Re: [Doh] I-D Action: draft-ietf-doh-resolver-associated-doh-03.txt
Stephane Bortzmeyer <bortzmeyer@nic.fr> Mon, 25 March 2019 11:03 UTC
Return-Path: <stephane@laperouse.bortzmeyer.org>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCD57120395 for <doh@ietfa.amsl.com>; Mon, 25 Mar 2019 04:03:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o0nq0DbKXXEH for <doh@ietfa.amsl.com>; Mon, 25 Mar 2019 04:03:47 -0700 (PDT)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [92.243.4.211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F24DC120390 for <doh@ietf.org>; Mon, 25 Mar 2019 04:03:46 -0700 (PDT)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id 45B21A0531; Mon, 25 Mar 2019 12:03:44 +0100 (CET)
Received: by godin (Postfix, from userid 1000) id 8B5BFEC0B0E; Mon, 25 Mar 2019 12:01:36 +0100 (CET)
Date: Mon, 25 Mar 2019 12:01:36 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: doh@ietf.org
Message-ID: <20190325110136.GA23793@laperouse.bortzmeyer.org>
References: <155341529409.18062.10657099011172813446@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <155341529409.18062.10657099011172813446@ietfa.amsl.com>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 18.04 (bionic)
X-Charlie: Je suis Charlie
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/UBxVrT3-qh2w21K692gVhi3SXHs>
Subject: Re: [Doh] I-D Action: draft-ietf-doh-resolver-associated-doh-03.txt
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 11:03:49 -0000
On Sun, Mar 24, 2019 at 01:14:54AM -0700, internet-drafts@ietf.org <internet-drafts@ietf.org> wrote a message of 43 lines which said: > Title : Associating a DoH Server with a Resolver > Author : Paul Hoffman > Filename : draft-ietf-doh-resolver-associated-doh-03.txt My biggest issue is that the rationale in section 1 has many weak points: * "There is a use case for browsers and web applications". Why not for local limited resolvers like stubby or systemd-resolve? We assume they will always prefer DoT? * "much less often, they use manual configuration" Less often but more and more, to workaround failures and/or censorships. On a gamer forum, these days, any report of an issue, whatever the issue is, elicit a suggestion "switch to [some public DNS resolver]" * "In a common scenario" "Common" is way too vague for something which exists in *some* corporate networks but never (I hope so!) in public ISPs. Otherwise, even after reading the whole thread "Reviewing Resolver-Associated DOH", I don't understand why https is required in section 2. We don't require DNSSEC in section 3, so why having stronger requirments for HTTP? Since having certificates for IP addresses will be difficult in practice, why not just accepting http as well as https? (Or, <horror>https without cert. checking</horror>.) Editorial: * in section 5, server is written serer. * in section 1, "Users typically configure their DNS recursive resolvers with through automatic configuration" With through?
- [Doh] I-D Action: draft-ietf-doh-resolver-associa… internet-drafts
- [Doh] New version: draft-ietf-doh-resolver-associ… Paul Hoffman
- Re: [Doh] New version: draft-ietf-doh-resolver-as… Joseph Lorenzo Hall
- Re: [Doh] New version: draft-ietf-doh-resolver-as… nusenu
- Re: [Doh] [Ext] Re: New version: draft-ietf-doh-r… Paul Hoffman
- Re: [Doh] I-D Action: draft-ietf-doh-resolver-ass… Stephane Bortzmeyer
- Re: [Doh] [Ext] I-D Action: draft-ietf-doh-resolv… Paul Hoffman
- [Doh] Authentication in draft-ietf-doh-resolver-a… Paul Hoffman
- Re: [Doh] New version: draft-ietf-doh-resolver-as… Ralf Weber
- Re: [Doh] [Ext] New version: draft-ietf-doh-resol… Paul Hoffman
- Re: [Doh] [Ext] New version: draft-ietf-doh-resol… Ben Schwartz
- Re: [Doh] Authentication in draft-ietf-doh-resolv… Ben Schwartz
- Re: [Doh] [Ext] New version: draft-ietf-doh-resol… Paul Hoffman
- Re: [Doh] [Ext] Re: Authentication in draft-ietf-… Paul Hoffman
- Re: [Doh] Authentication in draft-ietf-doh-resolv… nusenu
- Re: [Doh] Authentication in draft-ietf-doh-resolv… tirumal reddy
- Re: [Doh] Authentication in draft-ietf-doh-resolv… Patrick McManus
- Re: [Doh] Authentication in draft-ietf-doh-resolv… tirumal reddy
- Re: [Doh] Authentication in draft-ietf-doh-resolv… Patrick McManus
- Re: [Doh] Authentication in draft-ietf-doh-resolv… tirumal reddy
- Re: [Doh] New version: draft-ietf-doh-resolver-as… Erik Nygren
- Re: [Doh] Authentication in draft-ietf-doh-resolv… Erik Nygren
- Re: [Doh] [EXTERNAL] Re: Authentication in draft-… Winfield, Alister
- Re: [Doh] Authentication in draft-ietf-doh-resolv… Martin Thomson
- Re: [Doh] Authentication in draft-ietf-doh-resolv… Ben Schwartz
- Re: [Doh] Authentication in draft-ietf-doh-resolv… nusenu
- Re: [Doh] Authentication in draft-ietf-doh-resolv… Martin Thomson
- Re: [Doh] Authentication in draft-ietf-doh-resolv… Thomas Peterson