Re: [Doh] WG Review: DNS Over HTTPS (doh)
Adam Roach <adam@nostrum.com> Fri, 15 September 2017 19:00 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BF8013422C; Fri, 15 Sep 2017 12:00:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id idbqbpooAoDp; Fri, 15 Sep 2017 12:00:29 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68C74134213; Fri, 15 Sep 2017 12:00:26 -0700 (PDT)
Received: from Svantevit.roach.at (cpe-70-122-154-80.tx.res.rr.com [70.122.154.80]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v8FJ0NeM066450 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 15 Sep 2017 14:00:23 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-154-80.tx.res.rr.com [70.122.154.80] claimed to be Svantevit.roach.at
To: Paul Hoffman <paul.hoffman@vpnc.org>, Ted Hardie <ted.ietf@gmail.com>
Cc: doh@ietf.org, IETF <ietf@ietf.org>
References: <150549029332.2975.12341647131707994474.idtracker@ietfa.amsl.com> <CA+9kkMBJAP23GmGf_ix-DMeOMB=Rbas+qsBQhrVwZuA5-Cv7Mg@mail.gmail.com> <EB3D58DB-1F8D-4E32-AE71-841EBCDDC3CA@vpnc.org>
From: Adam Roach <adam@nostrum.com>
Message-ID: <42309404-8991-5d1d-7834-59087f273d41@nostrum.com>
Date: Fri, 15 Sep 2017 14:00:23 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <EB3D58DB-1F8D-4E32-AE71-841EBCDDC3CA@vpnc.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/ZvUmHZlyRJZEwk4Zh0py3nwGeL4>
Subject: Re: [Doh] WG Review: DNS Over HTTPS (doh)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Sep 2017 19:00:30 -0000
On 9/15/17 1:24 PM, Paul Hoffman wrote: > Yes, please. The charter should say "HTTP/2 over TLS". There is no > reason for current browsers adding this feature to add it using an > obsolete protocol. I think you're assuming a tighter coupling between layers than actually exists. In particular -- since you're talking about browsers -- it would easy to implement the current draft entirely in content JavaScript. In doing so, it would be impossible for the implementation to prevent its use over HTTP/1.1 (or QUIC): aside from some proprietary browser-specific APIs, there's no way for such an implementation to even tell what version of HTTP is in use, much less prevent certain queries from going out over unwanted ones. This all bears more on the specified solution than the charter, but I suspect that (after a reasonable back-and-forth in the ensuing working group), one reasonable outcome will be that the mechanism works over HTTPS in general, simply because it will be too much of an implementation burden to prevent it from doing so. I'd rather not preclude the ability to have that discussion in the working group by foreclosing it in the charter language. /a
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Cullen Jennings
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- [Doh] WG Review: DNS Over HTTPS (doh) The IESG
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Spencer Dawkins at IETF
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Patrick McManus
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Tim Wicinski
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] [Ext] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] [Ext] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] [Ext] WG Review: DNS Over HTTPS (doh) Paul Hoffman
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ask Bjørn Hansen
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ask Bjørn Hansen
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Magnus Westerlund
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Mark Nottingham
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Toerless Eckert
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Toerless Eckert
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Toerless Eckert
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Tony Finch
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Phillip Hallam-Baker
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Patrick McManus
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Eliot Lear
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Warren Kumari
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Warren Kumari
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Martin Thomson
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Ted Hardie
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Martin Thomson
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Stephen Farrell
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Adam Roach
- Re: [Doh] WG Review: DNS Over HTTPS (doh) Patrick McManus