IETF Logo Mail Archive

Re: [Doh] [Ext] Re: Associating a DoH server with a resolver

Christopher Wood <christopherwood07@gmail.com> Thu, 25 October 2018 03:29 UTC

Return-Path: <christopherwood07@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4462312F18C for <doh@ietfa.amsl.com>; Wed, 24 Oct 2018 20:29:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zdeRsah-fvYr for <doh@ietfa.amsl.com>; Wed, 24 Oct 2018 20:29:33 -0700 (PDT)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9819F130934 for <doh@ietf.org>; Wed, 24 Oct 2018 20:29:33 -0700 (PDT)
Received: by mail-vs1-xe36.google.com with SMTP id c205so4589255vsd.3 for <doh@ietf.org>; Wed, 24 Oct 2018 20:29:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wi8azTjHJl4aG6KaXUaNQD1i2kFoPSP+1VSRGkno/9Q=; b=mz77tkjQhP4cdGGywr0tfE8iUVwddT4mR9otvfCX8498PczsMt3aVWuNN3ZPOcyqeZ afPz7LzP9CbyN8ild6kVUMX8kPzMoW0VS/mfJ3ILBudj14TdxtB7txJT15PyDu31RN+/ 6uDaZs8mArAYgGMaclvFzkcCbUMmsVwEHLS18J5kSn8MA9tM9L6qhAyk4V1toeaU1dqR MIDDzkmm/YDfPfdjntO0iqwGlw0/VD0vcKiLhqq0mZtnnCO/7W3v7Sx1Wl7IY4E8Kks2 PQQziE6ilj9wl1CRY6JOb0UKaYwmI41ZZrQ0Yg61EjyzL+KQc4OG+JAvV0pdWfj7Cn1a MdbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wi8azTjHJl4aG6KaXUaNQD1i2kFoPSP+1VSRGkno/9Q=; b=E1ZJAIw9pVsld79jh9k23MxjZP6BSF1CJHxVw14IlxZlIHBcw6HgCS+UAoaKBM/jg8 WsRwy3Yb+g/fxHG3eHEMu4XzBuSoej2N4tA3ipqvHNTiaPP8SVvvvh87HCcQW2TUx5Sy SqqVswVAwIjSPf6jNAaRTxiM4YdVoNyMKKHwmxq+uX8lFRwuJznYbLInrib7yKrKH3J9 e2N6Jn2EwxPZsc+8DV6tus+x8iqB5SKxhQQ1QPtkmF+IxFKSOisacHUlGV9W5rjBPQrc 9Kb8neQzBgkPt4BZpxquYTW1AaEBHHu6eJdmZkAqOjUwHb1s1o7VExYzgsr25uOx7HGR 4Chg==
X-Gm-Message-State: AGRZ1gI5Pm2DHWJzQGR2cOU12RIbnMSsZf7vQEFb7LDakssNgFdIRKpZ I30jGFwwKCkj7S3VK5GayU/FV2H4ebYG0VuCIlSkzg==
X-Google-Smtp-Source: AJdET5ef4SbRIRzLZsvtwtsbMIwJQoZhfQAVqwJYeyDGxGZfpQlYlYcpaQOFBN38MS6E5de7TgaUepcdiHYD+uDVeKw=
X-Received: by 2002:a67:941:: with SMTP id 62mr2348072vsj.203.1540438172311; Wed, 24 Oct 2018 20:29:32 -0700 (PDT)
MIME-Version: 1.0
References: <02C39DFD-9550-447D-B00E-702B441A88BE@icann.org> <CABkgnnV2YMtcdOyMfE2NMH4L1ZbK4dcp1KQt3FttCfz-nfQd6A@mail.gmail.com> <C82FBB08-8DAA-4C50-8934-576596C2532F@icann.org> <CABkgnnVgZBp7bqv9u9iBbZAojQqbYAGWG54Ta5JKq_ycvaux1g@mail.gmail.com> <CABcZeBNObxKQWkhD=jz8Z7CL7iVnEE-O_QF5DkADu=s1=ux_rQ@mail.gmail.com> <CF80F320-1E2F-4BB6-90F2-AE8426ACDC6A@icann.org> <CABcZeBMX9z27a3_zZ7PqkAZK6f=n6vx8XWQGmJ4nAdR5f+tQjA@mail.gmail.com> <7D43ECB0-BFDF-43B8-972C-41FF6CD07837@icann.org>
In-Reply-To: <7D43ECB0-BFDF-43B8-972C-41FF6CD07837@icann.org>
From: Christopher Wood <christopherwood07@gmail.com>
Date: Wed, 24 Oct 2018 20:29:18 -0700
Message-ID: <CAO8oSX=r0P67+mz1nFxA1hqsV_qD0sm7DRumRi4H-tHuwiZsrQ@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: Eric Rescorla <ekr@rtfm.com>, doh@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/buPnQO_iRJBAkjXeslD_2I3-d9Q>
Subject: Re: [Doh] [Ext] Re: Associating a DoH server with a resolver
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 03:29:35 -0000

On Wed, Oct 24, 2018 at 11:25 AM Paul Hoffman <paul.hoffman@icann.org> wrote:
>
> On Oct 24, 2018, at 11:16 AM, Eric Rescorla <ekr@rtfm.com> wrote:
>
>
> On Wed, Oct 24, 2018 at 9:11 AM Paul Hoffman <paul.hoffman@icann.org> wrote:
>>
>> On Oct 23, 2018, at 8:18 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>>
>> Several points here:
>>
>> 1. As a matter of aesthetics, I agree with Martin that domain names would be better.
>>
>>
>> If we can get non-address records back, I would prefer to go all the way to "here are the URI templates of the DoH servers". No need to cause another round-trip.
>>
>> 2. Martin sent a link to a method for resolving TXT records on Windows. MacOS has its own API: https://developer.apple.com/documentation/dnssd/1804747-dnsservicequeryrecord?language=objc [developer.apple.com].
>> So, this doesn't seem prohibitive to me.
>>
>>
>> I thought this only worked for DNSSD, not DNS. Does it work for both? Or is there a similar-flavored Mac call for DNS?
>
>
> I am reliably informed it works for ordinary DNS.
>
>
> Yay!

Chiming in to confirm this is accurate. :-)

Best,
Chris

>
> 4. There are other uses cases for which it might be nice to have real domain names, in which case the IP address cert thing is a pain.
>
> For these reasons, I think a domain name in TXT or the like would be better.
>
>
>> Do you see a use case for domain names other than "here's a way to get to a well-known URI on the resolver"? If so, we could add that as well as "here are the URI templates for the associated DoH server.
>
>
> I think templates would be fine.
>
>
> Sounds good. In the next draft I'll add back in the way of getting the templates directly in one DNS call for browsers that can do that, and will say that it SHOULD be used first.
>
> I'll let the various ADs decide where this document should end up, if anywhere.
>
> --Paul Hoffman
>
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh

v2.23.0 | Report a Bug | By Email