Re: [Doh] [EXTERNAL] Reviewing Resolver-Associated DOH
"Winfield, Alister" <Alister.Winfield@sky.uk> Fri, 15 March 2019 13:41 UTC
Return-Path: <Alister.Winfield@sky.uk>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6E2C131252 for <doh@ietfa.amsl.com>; Fri, 15 Mar 2019 06:41:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sky.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zgvcHV04CGHW for <doh@ietfa.amsl.com>; Fri, 15 Mar 2019 06:41:38 -0700 (PDT)
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40086.outbound.protection.outlook.com [40.107.4.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4B61131255 for <doh@ietf.org>; Fri, 15 Mar 2019 06:41:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2ZC/4qLXHl+T++jsOVfAlhYdt7znU4PKK2cUTI9XuzQ=; b=lvRBU5cgaEad6id32L4EbzMcscUnnE6vlKjeGVigDPAmbyroLGZBlbBqExd89VkjQv5wk7G5FTwZsQ5DQ4iGkkD4PsTfP42PMLudC6/VIzm1Sw/T3ROE0Mf7soNTdz3LCN9xFUQ9et/LvAnhSB/ydDRp646i2DsaX/22LwfqMS8=
Received: from AM4PR0601MB2180.eurprd06.prod.outlook.com (10.167.132.7) by AM4PR0601MB2114.eurprd06.prod.outlook.com (10.167.123.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1709.14; Fri, 15 Mar 2019 13:41:35 +0000
Received: from AM4PR0601MB2180.eurprd06.prod.outlook.com ([fe80::ed97:fec5:56f0:586c]) by AM4PR0601MB2180.eurprd06.prod.outlook.com ([fe80::ed97:fec5:56f0:586c%7]) with mapi id 15.20.1709.011; Fri, 15 Mar 2019 13:41:34 +0000
From: "Winfield, Alister" <Alister.Winfield@sky.uk>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, DoH WG <doh@ietf.org>
Thread-Topic: [EXTERNAL] [Doh] Reviewing Resolver-Associated DOH
Thread-Index: AQHU2zDgdC+hW+Sxh0WNA4zTYA6Ad6YMsq0A
Date: Fri, 15 Mar 2019 13:41:34 +0000
Message-ID: <ED16E0D8-BBCB-4316-A116-BA8513F523A3@sky.uk>
References: <CAHbrMsCNyeabhk0sVexOHVedVkgG2dvV9T8wWL++om5juAUvEw@mail.gmail.com>
In-Reply-To: <CAHbrMsCNyeabhk0sVexOHVedVkgG2dvV9T8wWL++om5juAUvEw@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alister.Winfield@sky.uk;
x-originating-ip: [2a02:c7d:e20a:2d00:95a4:4072:f8fe:2d75]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0cd65c23-2a69-4742-73e0-08d6a94bf0f5
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:AM4PR0601MB2114;
x-ms-traffictypediagnostic: AM4PR0601MB2114:
x-microsoft-antispam-prvs: <AM4PR0601MB2114D641BCF93698EF07D2ECE3440@AM4PR0601MB2114.eurprd06.prod.outlook.com>
x-forefront-prvs: 09778E995A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(366004)(376002)(136003)(39860400002)(396003)(199004)(189003)(186003)(106356001)(71200400001)(71190400001)(6486002)(6436002)(478600001)(83716004)(36756003)(229853002)(72206003)(86362001)(6116002)(82746002)(74482002)(2906002)(14444005)(5024004)(81166006)(8676002)(256004)(33656002)(81156014)(25786009)(46003)(68736007)(11346002)(446003)(6506007)(14454004)(6246003)(316002)(53936002)(5660300002)(97736004)(76176011)(2616005)(110136005)(7736002)(58126008)(6512007)(102836004)(6306002)(486006)(99286004)(476003)(54896002)(105586002)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0601MB2114; H:AM4PR0601MB2180.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: sky.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: JcB5HprkkBdrlHLEYEcsE9oAj5ETAnifjrp5ElHjts8ZwzBVAbyfmvsRwMt9beU7PG7clM3ffgaQ+iex0uTpo0EwduNf8FKUDpTbDLXgE9CFOmz6vVqdGlNftv1UMa1iROIgmxUpJeuhPnc2clqJ3MnsV691YUPUu+oJ0Ic63LSSlALNLLCQuDvMi4s+mF+kFElRRRUSVTrvsS9PEr8eFJXFzNJbOLx4qfgLMC4z9SHqJ1tXnKfKwiwLaxdRc8lvZqKcEN3354T7yLHlXLSkWPw9x+ly+jMR4CL6dIN6sl+d1VVBQbPAP86Wu6AZgHyefaHQ5NTQys1md5V3Eo2l2dxHrKzlj5+tAvo1pF1hXUs9VVf9KzZdwDY2r7AP7acQjcALuYsHAzwY5AJWdR3KVabz+ekWv+B2QhV+3NgmuM8=
