IETF Logo Mail Archive

Re: [Doh] WG Review: DNS Over HTTPS (doh)

Ted Hardie <ted.ietf@gmail.com> Thu, 21 September 2017 14:05 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BC0613235C; Thu, 21 Sep 2017 07:05:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K5EcxfY5KDOD; Thu, 21 Sep 2017 07:05:42 -0700 (PDT)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0F241321C7; Thu, 21 Sep 2017 07:05:42 -0700 (PDT)
Received: by mail-qt0-x22f.google.com with SMTP id i50so6025421qtf.0; Thu, 21 Sep 2017 07:05:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=lMohJdrmCgkmS/NG1Akpmgjj6UIGTVHxHLTITK5Nyb0=; b=rhRih2hqRDC2vYs7IHxybH3zy9Yi8i3X4yx1B5WAe3Vkaq+Rb4sHzxiJLp+AU84zVW cc149tKdOvKjaNadkFolIb98hvOGARJYN3BTymMn0ZTTb0iuc2tAPCrc77hcNKdxzmGI j89FfR+bS8vpUKXK73Q/70rFx6fjrLtmKg+70w2XJQI0Dzdi9BdYB17J1O0KcT3cDHE2 yPDOWHCDQBspjlBqc6qhlpukFPlYI5ckqXE6SZKXOLhp1GaY3affxsJhdaX6eYGjMjjV V5T+HDpZd0ceR7W144YGzMwymxjuOnYsEBlzezBRE9BH2J4aHUAiiJNOB68roqSSQjN2 mZ7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=lMohJdrmCgkmS/NG1Akpmgjj6UIGTVHxHLTITK5Nyb0=; b=FCSGFUKm6P/zBYZn6PUWOpA7PboQgzpXAyKgrhPK0s7gHfl3SB2ibBhpGVVVru7K7O B52lCtg8HBkbm/v3wHZRH16o9AwelltN821IFBPBA99CJRSd5DkksDauArxqStK4jCdb VVGTWJZPAzGG8H3pyvRLGOBynswzMiWETSH45faQ4q0IXPQJP5X+aMOgF7Yl0axKfFbM Ymu04gQw7dOqRht/6WjEpn16a+yQNdVTIpaqG1BHpWKu/bkDxFxTM2NQ/XJbQG8Rlz7p tHfmSh9IXMFUA0kJJ0zP0A7EuWIOJ4h7JQhUbO9xxNsZWeIEibYrr1gUHNK7ECY8nPVc cUtg==
X-Gm-Message-State: AHPjjUjowmKAnE/bOCbU+8MA9mMzu35DctPOPSxgRwKrOiaWA3udK6Gg 2tZCjDXEuypB5R+NoyjKLybQY88Uq5go5e56FgE=
X-Google-Smtp-Source: AOwi7QAmAWNIQ7VVde/NXUCLiawIv/ETpRWMjjT9FDIfHwZD7O2bbynLyPr9i0YTrpeS+Owfk9L3jiSa9gdgZQhCS3k=
X-Received: by 10.200.3.159 with SMTP id t31mr3400274qtg.338.1506002741516; Thu, 21 Sep 2017 07:05:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.27.42 with HTTP; Thu, 21 Sep 2017 07:05:10 -0700 (PDT)
In-Reply-To: <2E3B3E8E-7C8D-4662-B5C8-D11C390EE5ED@mnot.net>
References: <150549029332.2975.12341647131707994474.idtracker@ietfa.amsl.com> <20170920151458.GA22670@faui40p.informatik.uni-erlangen.de> <eaadc24d-6150-2396-64b6-708266de1c69@nostrum.com> <c06bfd5a-743a-aa9f-68b4-4a60badc8bed@cisco.com> <a34c98e2-7129-1d1a-947b-20cafa236119@nostrum.com> <5e9cb711-d798-c6b9-d6c3-c7619bcbadd7@cisco.com> <2E3B3E8E-7C8D-4662-B5C8-D11C390EE5ED@mnot.net>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Thu, 21 Sep 2017 07:05:10 -0700
Message-ID: <CA+9kkMBD3qntDXGa3tWpcGRUWN4g4ivbMWMZrWRP-BBeJFOWVQ@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Eliot Lear <lear@cisco.com>, doh@ietf.org, Adam Roach <adam@nostrum.com>, IETF <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="f4030435bd30705c330559b396d2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/T7q2DrhRAIPD98iIBCBr9r_okNE>
Subject: Re: [Doh] WG Review: DNS Over HTTPS (doh)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Sep 2017 14:05:44 -0000

On Thu, Sep 21, 2017 at 4:41 AM, Mark Nottingham <mnot@mnot.net> wrote:

> On 21 Sep 2017, at 7:28 pm, Eliot Lear <lear@cisco.com> wrote:
> >
> > You still don't have a reasonable answer for discovery.
>
> Discovery isn't necessary for the primary use case -- user-driven
> configuration of their browser.
>
> We can specify a DHCP option, but since it won't have any qualitative
> benefits over "normal" DHCP-configured DNS, I suspect it will get almost no
> implementation or deployment. So it's effectively busy work for the WG.
>
>
I think you're underestimating the value of a switch to a multiplexing
facilitating protocol/transport.  Once this has gotten its legs under it, I
suspect that this approach for connecting to caching resolver will perform
better than any of traditional upd/tcp connections or the tls/dtls
approaches DPRIVE created.

And there is some discussion on that to be done, especially around whether
you can re-use the current DHCP option (since it does not specify a port)
and try this opportunistically or you should use a new option.

Just my view, of course,

Ted



>
> --
> Mark Nottingham   https://www.mnot.net/
>
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh
>

v2.23.0 | Report a Bug | By Email