Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator

Joe Abley <> Wed, 20 March 2019 11:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 24F4E130EF2 for <>; Wed, 20 Mar 2019 04:38:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6ncfAi8wxeWL for <>; Wed, 20 Mar 2019 04:38:19 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E617A12423B for <>; Wed, 20 Mar 2019 04:38:18 -0700 (PDT)
Received: by with SMTP id t5so2349351wri.7 for <>; Wed, 20 Mar 2019 04:38:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=nroxriPw49FcN0DkaybBkMS8nLs5CD+/YXuXi6CAwnU=; b=DQfZ5kojv2TlCeexOrnYjUKfMw3ErvME17EYJlTtZIsQrMYklGZLAAXBCkIS+pFzh2 D/uINPPQrY3NitdxWHpAFLSxTow5e0Q6fXduVSildBocOsgbmYiLrnTmiL6W1aPlUlCH JG4yTRlvg5hKavMtyrTutxXsYb4w9QIQwT8WQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=nroxriPw49FcN0DkaybBkMS8nLs5CD+/YXuXi6CAwnU=; b=Y9B1o3q7zKix7HD3Xw/iXAc+Ip4OJ3vSP4R3JmxmRQq1C9Qu4YS3LU+6aQ9eVcuW31 CdYhJTVZPCuYRK8KlIOFt48aa7nEmKg7mxEr4gNy0ojAsU5YQOpxkMtCuCVf7trwmPei M2CuJYyre7BVCk1B26K67EZrcCA6Xe/P5h1P1buX8lUsITFAO205XF6qyC4CT42aDwGp Ne1MwPmHRX0nKryUaPLemjM6NGLa42M6Cumvu4+mujC6jKYns+ZgGuiW2nC7gBnuNbIS oNi2qqqsVMpPXiWUCSr2/hIj8vc9bNgjMBej1juWJPZTGeuITapsEAZj6JOb88NfIA2q pfRw==
X-Gm-Message-State: APjAAAWRssiRLaJs1XWUBQjciUVffunntFSy7UpNCoQHHAVXv+3wWIoJ fg0VicSjSbrq04vUtx/t3MywBA==
X-Google-Smtp-Source: APXvYqxnDg6CWZc681MvMGChkwu6noTRxxU7fHOsdD57x3f0BMrYd+2fBWk/SyANzqdzn+mmr0Bw2Q==
X-Received: by 2002:a5d:4a8a:: with SMTP id o10mr21576206wrq.189.1553081897379; Wed, 20 Mar 2019 04:38:17 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id s4sm1552800wmc.34.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 20 Mar 2019 04:38:15 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Joe Abley <>
In-Reply-To: <>
Date: Wed, 20 Mar 2019 12:38:05 +0100
Cc: Brian Dickson <>, Ted Hardie <>, DoH WG <>, dnsop <>, paul vixie <>, Michael Sinatra <>, Stephen Farrell <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <3457266.o2ixm6i3xM@linux-9daj> <> <1914607.BasjITR8KA@linux-9daj> <> <> <> <> <> <>
To: Jared Mauch <>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <>
Subject: Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Mar 2019 11:38:21 -0000

[There is actually a proposal at the bottom of this e-mail. Bear with me.]

On 20 Mar 2019, at 11:09, Jared Mauch <> wrote:

> Often as an industry we may discuss various solutions that are great for oneself but don’t scale when looking at the big picture.

I think what we are seeing is the fundamental tension between privacy and control. You need to give up some privacy in order to make the control possible; you need to give up some control in order to afford privacy.

Some in this thread want certainty that they are able to exercise control, e.g. for devices in their network.

Some in this thread want certainty that they can obtain privacy, e.g. for for their device in any network.

When those people meet, the pitchforks come out. This is already true today; it's not a new DoH problem. I think the balance of the tensions has shifted with the prospect of a change in default behaviour, not because any of this is fundamentally new. The change in defaults tips the power balance (e.g. the balance of cost) between control and privacy. This is Paul's basic point, I think.

Some people seem to be getting worked up about whether the desire for control is more important than the desire for privacy. I don't think that question has an answer, but I think most reasonable people could acknowledge that both positions exist. This is Stephen's basic point, I think.

It's possible today to communicate over covert channels in order to avoid control. This is different from *all* communication happening over covert channels so that no control in the future is possible. That's not how things happen today; that would be a change, a new situation. This is your basic point, I think (that's how I read "scale" in your e-mail, above).

Seems to me that there's a middle ground within sight here.

Standardise this privacy mechanism, and specify (with reasoning) that it should be implemented such that the existence of the channel (but not the content) can be identified as distinct from other traffic by third parties. Maybe specify use of a different port number, as was done with DoT.

Those who choose to ignore that direction and create a covert channel using port 443 instead will do so. Nothing much we can do to stop that today (I guarantee it is already happening). The future is not really different.

Of course when people shift the focus of the conversation from DoH in general to resolverless DNS, and want to interleave DNS messages with HTML and cat GIFs over the same HTTPS bundles, the pitchforks will need to come out again. So keep them handy.