Re: [Doh] [EXTERNAL] Re: DoH

Adam Roach <adam@nostrum.com> Fri, 29 March 2019 13:06 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 493B8120252 for <doh@ietfa.amsl.com>; Fri, 29 Mar 2019 06:06:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.68
X-Spam-Level:
X-Spam-Status: No, score=-1.68 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OxGtUf725Pea for <doh@ietfa.amsl.com>; Fri, 29 Mar 2019 06:06:54 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A5C8120233 for <doh@ietf.org>; Fri, 29 Mar 2019 06:06:54 -0700 (PDT)
Received: from dhcp-8111.meeting.ietf.org (dhcp-8111.meeting.ietf.org [31.133.129.17]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id x2TD6mVZ057898 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 29 Mar 2019 08:06:50 -0500 (CDT) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1553864813; bh=VAVD9xu/J4s9YADimiLpET5WV20Xa7y9ZpTIP66r7qk=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=MJkEAUeygqBOX+M0HvhZPLRuMyIfNb10Trf2U5TO1uFAd1Idj90WdfIl8O/QRvqqj I2wGIpy+ccvzQUaAdA1SP+sA1OIme8x9HEkGuQTl0wSaa+6BHJR5PLtGs76k9HwSy8 uiYf6kgIIezin5giHL0Wc5P2cB7TN/7YYMWFsi98=
To: Paul Brears <pbrears@rm.com>, "andrew.campling@bt.com" <andrew.campling@bt.com>, "Alister.Winfield@sky.uk" <Alister.Winfield@sky.uk>, "john@johncarr.eu" <john@johncarr.eu>, "mcmanus@ducksong.com" <mcmanus@ducksong.com>
Cc: "paul.hoffman@icann.org" <paul.hoffman@icann.org>, "doh@ietf.org" <doh@ietf.org>
References: <DB7PR03MB4698C510EC609C85725FC158C6590@DB7PR03MB4698.eurprd03.prod.outlook.com> <CAOdDvNpJqaemDTHcUtTQ7Xc1cq5OOFU91qq_h97j6Uv1RTHD7A@mail.gmail.com> <DB7PR03MB4698A645255E883C9CC07AC3C6590@DB7PR03MB4698.eurprd03.prod.outlook.com> <73a0935d-f80b-0e8d-eb89-cb35a473122c@nostrum.com> <826904ddc23941d5be4d8872c4f2737a@tpw09926dag11h.domain1.systemhost.net> <2af82a6d-6887-ae36-4527-47e476829345@nostrum.com> <9E29A232-BA75-478D-96BF-5D6164142BDD@sky.uk> <6bebaadff9b54dc1a906c237a756d476@tpw09926dag11h.domain1.systemhost.net> <AM6PR04MB4997FC8AA781788F17A861B6CF5A0@AM6PR04MB4997.eurprd04.prod.outlook.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <62c8932a-34f6-e0be-99fe-0976a8b4d5f7@nostrum.com>
Date: Fri, 29 Mar 2019 14:06:48 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <AM6PR04MB4997FC8AA781788F17A861B6CF5A0@AM6PR04MB4997.eurprd04.prod.outlook.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/Vv22a0VPme9-_qd2FlwBDsYAd9M>
Subject: Re: [Doh] [EXTERNAL] Re: DoH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2019 13:06:56 -0000

On 3/29/19 12:54, Paul Brears wrote:
> I think the key difference is that on a normal Widows PC you’d need device admin credentials to change DNS provider.


This again conflates product concerns with protocol ones. Applications 
have always had the ability to incorporate their own resolver library 
and configure it to use servers other than those provided by the 
operating system (cf. c-ares, adns). The concern you describe is that 
some popular applications may choose to do so.

/a