IETF Logo Mail Archive

Re: [Doh] [Ext] Fallback to untrusted DOH servers

Ted Lemon <mellon@fugue.com> Mon, 23 April 2018 15:11 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AEC412D72F for <doh@ietfa.amsl.com>; Mon, 23 Apr 2018 08:11:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IjwTogxzz1Nx for <doh@ietfa.amsl.com>; Mon, 23 Apr 2018 08:11:16 -0700 (PDT)
Received: from mail-qt0-x236.google.com (mail-qt0-x236.google.com [IPv6:2607:f8b0:400d:c0d::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4389812D574 for <doh@ietf.org>; Mon, 23 Apr 2018 08:11:16 -0700 (PDT)
Received: by mail-qt0-x236.google.com with SMTP id a25-v6so18065220qtm.1 for <doh@ietf.org>; Mon, 23 Apr 2018 08:11:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=THmEGsp/qvqNodEZ6dUabhfzCHtlnnfBGTsPAp/jupg=; b=szjKJZPiAFVpTiBC7NQ9ldQuhManDK20/n1xiFpyeeGqH34UUV1w0HgZoBg5dD7/+w L70aLKXwNY44mEYKe0vs5OxPGHUrui6nwep9sOQJnp38XSo18OsjwFQAVjzsTnGILnaW J8JtL3Y3BNFlmACnCph6+rMNlx0R1OR5ajJ1UUNHSwqXki5XieMCmjiVpWKa8OdwTlTS tQK9u+PMkwrbpCGVYFQoiwW4WKS5TGBzZZZstugDBW1gPSpsGWBGshs0wE3q1R4Y8mSv RmvU/Y4I1loFnvURuVsTyzy99/R//aPKyFiJ5Nku5gudOszQXFp5cfMtzCEI3DB0G9a3 QJgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=THmEGsp/qvqNodEZ6dUabhfzCHtlnnfBGTsPAp/jupg=; b=OfUBu87vD04+I107ZJKkHQD2dkVkolPMjfx48trePNL6/y3p8eWnD4ZMN+v9j+zN75 lNo0skZBIujAfdt5iRsn4eJuDgKAoFGB0FkfAqGbKrFMW/PEul9f5m0bgxjc0LIvNBA8 h60OasS4P8Ikpip/Ojj8JQY19o43W4vPzthqDCKuj1VL4m5pOklQLoaiZxX4wXoQM5O/ rHN1VOyTz4Iv0jxyDjFqH44OuXJKU6h3nkt6lSOnNmoi9Hap1EjBK8+P51flxjs+XHJn as/WCznOUTkqx+FQstuQsC0WZ2Fdfs282aYUKFydRS6bqWmvV9k+24dX9I5GYzDSj8sp vqsg==
X-Gm-Message-State: ALQs6tBUo/p7sSO6Rlgr2jfawJ3o1pf51QmYWLx4whDahPRX1ZrQ7hUp T8gvsVmqvKWeatov7FY7hW71gg==
X-Google-Smtp-Source: AB8JxZpC6HNC+yZZeS5mHE79d+REL6yfdvXrVUlwCUozkyXqc+so3m95xKF5O7vxHf0O6qqk7hfR7w==
X-Received: by 10.12.138.133 with SMTP id 5mr1881394qvv.208.1524496275394; Mon, 23 Apr 2018 08:11:15 -0700 (PDT)
Received: from cavall.lan (c-24-60-163-103.hsd1.ma.comcast.net. [24.60.163.103]) by smtp.gmail.com with ESMTPSA id r20sm9739530qke.79.2018.04.23.08.11.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 23 Apr 2018 08:11:14 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <3E3A7B62-BF7F-42D1-90B7-C7C7F1E5CD0E@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_BE08D94E-8E71-4216-A26D-AF92294703E5"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Mon, 23 Apr 2018 11:11:13 -0400
In-Reply-To: <46145a1e-99a9-405f-9f5c-4b85005feaf9@o2.pl>
Cc: Patrick McManus <pmcmanus@mozilla.com>, Paul Hoffman <paul.hoffman@icann.org>, DoH WG <doh@ietf.org>
To: Mateusz Jończyk <mat.jonczyk@o2.pl>
References: <f17cbdf0-cd88-9fa9-c83d-26e2cf13b8c1@o2.pl> <21B4DD30-46B0-4E63-833E-FDE66EF28F95@icann.org> <765e9e5a-9b8c-fa1c-85b5-da824807e609@o2.pl> <CAOdDvNrC6VGQtCYgLOoRvwCGn0kRJuchncFj4m5r_KZ-ig7=NA@mail.gmail.com> <28678acd-f67d-7f95-273f-26ed1115d3ee@o2.pl> <75B0BB57-A222-4328-A155-E5C351DEB7CC@icann.org> <3457562c-5576-18ea-a764-d485d870b5ea@o2.pl> <CAOdDvNqft5RwHcf1Ds-nzCZ=ha1weBTwbP4KzMLoHHwJQt0bVQ@mail.gmail.com> <46145a1e-99a9-405f-9f5c-4b85005feaf9@o2.pl>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/S0GYBxD5PtHpJtqWnlAMSFziUrc>
Subject: Re: [Doh] [Ext] Fallback to untrusted DOH servers
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2018 15:11:18 -0000

On Apr 23, 2018, at 8:56 AM, Mateusz Jończyk <mat.jonczyk@o2.pl> wrote:
>>    Ted Lemon suggested in a private e-mail that contacting an untrusworthy DNS API
>>    server after the trustworthy DNS API server returned NXDOMAIN exposes all
>>    mistyped domains to the untrustworthy DNS API server. This is a valid concern,
>>    and applies equally well to using old-school DNS in such a situation.

Oops, I hadn't intended that to be private.  Sigh.

v2.23.0 | Report a Bug | By Email