[Doh] Reviewing Resolver-Associated DOH
Ben Schwartz <bemasc@google.com> Fri, 15 March 2019 13:13 UTC
Return-Path: <bemasc@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB36E131236 for <doh@ietfa.amsl.com>; Fri, 15 Mar 2019 06:13:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3oxlREO2a-wU for <doh@ietfa.amsl.com>; Fri, 15 Mar 2019 06:13:10 -0700 (PDT)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB9AE131234 for <doh@ietf.org>; Fri, 15 Mar 2019 06:13:09 -0700 (PDT)
Received: by mail-vs1-xe36.google.com with SMTP id w26so2853274vsk.13 for <doh@ietf.org>; Fri, 15 Mar 2019 06:13:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=DQw1K+ldNr+hwhiOx4Wn+3ebb2dQfepZmD5PWbpmk3w=; b=u2SUFpJrIm9FCv9QiwHJd3vPrlVSE6DMoSZYsjFfd7KGZTHNYnI/E8st6WbeNR7wnq EhfToXYuT7qW1pyKGcg4XgZxKPHe27vThjq+hJQIYJjbtsuAlp+QqaZlO/UyVu0I4wpO X+/cLe5tvKlZYq5H6Zors02bIT49i5WkAojxakYJJ6hfl0/DIG7JxpCH/SSDSoS2tYcj ks4CbHZsa9WmopNcPXP3lLQwXdQHaBJwY7TeaIbrFq4PVXvMvuSIREC+AARsYK6ejx3+ WBJNUfs+Z3CnajZAf7QOCqeOJa3ili4HwyIFfrImxVMA57bDxVhnJBl9P6ejWYuFEIMq TVEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=DQw1K+ldNr+hwhiOx4Wn+3ebb2dQfepZmD5PWbpmk3w=; b=XHGy4XQUMgcD7A3eK6djQP8xh2U6jkRNtYyv9PEn+y0nWd6b3L+vBmZl1QUtzSl/4x dZ9xIXQrU/WOnfxNoTKEmo+Yqe34CkWH11IdEPKpfP9af56TlbJQ/0UfLgqZQtKtEqqi Xp/VOOJhZWPFVj8wUO+EWRMb7EU6PrEokO2ytJmeUgDBGgpIaaoOFGCiODB13Gr7YiPz 50BTTv4b+3cyOz3phIty9icpCNqnsGBKwDl28YC260/m5R8NSzP49yw7s+vixFgcipeJ U1Bv0V43w9L2cDu6PHDQ9S+feqfzDds3Tn51PzDhLXJiap7wC3njjGa4vjpxxKGqXl9L 0gig==
X-Gm-Message-State: APjAAAVayxvWsm51B+x07Bl/M/LNbmgl8RLOGBTX8KHe/SrGWfHozg0H lzWsBFD61eIlDfLSdhtt7IOl7qNUJ/Z2FqBQsWoyAkGZRe4=
X-Google-Smtp-Source: APXvYqx9I6/oN64eJDjX6ihQJC6GggogQn4NhNyhB6SGn3zIbNs/wCISjtI72SZQ48SNSlfenVlE/gaSdhK3gcmaroI=
X-Received: by 2002:a67:ee86:: with SMTP id n6mr1822766vsp.92.1552655588559; Fri, 15 Mar 2019 06:13:08 -0700 (PDT)
MIME-Version: 1.0
From: Ben Schwartz <bemasc@google.com>
Date: Fri, 15 Mar 2019 09:12:56 -0400
Message-ID: <CAHbrMsCNyeabhk0sVexOHVedVkgG2dvV9T8wWL++om5juAUvEw@mail.gmail.com>
To: DoH WG <doh@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000d770fb058421cc8f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/UXPPS7__nXuvlx8rHclcaVeWySM>
Subject: [Doh] Reviewing Resolver-Associated DOH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2019 13:13:12 -0000
I'd like to thank the working group participants for the extensive discussion of our most recent drafts. However, I would appreciate more review of the Resolver-Associated DOH draft, which has the largest time segment allocated for the upcoming meeting. This draft contains several components that have been controversial in the past: 1. IP-address certificates 2. A new .well-known endpoint 3. JSON 4. Recursive resolvers synthesizing responses as if they were authoritative for certain names 5. Machine-readable content in a TXT record Also, the draft does not enable the use of DoH if (1) an application relies on POSIX-like DNS APIs to bootstrap AND (2) the resolver is only reachable on a non-public IP address (e.g. RFC 1918). This is a side effect of the requirement that the DoH server provide a valid certificate for its name, chained to a root that is already trusted by the client. This draft does not alter that requirement. If any of these technical elements are of concern to you, please comment now, so that the meeting can be as productive as possible. --Ben
- [Doh] Reviewing Resolver-Associated DOH Ben Schwartz
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Winfield, Alister
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Winfield, Alister
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Loganaden Velvindron
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Winfield, Alister
- [Doh] IP address certificates Paul Hoffman
- [Doh] Use of TXT records Paul Hoffman
- Re: [Doh] Use of TXT records Ben Schwartz
- Re: [Doh] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] Use of TXT records Hewitt, Rory
- Re: [Doh] Use of TXT records Ben Schwartz
- Re: [Doh] Use of TXT records Hewitt, Rory
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Adam Roach
- Re: [Doh] Use of TXT records Eliot Lear
- Re: [Doh] [Ext] Use of TXT records Paul Hoffman
- Re: [Doh] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Paul Hoffman
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH nusenu
- [Doh] Talking to my resolver Martin Thomson
- Re: [Doh] IP address certificates Martin Thomson
- Re: [Doh] [Ext] IP address certificates Paul Hoffman
- Re: [Doh] [Ext] IP address certificates Martin Thomson
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Martin J. Dürst
- Re: [Doh] Talking to my resolver nusenu
- Re: [Doh] Talking to my resolver Martin Thomson
- Re: [Doh] Talking to my resolver Ben Schwartz
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] Talking to my resolver nusenu
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Mark Nottingham
- Re: [Doh] Talking to my resolver Ben Schwartz
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Adam Roach
- Re: [Doh] security goals nusenu
- Re: [Doh] [Ext] security goals Paul Hoffman
- [Doh] DoH discovery security goals nusenu