Re: [Doh] WG Review: DNS Over HTTPS (doh)

Ted Hardie <> Mon, 25 September 2017 23:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A052F1345DB; Mon, 25 Sep 2017 16:03:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sr0WcguEduay; Mon, 25 Sep 2017 16:03:32 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 58CA6132697; Mon, 25 Sep 2017 16:03:32 -0700 (PDT)
Received: by with SMTP id a128so8387072qkc.5; Mon, 25 Sep 2017 16:03:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=BcLusH/GP5YxnfuF+thc+JvFtD8tf18dDdL19/rY6b0=; b=LvuddKT9T26I1L1ikCuMlgX9rl+L4vyERqPf/pfyxp30azCqCqR0so0YIexowj9opG QQZG66NhZb5OgPu7qYC3AJxDFYt3lEswvBiJEMoWCmauDc1HCWdJzv+ihSMtTZo41lxH MDJ2TArxs4cd+z1WIj12fBZZUSQhTPUsxGjjhK/HSLpmlGcXjhjrGkQ7YkK4KJRWtz6A TgfcNoiTIXD5+lY+812idUbZ0hGT7PB3wXivhEHw+LF8GsC3WLitJZ8aY9Aq8esqpN9a S2xnj6D4tAK/HSHKi9KJFvGon7W04w51GyR1WXaw7KV1TseH3XfFSs3+JxE2rGYdX2Wx Ey6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=BcLusH/GP5YxnfuF+thc+JvFtD8tf18dDdL19/rY6b0=; b=sbrF9BkpY2In5wsqlIKQqmEPFx+IvqLdDoJQfmRsKD2hj67TFY6f6YZGN9tBsr+a0b rqzk2tYffvOCM50GW0MwGP842Vz9J1KcKPYToZynBXQvewcPyuIh8HHtpdqo5vgdHXmC 3oZZnUNVyY/OEstrAmPAzPrZY7Q9sZRv+o/fUPT9w4w09WoQrmYpbST6a9h7ojNJIXGU 7ENJymmJzQSTrIe/47Mfduriwm+MBsWnTuXvoCzhmAvhl+flSNY1neRrayb8xdPdy/ZV s3+KUoE7EzV2MEYrMUQb0jNPXS9ZAmC4u2zYfQPXmkU4iZ0q3ZEXryljkFP49nyt9LkK bLug==
X-Gm-Message-State: AHPjjUgNWn5XGOSAXJ71TsWEpOk6aA6X4SaKtkk0XQEkBhdWeRP08SIM WhK3m6KRfKo6lQB4jeSFIKh2Swnu93a6JUXLAb4RFA==
X-Google-Smtp-Source: AOwi7QAkvmXWmV/wHkUFv5kGkhLZHedMIpVDMdvPnhqx+zoy/VtW4dk4SlWHbKi/QCtbzKqFH2EFYWoLMPmiCKJi2wU=
X-Received: by with SMTP id i124mr12756504qke.339.1506380611294; Mon, 25 Sep 2017 16:03:31 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Mon, 25 Sep 2017 16:03:00 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
From: Ted Hardie <>
Date: Mon, 25 Sep 2017 16:03:00 -0700
Message-ID: <>
To: Adam Roach <>
Cc: IETF <>,
Content-Type: multipart/alternative; boundary="001a114d38ee3b995f055a0b9112"
Archived-At: <>
Subject: Re: [Doh] WG Review: DNS Over HTTPS (doh)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 25 Sep 2017 23:03:35 -0000


Thanks for summarizing the discussion and its outcomes.  Looking at the
revised charter, I noticed that it currently says "The use of HTTPS and its
existing PKI provides integrity and confidentiality, and it also allows the
transport to interoperate with common HTTPS infrastructure and policy."
The choice not to specify a particular version means that there may be more
than one transport.  You may wish to rephrase this or elide it to reflect
the decision taken on that point.



On Mon, Sep 25, 2017 at 3:56 PM, Adam Roach <> wrote:

> Thanks to everyone who commented on the proposed charter for
> DNS-over-HTTPS. I have noted four main categories of discussion:
>    1. Whether to rule specific versions of HTTP in or out of scope of the
>    charter.  While the consensus here was rough, there were more proponents of
>    leaving the version out than baking it in. I further observe that leaving
>    version out of the charter does not preclude the WG from reaching consensus
>    that requires or precludes certain versions from being used.
>    2. Discovery of DNS-over-HTTPS servers. Again, consensus was rough,
>    but I find slightly more people in favor of allowing discovery than those
>    opposed to its inclusion. I will be adding language to the charter proposal
>    that allows such work if those parties interested in specifying such
>    mechanisms show up in the working group. If no such critical mass shows up,
>    the WG will be allowed to close without performing such specification.
>    3. Scope of work: whether DNS-over-HTTPS servers are accessed normal
>    stub resolver libraries or via JavaScript. The proposed charter now
>    contains text clarifying that the JavaScript use case is not the primary
>    motivation, but that the WG will not take steps to preclude it.
>    4. Regarding the question of whether to perform the work at all (or
>    whether to perform the work now): the analysis for starting a working group
>    generally hinges on whether a viable group of willing and capable
>    participants exists to complete such work, without regard to those who wish
>    the work not to take place. While exceptions to this generality may
>    certainly exist, I find no reason the proposed working group is special in
>    this dimension.
> The revised version of the proposed charter can now be found at:
> /a
> _______________________________________________
> Doh mailing list