Re: [Doh] [Ext] Re: Associating a DoH server with a resolver
Eric Rescorla <ekr@rtfm.com> Wed, 24 October 2018 18:17 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBEF6129619 for <doh@ietfa.amsl.com>; Wed, 24 Oct 2018 11:17:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.089
X-Spam-Level:
X-Spam-Status: No, score=0.089 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a9HXU1Pf46EV for <doh@ietfa.amsl.com>; Wed, 24 Oct 2018 11:16:59 -0700 (PDT)
Received: from mail-lf1-x142.google.com (mail-lf1-x142.google.com [IPv6:2a00:1450:4864:20::142]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0B32124C04 for <doh@ietf.org>; Wed, 24 Oct 2018 11:16:58 -0700 (PDT)
Received: by mail-lf1-x142.google.com with SMTP id w16-v6so2611397lfc.0 for <doh@ietf.org>; Wed, 24 Oct 2018 11:16:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=d2w1PZyEufUwv6Lsb2IlsclV+zRdHfqPBhy8jcWAeOc=; b=JyKJlEvejoV/Ko/05fQUB/I/TF4Hyt1lAXnnXoizbZlpAFvPAeXtbEgSbOTUSK7ZGN A1QO9/GA/JfGZiCzuBd/10b18BLUli91xyY/j/Hzpqm33t+U2W0/XZnc+ELNGfvZwL1+ WidJ1x8iGebtF/djT3fHO8alHwoo7Spaqk5FAr9e6yGxh+Vkvx0Yq1zfd5m9ReAftRwA EkoZQEt+rhLYSKItsab7sUfDAdHID63dA6RBwyjgbvROcb1lSJt4JSR8sNtx1nm7FkDY HnMHxp2X9yPIyL4N+3e3nD+7JOSTVighg5NT2EH1R84ly+nBgEsHmIK2qlA6vD0ErrVx i/xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d2w1PZyEufUwv6Lsb2IlsclV+zRdHfqPBhy8jcWAeOc=; b=G1qMFFpd+Ry7vtraghTDXQrcfIx621hpaetYK9RTH2MLn5FdVH4baMLWI7aJ23Lwlu qGgjupFBJ14BQalzBGhTQIj7oUWVePDKbXvM3nSvBcZ7Wjf7Rs6gPvCx7/lYQEaTkWs9 cQ/0Qn4vaz9gtx/NmA2RHFTZ7ArATTmZi/+zBCCSCRQqV8IpqWyroOPsgxQYNTRy7VAE SaTMKMqY8sWuzjF4p2rilLZQxch0YglXMzMkjVoYRT6IULiVIAp4LFNB0nQxOAfOGIOw +k3z00fWWFWuK6w6q7alcSspKpiJ7VIWSFhcwhCkR/q8N145uJlEvK+94Cz7KtCqBYDx tvkQ==
X-Gm-Message-State: ABuFfojrgStPy4op9C8AWbwbyEWlQpPK8NWUERhYW530Un9AFL4JsTtN ipuqckWbz6CsiNeXeY6T5MqfqSgOIGjFg0S2eKaCcrKp
X-Google-Smtp-Source: ACcGV60KSfrv3J9rvbXm7odVH+4cq82lfPi3Nyil+8uE4YNae8i+u030QD2mrA3LnD+51sxonQ7Sy4RyI8i7KZWr6Bw=
X-Received: by 2002:a19:5a05:: with SMTP id o5mr16403742lfb.140.1540405016740; Wed, 24 Oct 2018 11:16:56 -0700 (PDT)
MIME-Version: 1.0
References: <02C39DFD-9550-447D-B00E-702B441A88BE@icann.org> <CABkgnnV2YMtcdOyMfE2NMH4L1ZbK4dcp1KQt3FttCfz-nfQd6A@mail.gmail.com> <C82FBB08-8DAA-4C50-8934-576596C2532F@icann.org> <CABkgnnVgZBp7bqv9u9iBbZAojQqbYAGWG54Ta5JKq_ycvaux1g@mail.gmail.com> <CABcZeBNObxKQWkhD=jz8Z7CL7iVnEE-O_QF5DkADu=s1=ux_rQ@mail.gmail.com> <CF80F320-1E2F-4BB6-90F2-AE8426ACDC6A@icann.org>
In-Reply-To: <CF80F320-1E2F-4BB6-90F2-AE8426ACDC6A@icann.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 24 Oct 2018 11:16:19 -0700
Message-ID: <CABcZeBMX9z27a3_zZ7PqkAZK6f=n6vx8XWQGmJ4nAdR5f+tQjA@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d603ed0578fd7d20"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/N-VfG2Xr1S6uknQcSX9vqLSY9MQ>
Subject: Re: [Doh] [Ext] Re: Associating a DoH server with a resolver
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 18:17:01 -0000
