IETF Logo Mail Archive

Re: [Doh] [EXTERNAL] Reviewing Resolver-Associated DOH

Loganaden Velvindron <loganaden@gmail.com> Fri, 15 March 2019 13:51 UTC

Return-Path: <loganaden@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 181CB131260 for <doh@ietfa.amsl.com>; Fri, 15 Mar 2019 06:51:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2AEz5y_cl6a7 for <doh@ietfa.amsl.com>; Fri, 15 Mar 2019 06:51:27 -0700 (PDT)
Received: from mail-it1-x12e.google.com (mail-it1-x12e.google.com [IPv6:2607:f8b0:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97758129441 for <doh@ietf.org>; Fri, 15 Mar 2019 06:51:27 -0700 (PDT)
Received: by mail-it1-x12e.google.com with SMTP id w18so10212725itj.4 for <doh@ietf.org>; Fri, 15 Mar 2019 06:51:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=MjziIo4D2XRD4hJDjPxzcxNiT73NFLIiZz836YOMb8Y=; b=PITShWtgvI5KEl/1OTTi1n6VJyHuK+dOBPMAQ5NpdAg2/6wfG/POkeuQhNwJ9LgbgZ c2eBQCj4AXgGpFfUu9ET1eEGmP+Kmt1AAjPYoAZHij6K2BFusbeaexvJJOIowdywHXuL oxE2ysSoxEnnuMzeT6b0zPVg+45/H7T9tBSqI/vqJGkVVsfzOISitvsjCZgVlkNbGhvl PZWqEqjsDy93y+rTUx5u7Qn7xcM4sxPArjtmNCGcbVH6Xo2xd4i4NGagBToloyYoeQbx k0M79zZ3gbyH7Jw1AzqUst2Bczjpo/8TzP9WbW7LeTn0J9Qo8jYuxWhm3hFan/vhjjKM ZAfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=MjziIo4D2XRD4hJDjPxzcxNiT73NFLIiZz836YOMb8Y=; b=NbCOI35DxtpRliIF510j/gAs17lcwXHhX4qbfALNdlvVWj3zmuZ6JnuSn4j4z25Gbv 4l8tXeSU83tnrA+95PXs43tF9XaJJuRNZaZjJ+hNXCK2uTemMd6zJN+bPianaXQGgHdI 7/8nmcWNHdFBURgeN/v45vPKYJ+uREzkKuTUHWgOSBCWqYJ/IpRKb9F6jN7hdV8MuIIt SeHpb2Yc8HiH8M65Br+u3NC+E8W4c0fH90o12jRpsRY0jiSACTihJ0b+rOKcbfoiEtMf pQNFi+SJ1o+93o/Cj0Tv5nGCNb/hlI+yBeIqtFLaQ+Ty8TqwSosuhggzZW0u97fKb85X 8h5A==
X-Gm-Message-State: APjAAAWA+eH6PVTbYriZG3EDd8qPmFTDh5tRx83v2lEDXzU2I5Q0f5Rz eaMjMSmCpJmurXZnfkIJdEfB8dIoj2XLgX6aOwo=
X-Google-Smtp-Source: APXvYqykw/B4a6qii7VfOg3hQKx8aqpE5aI4faw9AchEcuNisKrDCTCV6vhpmlm0z1vi1DJp0dMWJFRS7OErXTC6mCQ=
X-Received: by 2002:a05:660c:646:: with SMTP id y6mr1560137itk.91.1552657886805; Fri, 15 Mar 2019 06:51:26 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsCNyeabhk0sVexOHVedVkgG2dvV9T8wWL++om5juAUvEw@mail.gmail.com> <ED16E0D8-BBCB-4316-A116-BA8513F523A3@sky.uk>
In-Reply-To: <ED16E0D8-BBCB-4316-A116-BA8513F523A3@sky.uk>
From: Loganaden Velvindron <loganaden@gmail.com>
Date: Fri, 15 Mar 2019 17:51:15 +0400
Message-ID: <CAOp4FwRYiyMswJuF_CWzZXHG+9W4pt1O+ixvHQFyEP8iMRrtUA@mail.gmail.com>
To: "Winfield, Alister" <Alister.Winfield=40sky.uk@dmarc.ietf.org>
Cc: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, DoH WG <doh@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/W4RCxHfoou8mmljsmTiwPO6hkuQ>
Subject: Re: [Doh] [EXTERNAL] Reviewing Resolver-Associated DOH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2019 13:51:35 -0000

On Fri, Mar 15, 2019 at 5:41 PM Winfield, Alister
<Alister.Winfield=40sky.uk@dmarc.ietf.org> wrote:
>
>
>
>
>
> IP-address certificates
>
>
>
> Bad ! Especially if the less enlightened think to try to create a certificate for a private IP. Very bad idea.
>
>
>
> A new .well-known endpoint
>
>
>
> Maybe someone can suggest a better location that doesn’t break things.
>

Can you elaborate more ?
>
>
> 4. Recursive resolvers synthesizing responses as if they were authoritative for certain names
>
> 5. Machine-readable content in a TXT record
>
>
>
> Also, the draft does not enable the use of DoH if (1) an application relies on POSIX-like DNS APIs to bootstrap AND (2) the resolver is only reachable on a non-public IP address (e.g. RFC 1918).  This is a side effect of the requirement that the DoH server provide a valid certificate for its name, chained to a root that is already trusted by the client.  This draft does not alter that requirement.
>
>
>
> If any of these technical elements are of concern to you, please comment now, so that the meeting can be as productive as possible.
>
>
>
> --Ben
>
> Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.
>
> Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh

v2.23.0 | Report a Bug | By Email