Re: [Doh] New I-D: draft-reid-doh-operator

Eliot Lear <> Mon, 11 March 2019 07:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1DD471310E7 for <>; Mon, 11 Mar 2019 00:43:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9oLWGNc-Wr-q for <>; Mon, 11 Mar 2019 00:43:53 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A0DBB128678 for <>; Mon, 11 Mar 2019 00:43:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=5414; q=dns/txt; s=iport; t=1552290233; x=1553499833; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=DcB1rZoMP0dZE6brX63jnlzVOiDN1SC0hX9H++6hZyA=; b=AIxtMhEn906zMtpIaSjq3qcF//yRUrJ6lXDHLYPFUNX3wiUvqsxv0arN 0Nu570PyXjB0o2/TC38BsEIFD2dig/ZTa9k86CdCQ5rUoBWDrsuqifogY BrVqqwJHbBYq0RY5cm4YyffuTTENKcl8KRuRMdNW5qN684NfZsouSxWYU M=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.58,467,1544486400"; d="asc'?scan'208,217";a="10607167"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Mar 2019 07:43:50 +0000
Received: from ( []) by (8.15.2/8.15.2) with ESMTPS id x2B7hnZN005204 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 11 Mar 2019 07:43:50 GMT
From: Eliot Lear <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_680F1187-45F8-4E2C-8FD9-252BAB4A43A8"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Mon, 11 Mar 2019 08:43:48 +0100
In-Reply-To: <>
Cc: "Livingood, Jason" <>, Jim Reid <>, DoH WG <>, Stephane Bortzmeyer <>
To: Warren Kumari <>
References: <> <> <> <> <>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <>
Subject: Re: [Doh] New I-D: draft-reid-doh-operator
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 11 Mar 2019 07:43:55 -0000

Hi Warren,

> On 11 Mar 2019, at 03:27, Warren Kumari <> wrote:
> DoH is a protocol - the concerns you are talking about (and I'm glad they are being discussed, they are important policy discussions) are not specific to DoH -- this sentence works just as well with DNS-over-TLS, plain DNS, using some completely proprietary name resolution mechanism. It is trivial for any "large app" writer to invent a proprietary way to do DNS resolution - please please, let's keep the DoH (protocol) versus "apps doing their own resolution" separate.

A standardized DoH enables alternative interoperable service infrastructure to be formed and not be easily blocked by access providers.  That’s different from all other models, and it has ramifications. The point is that our providing the path of interoperability means, as Paul Vixie points out, that we owe it to ourselves and to the community to understand those ramifications.

We have been here before.  When the IAB allocated 10/8, they were providing an interoperable method for private networks in direct response to people picking networks out of a hat.  It too had substantial ramifications.[1]*

It is absolutely possible for the existing infrastructure to adopt DoH, and I suspect that will happen.  But that is not the driving use case today.  An alternate DNS infrastructure is the driving use case, and we should be mindful of that.

[1] RFCs 1597, 1617, 1918, et al.
* Amusingly, Paul and I were heavily involved in that discussion as well.