Content-Type: multipart/alternative; boundary="_000_ED16E0D8BBCB4316A116BA8513F523A3skyuk_"
MIME-Version: 1.0
X-OriginatorOrg: sky.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: 0cd65c23-2a69-4742-73e0-08d6a94bf0f5
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2019 13:41:34.8682 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0601MB2114
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/a-Y7dabTqRSDjj9PR0innWmJHNI>
Subject: Re: [Doh] [EXTERNAL] Reviewing Resolver-Associated DOH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2019 13:41:41 -0000
1. IP-address certificates Bad ! Especially if the less enlightened think to try to create a certificate for a private IP. Very bad idea. 1. A new .well-known endpoint Maybe someone can suggest a better location that doesn’t break things. 4. Recursive resolvers synthesizing responses as if they were authoritative for certain names 5. Machine-readable content in a TXT record Also, the draft does not enable the use of DoH if (1) an application relies on POSIX-like DNS APIs to bootstrap AND (2) the resolver is only reachable on a non-public IP address (e.g. RFC 1918). This is a side effect of the requirement that the DoH server provide a valid certificate for its name, chained to a root that is already trusted by the client. This draft does not alter that requirement. If any of these technical elements are of concern to you, please comment now, so that the meeting can be as productive as possible. --Ben Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence. Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD
- [Doh] Reviewing Resolver-Associated DOH Ben Schwartz
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Winfield, Alister
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Winfield, Alister
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Loganaden Velvindron
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Winfield, Alister
- [Doh] IP address certificates Paul Hoffman
- [Doh] Use of TXT records Paul Hoffman
- Re: [Doh] Use of TXT records Ben Schwartz
- Re: [Doh] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] Use of TXT records Hewitt, Rory
- Re: [Doh] Use of TXT records Ben Schwartz
- Re: [Doh] Use of TXT records Hewitt, Rory
- Re: [Doh] [EXTERNAL] Reviewing Resolver-Associate… Adam Roach
- Re: [Doh] Use of TXT records Eliot Lear
- Re: [Doh] [Ext] Use of TXT records Paul Hoffman
- Re: [Doh] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Paul Hoffman
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH nusenu
- [Doh] Talking to my resolver Martin Thomson
- Re: [Doh] IP address certificates Martin Thomson
- Re: [Doh] [Ext] IP address certificates Paul Hoffman
- Re: [Doh] [Ext] IP address certificates Martin Thomson
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Martin J. Dürst
- Re: [Doh] Talking to my resolver nusenu
- Re: [Doh] Talking to my resolver Martin Thomson
- Re: [Doh] Talking to my resolver Ben Schwartz
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] Talking to my resolver nusenu
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH nusenu
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Mark Nottingham
- Re: [Doh] Talking to my resolver Ben Schwartz
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Hewitt, Rory
- Re: [Doh] [Ext] Reviewing Resolver-Associated DOH Adam Roach
- Re: [Doh] security goals nusenu
- Re: [Doh] [Ext] security goals Paul Hoffman
- [Doh] DoH discovery security goals nusenu