IETF Logo Mail Archive

Re: [Doh] [Ext] Reviewing Resolver-Associated DOH

Paul Hoffman <paul.hoffman@icann.org> Sat, 16 March 2019 16:04 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9AB5129B88 for <doh@ietfa.amsl.com>; Sat, 16 Mar 2019 09:04:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oM-CgyI-sB4J for <doh@ietfa.amsl.com>; Sat, 16 Mar 2019 09:04:53 -0700 (PDT)
Received: from out.west.pexch112.icann.org (out.west.pexch112.icann.org [64.78.40.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E825D1274D0 for <doh@ietf.org>; Sat, 16 Mar 2019 09:04:52 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Sat, 16 Mar 2019 09:04:51 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1367.000; Sat, 16 Mar 2019 09:04:51 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: DoH WG <doh@ietf.org>
Thread-Topic: [Ext] [Doh] Reviewing Resolver-Associated DOH
Thread-Index: AQHU3BH7i/uCxaS830a4yqKpvRp54g==
Date: Sat, 16 Mar 2019 16:04:49 +0000
Message-ID: <7F06A457-58C6-47A0-BDCA-D25FF0C6C062@icann.org>
References: <CAHbrMsCNyeabhk0sVexOHVedVkgG2dvV9T8wWL++om5juAUvEw@mail.gmail.com> <5690c5b2-65ab-55d4-b3ec-d06d82ebbb26@riseup.net>
In-Reply-To: <5690c5b2-65ab-55d4-b3ec-d06d82ebbb26@riseup.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <CAA48B58AF5956488C91CE2167779D74@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/bOL0JX0QA-y9qA2G88ngSDSzQAI>
Subject: Re: [Doh] [Ext] Reviewing Resolver-Associated DOH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2019 16:04:55 -0000

On Mar 16, 2019, at 8:51 AM, nusenu <nusenu-lists@riseup.net> wrote:
> 
>> Abstract
>> 
>>   Browsers and web applications may want to know if there are one or
>>   more DoH servers associated with the DNS recursive resolver that the
>>   operating system is already using. 
> [...]
>> There is a use case for browsers and web applications to want
> 
> to make it clear that this discovery mechanism can be used by any application
> (or even the OS itself) and is not limited to "browsers and web applications"
> maybe use something more generic like "Systems and applications may want know
> if there are one or more DoH servers ..."?

Good point. I'll discuss "browser can be almost any application" in the next draft.

On Mar 16, 2019, at 8:51 AM, nusenu <nusenu-lists@riseup.net> wrote:
> Hewitt, Rory wrote:
>> As with all /.well-known/ endpoints, the issue is both
>> standardization and publicization. AIUI, @mnot's original ideal would
>> be to have /.well-known/ be pretty 'generic'. Therefore I'm not a fan
>> of "/doh-servers-associated/" - I'd much rather see "/dns/doh/",
>> which would enable other (future) DNS-related functionality to have a
>> sub-folder within "/.well-known/dns/". If that's not a possibility,
>> what about "/.well-known/dns-doh/"?
> 
> +1
> 
> I find these suggested .well-known URLs clearer than "doh-servers-associated".

I'm generally against this idea for two reasons:

- No one will see this URL other than software developers and operators watching their logs. They will not be visible to users.

- Layered spaces under a .well-known/ are possible but I don't think they are well-understood.

> Maybe it would be good to have a single matching string used here and in 
> the .arpa DNS lookup.

I disagree with this for the same reasons as above.

>> Finally, I think the spec should contain examples of a 'proposed'
>> JSON response and of the format of a TXT RR. Without examples (even
>> where marked as "unofficial proposal"), it's much harder to read by
>> those who didn't write it.
> 
> 
> I was also looking for examples of the JSON response and the TXT RR record,
> when reading the I-D, so yes to examples in the text.

Fully agree. There will be an example in the next version of the draft.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email