Re: [Doh] [Ext] Re: Use cases and URLs

Mark Nottingham <> Wed, 07 March 2018 23:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B1F74126BF6 for <>; Wed, 7 Mar 2018 15:41:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=zMOm0UaQ; dkim=pass (2048-bit key) header.b=cxjZP4oO
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8svs_WWT5dBb for <>; Wed, 7 Mar 2018 15:41:53 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id ECD40124B18 for <>; Wed, 7 Mar 2018 15:41:52 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 39E8C216A8; Wed, 7 Mar 2018 18:41:52 -0500 (EST)
Received: from frontend1 ([]) by compute3.internal (MEProxy); Wed, 07 Mar 2018 18:41:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=7GVvD0Sx0kc/UJB+CuzbwUDTa3Drb a4ondHr5ONsNFI=; b=zMOm0UaQTLNLuD+mtEhnc5MACkowzdDgXyXsXIhorqNkH E7WWfSz7cBGsf/eMVwJGZkKcdZxLA+Fp96dTqCFjzeADImaqJ40cBiUMivEFyBSp jHpd7ItkaIPGJzfMHFqo1uzccCL15OeW9MHzfmUm9vITfUtdSYjwASWPPXpc9GS5 N2/vbpyN06FN3Yyda+LaQI2V1HtxGG6b7Q8Px2KF6/pDXZwo1X91KM2yRUL0DHiy smocklTkcXGNW4ySoV3Tz7wP7Rkz9C7RZB380Kdyi5nR2XcOvqYtHQWJlDfNejqt XcOpKyE+SlMwM9I2qifVozEKW7EcUrZZRZ3iEAPdQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=7GVvD0 Sx0kc/UJB+CuzbwUDTa3Drba4ondHr5ONsNFI=; b=cxjZP4oOMvb9+wmVTqc9ra DWJXdDFnh9zbkqBb2nR4/F6cfDLtsN+L14xVPM1FXex25I57S0b+3R1+qLqgHruW 71K6nDwOKtO9PBiA+4PWgc9dWL4lV6kxJz8RAXJCQ4OWEz/TQSwupEiMJj4MdoTL 1v2uiSwUClJ0vx3oe8Ek2N8JUdGE+5PzhSklZebBiewLjv7S0XGq/Bl+S1jbpBUt HnaIGtX333XUXowhW3pkpeStrlSB65jOyq/3VHkOLNJhoToYXrVfiG3CyImbuQF3 IBikli6LVZtF3MJjZqcDcS0KT2bxnd1ehk0AsOibCCZQ4E6BlcZmuWMoUZnq5i0Q ==
X-ME-Sender: <xms:wHigWkNMmruGX3A2KhtCyN6JSvxBO-EsqhpJ_0mla7SiYH9-AfqMTw>
Received: from [] (unknown []) by (Postfix) with ESMTPA id 337157E27B; Wed, 7 Mar 2018 18:41:50 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Mark Nottingham <>
In-Reply-To: <>
Date: Thu, 8 Mar 2018 10:41:47 +1100
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <>
To: Andrew Sullivan <>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <>
Subject: Re: [Doh] [Ext] Re: Use cases and URLs
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Mar 2018 23:41:55 -0000

> On 8 Mar 2018, at 9:59 am, Andrew Sullivan <> wrote:
>> Also, we don't make decisions based upon what people feel in the IETF -- we decide based upon rough consensus and running code. Is there *any* implementer interest in what you're describing?
> If the IETF is standardising a feature that users can't get out of or
> use in ways that suit them, then I would have to ask why we are
> willing to touch it with a 93 1/2' pole.  That really would make us
> the IVTF, and I'm not interested in such efforts.  I agree that there
> is a serious attack vector in allowing users to configure doh, but
> it's also an attack vector if only your vendor can control how it can
> be used.  If _that's_ what we think we're building, then I at least
> was fooled by the charter.

I meant something more specific -- are any implementations (practically, browsers) keen to expose a UX that allows you to type an arbitrary hostname into it and wind up resolving DNS through that host, and can explain their reasons for doing so with a hostname rather than a URL (which again is how search engines are configured currently)?

We generally don't discuss UX in the IETF, but it seems like if we're going to have a UX-driven argument determining the protocol, we should at least have someone who's interested in following that path and can explain why this so important. Otherwise it feels too much like engineers who have no business making UX decisions taking a punt.

And that still doesn't address the mismatch with the intended use of .well-known.


Mark Nottingham