4j68OFlim5Q6+7pHOlZWaRsSm5
T6blSwIaNDFYtBhI0X1ZXTGqbXIUBFuGxolo/xEgUkeDy+6D4R8yT17CTHkuGYYrfUYnoBTr
j3xMVil/lNMievaklAL8kRNVl0It4M8VzHTyEdMq7pG0CJ0CfU8COizCsu4+zy8dsxMVE0Su
hju05LSsClZ9X1csxSK9HjKq+TG1Hx2qciFHRB1qC2mNIvWTm10Gkj4tLTWcJp3k2Wyv+1K2
sLFxreGOwbx0uR7XtIIBTiiZAiVsjBH0D39qG2ZLz+bJkQvlTDZQuXzsMS51wROvTVxPYcXX
p069hON2+/QqJasmpOHhOydGkB3uokA0crqvMOnK+EcueKQQspvdLGiFLefJPuM8VVyR9fFZ
YjnX2vfGZbE+MxY8wG4mDbhgxsUORAEtNUH/G0dvTv66fzKpl5q9GIZs7el+1IU31w7KivgS
7fsWcOsdzq4KzZzNBRJtEDoxX4b9lQ8P6ttMlPi7PnQ+iN0OUxKSnAnKQiqKMFRO1zH22vn7
iiF4JMO32//0HcpsyV8oEdjDkSJsFRnDfLW2uQINBFhri/0BEADFp4ZfxSoKTAad0IkFK9CV
oZ6XKywYLFNPPhzw++gbvHL2EX7QqhEsqbsWMYpH4jc/Kq55OYYU/lIcULuD0Y9oDR26XFQo
u0FeSNnzRGb607U8OFOPQ+ei92Mm1YPQ33GPj8GqbQpkAp35sfjJ64TH/EQY38RN33jsHRkh
wtWU/6yo+RZs7cFRuihuLl8FuoP0A5u/x+lNNeIBk8f27LVYrF81NSDDDYjnObCah+QLzGAw
GDtjWkBVawpoHWwq58OQSx5piwyOCnFJeFONRcTRgOz239rsEA5LeYfmOGcnNwG6CHoJ5ZdW
Jw5OV9BoA7UTHG95xVHV5QiEm6q6igI6wKV2RtFS7Roe0Wt8H7gC41JeqaKTUsGkz6uJraF8
mmKyS8E+mSh3djmqdJNHF1pJqKxAxPYA9Y0jPnYWeEH4fPeOR2YvBjztsye9nOv1AuKNu03d
uzocyU95DfP/lwNJr5SH918Vf1t7WcJj9dg6J9Jc5LOwg13Qr31TuZijrMdqM7LJKC/0tOkS
eXNoMlHJOIqbqm7N414I0HytbENf7AiyDxNA5TzJKkB0eBPLm2FMQCHLfasJHgbCrQut6nYw
3f3Gn3+PDzGEHI9sfQv/mYvO77oRSGw+3Hy1ToxIncIirAyRpa5KdPLklDpADvpfkXjuL6If
ZZ0OIWKLSRa/DQARAQABiQI8BBgBCAAmAhsMFiEEvibrucvgWbORDKNbzo3WoaUKIeQFAlwQ
5fcFCQWngvoACgkQzo3WoaUKIeTg+w/9Gyp5EcB4AoR3vKVxP0SAh1zBher3bh9uGaKTAWt0
+0v8fyZYGEPqZr//9rkodPnXbQnr9ogzjJmZpsPvGPyRZikWjYIwkfM2Vb4BCyr5wQ9++9KB
kob5zCQmUw2o7s/gISpFsCC5B0eYusArVDnrCyrroyaxbN6MpUb5lzVMEOCzYljtdrPRAXPL
FKRm3ijLV0RcYPzJJVOPV5EzUfCtGsGTXXRI9Y9O/7lFaJ+iWnwygo/Xoi0IgBHvOAj9Gp3Q
0BY+sI6Rgzm9dbddm8gYJ4+FjfZivI7fbdfSubTWvrtFmFdHovIPJYLvXK7hUG22ww4CneIF
D4oZSVy9xUoqJf0qQNruzEqTr7y7lbZIzxgPCSVmH0jpgJ1po6RLaJllNA+ZklOQ76fCMiaD
5yQuJluwD5w+acPWTbmZX6DijGHPZSjzeUkiMKctYSRqVUo6JmK0dgwwm3l1/Orb4D3YsLVP
QDa4ZrCfSldrGC3zkEJ8iCVSYQwlc0JfIxyn8C3LLxToPYeFv/bQTeDYBjaV7a0SQ/xKUdpg
RFzrGrxj7CM2WHcpxCLVK0agobuUO7YXoufHRM6y0rfMwT10baDjh+hLKMshxTqsP55lWvtM
SleSGjheVTiZChb3jK0rUPCC4Rg3gDTEQsptC3TgN48PtLpmhsNc4JPm64zlrreInZQ=
Organization: CZ.NIC
Message-ID: <f983e770-f3ad-86ab-0b99-a0b15165c9bb@nic.cz>
Date: Fri, 29 Mar 2019 12:05:36 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <CABcZeBOv0S8gHMYejhGkSncB4kX7KVFiYP3bHPLimdZ==epQQg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: cs
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/LmpXTaZBeqQLRC6C7CPz3-Z_bjA>
Subject: Re: [Doh] Mozilla's plans re: DoH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>,
<mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>,
<mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2019 11:05:20 -0000
