Re: [Doh] WGLC #2

Tom Pusateri <pusateri@bangj.com> Wed, 23 May 2018 22:03 UTC

Return-Path: <pusateri@bangj.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD2C512D7F5 for <doh@ietfa.amsl.com>; Wed, 23 May 2018 15:03:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3-QUkjSLJGd for <doh@ietfa.amsl.com>; Wed, 23 May 2018 15:03:47 -0700 (PDT)
Received: from oj.bangj.com (amt0.gin.ntt.net [129.250.11.170]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 129DA12D7F0 for <doh@ietf.org>; Wed, 23 May 2018 15:03:47 -0700 (PDT)
Received: from [172.16.25.109] (69-77-155-155.static.skybest.com [69.77.155.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by oj.bangj.com (Postfix) with ESMTPSA id BC92E8C4; Wed, 23 May 2018 18:02:13 -0400 (EDT)
From: Tom Pusateri <pusateri@bangj.com>
Message-Id: <D1464654-B1AB-4D10-93A5-2B2CBE100DE5@bangj.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C3B68ACB-77C9-43D4-B902-6B05C5022ECA"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Wed, 23 May 2018 18:03:45 -0400
In-Reply-To: <CAOdDvNoT=dF9V+jT-Rg_3SPTCiE7uF7QCrA6eGbSN2kXYiRPqA@mail.gmail.com>
Cc: DoH WG <doh@ietf.org>, Sara Dickinson <sara@sinodun.com>, "Hewitt, Rory" <rhewitt=40akamai.com@dmarc.ietf.org>
To: Patrick McManus <pmcmanus@mozilla.com>
References: <CAHbrMsCxkogJ-fzubf7cPgvbeGAhWUFKV3crrmn4ee6=fDnqwQ@mail.gmail.com> <382ba525100a4561b086fe8b8b6527be@ustx2ex-dag1mb3.msg.corp.akamai.com> <603D7553-D1A9-4DCC-9E74-199059C56A9F@sinodun.com> <CAOdDvNrW0qGn1V1s+fWhtn+LV-YiNEu66wp030_Jv-7EW2WhgA@mail.gmail.com> <64EB3BCA-64D2-47DB-8F0E-D323451F0025@bangj.com> <CAOdDvNoT=dF9V+jT-Rg_3SPTCiE7uF7QCrA6eGbSN2kXYiRPqA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/NcRW_CRsiTKmm1lfSWSJBqW06Ws>
Subject: Re: [Doh] WGLC #2
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 22:03:49 -0000


> On May 23, 2018, at 5:57 PM, Patrick McManus <pmcmanus@mozilla.com>; wrote:
> 
> 
> 
> On Wed, May 23, 2018 at 5:53 PM, Tom Pusateri <pusateri@bangj.com <mailto:pusateri@bangj.com>> wrote:
> 
>>  -DNS API client MUST only use a DNS API server that is configured as trustworthy.
> 
> How do you define trustworthy? This seems like it would vary for different clients and servers in different environments.
> 
> 
> that paragraph says you do it through the configuration. That's not being changed here.

But how does an implementor of the spec ensure something is “configured as trustworthy”?

All the implementor can do is allow it to be configured.

Tom