Re: [Doh] [Ext] Fallback to untrusted DOH servers
Patrick McManus <pmcmanus@mozilla.com> Mon, 23 April 2018 12:41 UTC
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A6B7127871 for <doh@ietfa.amsl.com>; Mon, 23 Apr 2018 05:41:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.101
X-Spam-Level: **
X-Spam-Status: No, score=2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_SBL_CSS=3.335, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ywU1uHpSER2f for <doh@ietfa.amsl.com>; Mon, 23 Apr 2018 05:41:00 -0700 (PDT)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id 05CED126C89 for <doh@ietf.org>; Mon, 23 Apr 2018 05:41:00 -0700 (PDT)
Received: from mail-ot0-f169.google.com (mail-ot0-f169.google.com [74.125.82.169]) by linode64.ducksong.com (Postfix) with ESMTPSA id 580E23A019 for <doh@ietf.org>; Mon, 23 Apr 2018 08:40:59 -0400 (EDT)
Received: by mail-ot0-f169.google.com with SMTP id y10-v6so3991552otg.10 for <doh@ietf.org>; Mon, 23 Apr 2018 05:40:59 -0700 (PDT)
X-Gm-Message-State: ALQs6tAk71ZF/tVVkeW/t6BVGaLIuQsWEQo6wCvDKU39ePHbauhjLgR+ 4OX3mSsXsv/wXIKLZu0ifasR5m+35QgJAGt6TeY=
X-Google-Smtp-Source: AB8JxZr21y/c5/k8JkgqUZvLtF2dQHK09D8e0dv3yy9uR0+rfC3rjLGBAtBLye7Yd8W3ICvJq1xl4nXWUNE74GDkOU4=
X-Received: by 2002:a9d:4181:: with SMTP id p1-v6mr9336168ote.2.1524487259088; Mon, 23 Apr 2018 05:40:59 -0700 (PDT)
MIME-Version: 1.0
References: <f17cbdf0-cd88-9fa9-c83d-26e2cf13b8c1@o2.pl> <21B4DD30-46B0-4E63-833E-FDE66EF28F95@icann.org> <765e9e5a-9b8c-fa1c-85b5-da824807e609@o2.pl> <CAOdDvNrC6VGQtCYgLOoRvwCGn0kRJuchncFj4m5r_KZ-ig7=NA@mail.gmail.com> <28678acd-f67d-7f95-273f-26ed1115d3ee@o2.pl> <75B0BB57-A222-4328-A155-E5C351DEB7CC@icann.org> <3457562c-5576-18ea-a764-d485d870b5ea@o2.pl>
In-Reply-To: <3457562c-5576-18ea-a764-d485d870b5ea@o2.pl>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Mon, 23 Apr 2018 12:40:48 +0000
X-Gmail-Original-Message-ID: <CAOdDvNqft5RwHcf1Ds-nzCZ=ha1weBTwbP4KzMLoHHwJQt0bVQ@mail.gmail.com>
Message-ID: <CAOdDvNqft5RwHcf1Ds-nzCZ=ha1weBTwbP4KzMLoHHwJQt0bVQ@mail.gmail.com>
To: Mateusz Jończyk <mat.jonczyk@o2.pl>
Cc: Paul Hoffman <paul.hoffman@icann.org>, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008aedce056a835954"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/OFnEi9zGkP83MCVwLih8GZTqfbM>
Subject: Re: [Doh] [Ext] Fallback to untrusted DOH servers
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2018 12:41:03 -0000
I really think you are discussing discovery. The chairs have said that is out of scope for this draft but they are soliciting proposals for new work that could include it. On Mon, Apr 23, 2018, 06:04 Mateusz Jończyk <mat.jonczyk@o2.pl> wrote: > W dniu 22.04.2018 o 17:15, Paul Hoffman pisze: > > On Apr 22, 2018, at 6:21 AM, Mateusz Jończyk <mat.jonczyk@o2.pl> wrote: > >> I think if Your interpretation of DOH is correct, that the text is > unclear there > >> and should be clarified. > >> I would suggest to add the following clarification: > >> > >> A client MAY use an untrustworthy DNS API server as a fallback. > > > > This seems horribly dangerous without a clear definition of "fallback". > > There was a definition of "fallback" in a modification I proposed several > mails > ago, but I removed it for sake of simplicity. > > So, I would propose a following addition: > A client MAY use an untrustworthy > DNS API server as a fallback, for example: when no trustworthy DNS API > server is configured, no configured DNS server works or > when the trustworthy DNS API server returned NXDOMAIN (and the client > checks whether an untrustworthy DNS API server would resolve the > address in > question). > > The client MUST use separate DNS API caches for trustworthy and > untrustworthy > DNS API servers or drop DNS caches when switching from an untrustworthy > DNS API server to a trustworthy one. > > Ted Lemon suggested in a private e-mail that contacting an untrusworthy > DNS API > server after the trustworthy DNS API server returned NXDOMAIN exposes all > mistyped domains to the untrustworthy DNS API server. This is a valid > concern, > and applies equally well to using old-school DNS in such a situation. > > I would therefore propose to add the following warning after the phrase: > "If a client of this protocol encounters an HTTP error after > sending a > DNS query, and then falls back to a different > DNS retrieval mechanism, doing so can weaken the privacy and > authenticity expected by the user of the client." > > When a DNS API server returns NXDOMAIN, a client may wish to check > whether another server will resolve the domain name (as this may be > a local name to be resolved by a local DNS server). Doing so will, > however, expose all mistyped domain to that server. > > > > > >> I am going to submit a draft that specifies how a fallback DNS API > server could > >> be retrieved from DHCP. > > > > That would be quite useful. If you do that, wouldn't it define the DNS > API server as trusted? > > No, the server retrieved via DHCP is going to an untrustworthy DNS API > server > (as defined above) as DHCP is usually unauthenticated and prone to various > manipulations. > > > > > --Paul Hoffman > > > > Greetings, > Mateusz Jończyk > _______________________________________________ > Doh mailing list > Doh@ietf.org > https://www.ietf.org/mailman/listinfo/doh >
- [Doh] Fallback to untrusted DOH servers Mateusz Jończyk
- Re: [Doh] Fallback to untrusted DOH servers Ted Lemon
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Paul Hoffman
- Re: [Doh] Fallback to untrusted DOH servers Mateusz Jończyk
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Mateusz Jończyk
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Patrick McManus
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Paul Hoffman
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Mateusz Jończyk
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Mateusz Jończyk
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Patrick McManus
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Mateusz Jończyk
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Paul Hoffman
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Ben Schwartz
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Ted Lemon
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Tom Pusateri
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Paul Hoffman
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Tom Pusateri
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Ted Lemon
- Re: [Doh] [Ext] Fallback to untrusted DOH servers Tom Pusateri
- [Doh] Goals of DOH Paul Hoffman
- Re: [Doh] Goals of DOH Ted Lemon
- Re: [Doh] [Ext] Goals of DOH Paul Hoffman
- Re: [Doh] [Ext] Goals of DOH Ted Lemon