On 27. 03. 19 17:56, Eric Rescorla wrote: > > > On Wed, Mar 27, 2019 at 9:32 AM Tony Finch <dot@dotat.at > <mailto:dot@dotat.at>> wrote: > > Eric Rescorla <ekr@rtfm.com <mailto:ekr@rtfm.com>> wrote: > > > > 4. At any time, the user will have the option to select a > > different resolver out of the list, specify their own resolver, or > > disable DoH entirely. > > Will Firefox inform its users whether the local resolver supports DoT or > DoH? > > > We don't currently expect to do so. As noted above, we don't think > secure transport to the local resolver is sufficient to ensure the > privacy and security guarantees we are trying to provide. > > > > > However, there are two more restricted cases in which we do think some > > network control of the resolver is reasonable. > > What about allowing Firefox users to access private / internal domain > names? > > > If a name doesn't resolve with DoH, we fall back to the system resolver. > This doesn't work properly when the same name is available on the public > DNS but pointing to a different location. As I alluded to in my email, > we're still working out how to deal with this split horizon scenario> > -Ekr IANAL, nevertheless I will say Beware of https://patents.google.com/patent/US20160197898A1 BTW This patent is very likely to soon become property of IBM as part of Red Hat acquisition. I'm not sure what is going to happen with Red Hat's patent promise. Petr Špaček @ CZ.NIC > > > Tony. > -- > f.anthony.n.finch <dot@dotat.at <mailto:dot@dotat.at>> > http://dotat.at/ > each generation is responsible for the fate of our planet > > > _______________________________________________ > Doh mailing list > Doh@ietf.org > https://www.ietf.org/mailman/listinfo/doh
- Re: [Doh] Mozilla's plans re: DoH Stephen Farrell
- Re: [Doh] Mozilla's plans re: DoH Brian Dickson
- Re: [Doh] Mozilla's plans re: DoH Stephen Farrell
- Re: [Doh] Mozilla's plans re: DoH N.Leymann
- Re: [Doh] Mozilla's plans re: DoH Adam Roach
- Re: [Doh] Mozilla's plans re: DoH Vittorio Bertola
- Re: [Doh] Mozilla's plans re: DoH Brian Dickson
- Re: [Doh] Mozilla's plans re: DoH Stephen Farrell
- Re: [Doh] Mozilla's plans re: DoH Ralf Weber
- [Doh] Mozilla's plans re: DoH Eric Rescorla
- Re: [Doh] Mozilla's plans re: DoH Eric Rescorla
- Re: [Doh] Mozilla's plans re: DoH Matthew Pounsett
- Re: [Doh] Mozilla's plans re: DoH Valentin Gosu
- Re: [Doh] Mozilla's plans re: DoH Kevin Borgolte
- Re: [Doh] Mozilla's plans re: DoH Neil Cook
- Re: [Doh] Mozilla's plans re: DoH Tony Finch
- Re: [Doh] Mozilla's plans re: DoH Eric Rescorla
- Re: [Doh] Mozilla's plans re: DoH Brian Dickson
- Re: [Doh] Mozilla's plans re: DoH Stephen Farrell
- Re: [Doh] Mozilla's plans re: DoH Joseph Lorenzo Hall
- Re: [Doh] Mozilla's plans re: DoH Brian Dickson
- Re: [Doh] Mozilla's plans re: DoH Tony Finch
- Re: [Doh] Mozilla's plans re: DoH Vittorio Bertola
- Re: [Doh] Mozilla's plans re: DoH Petr Špaček
- Re: [Doh] Mozilla's plans re: DoH Adam Roach
- Re: [Doh] Mozilla's plans re: DoH Livingood, Jason
- Re: [Doh] Mozilla's plans re: DoH Brian Dickson
- Re: [Doh] Mozilla's plans re: DoH Vladimír Čunát
- Re: [Doh] Mozilla's plans re: DoH Livingood, Jason
- Re: [Doh] Mozilla's plans re: DoH Adam Roach
- Re: [Doh] Mozilla's plans re: DoH Adam Roach
- Re: [Doh] Mozilla's plans re: DoH Adam Roach
- Re: [Doh] Mozilla's plans re: DoH Brian Dickson
- Re: [Doh] Mozilla's plans re: DoH Brian Dickson
- Re: [Doh] Mozilla's plans re: DoH Eric Rescorla
- Re: [Doh] Mozilla's plans re: DoH Petr Špaček
- Re: [Doh] Mozilla's plans re: DoH Eric Rescorla