On Wed, Oct 24, 2018 at 9:11 AM Paul Hoffman <paul.hoffman@icann.org> wrote: > On Oct 23, 2018, at 8:18 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > Several points here: > > 1. As a matter of aesthetics, I agree with Martin that domain names would > be better. > > > If we can get non-address records back, I would prefer to go all the way > to "here are the URI templates of the DoH servers". No need to cause > another round-trip. > > 2. Martin sent a link to a method for resolving TXT records on Windows. > MacOS has its own API: https://developer.apple.com/documentation/dnssd/1804747-dnsservicequeryrecord?language=objc > [developer.apple.com] > <https://urldefense.proofpoint.com/v2/url?u=https-3A__developer.apple.com_documentation_dnssd_1804747-2Ddnsservicequeryrecord-3Flanguage-3Dobjc&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=yvHk3BrvY-tKWGRmaFbQS1aHXNfQjC40fPfI5u1VsFs&m=iJ8qV6wySJ414-hN_AOIVx2XwwybAWbVxH5x8UIf4kQ&s=5WHmwl5icl3kObdG8_5f2rpWhKXSf4wIs0YR6IefeDA&e=> > . > So, this doesn't seem prohibitive to me. > > > I thought this only worked for DNSSD, not DNS. Does it work for both? Or > is there a similar-flavored Mac call for DNS? > I am reliably informed it works for ordinary DNS. 4. There are other uses cases for which it might be nice to have real domain names, in which case the IP address cert thing is a pain. For these reasons, I think a domain name in TXT or the like would be better. Do you see a use case for domain names other than "here's a way to get to a > well-known URI on the resolver"? If so, we could add that as well as "here > are the URI templates for the associated DoH server. > I think templates would be fine. -Ekr > --Paul Hoffman >
- [Doh] Associating a DoH server with a resolver Paul Hoffman
- Re: [Doh] Associating a DoH server with a resolver Hewitt, Rory
- Re: [Doh] Associating a DoH server with a resolver Ben Schwartz
- Re: [Doh] Associating a DoH server with a resolver Martin Thomson
- Re: [Doh] Associating a DoH server with a resolver Martin Thomson
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Associating a DoH server with a r… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Martin Thomson
- Re: [Doh] [Ext] Re: Associating a DoH server with… Eric Rescorla
- Re: [Doh] [Ext] Re: Associating a DoH server with… Adam Roach
- Re: [Doh] [Ext] Associating a DoH server with a r… Tony Finch
- Re: [Doh] [Ext] Re: Associating a DoH server with… Patrick McManus
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Adam Roach
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Eric Rescorla
- Re: [Doh] [Ext] Re: Associating a DoH server with… Paul Hoffman
- Re: [Doh] [Ext] Re: Associating a DoH server with… Christopher Wood
- Re: [Doh] [Ext] Associating a DoH server with a r… Jim Reid
- Re: [Doh] [Ext] Associating a DoH server with a r… Tony Finch
- Re: [Doh] [Ext] Associating a DoH server with a r… Paul Hoffman
- Re: [Doh] [Ext] Associating a DoH server with a r… Adam Roach
- Re: [Doh] [Ext] Re: Associating a DoH server with… Eliot Lear
- Re: [Doh] Associating a DoH server with a resolver Kenji Baheux
- Re: [Doh] Associating a DoH server with a resolver Todd Hubers
- Re: [Doh] Associating a DoH server with a resolver Ted Lemon
- Re: [Doh] [Ext] Re: Associating a DoH server with… Erik Nygren
- Re: [Doh] [Ext] Re: Associating a DoH server with… Ben Schwartz