Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-reid-doh-operator

Joe Abley <jabley@hopcount.ca> Fri, 22 March 2019 10:20 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FED1130DE7 for <doh@ietfa.amsl.com>; Fri, 22 Mar 2019 03:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ksu6b9y07UJ4 for <doh@ietfa.amsl.com>; Fri, 22 Mar 2019 03:20:33 -0700 (PDT)
Received: from mail-ot1-x341.google.com (mail-ot1-x341.google.com [IPv6:2607:f8b0:4864:20::341]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A43011277CE for <doh@ietf.org>; Fri, 22 Mar 2019 03:20:32 -0700 (PDT)
Received: by mail-ot1-x341.google.com with SMTP id 64so1440833otb.8 for <doh@ietf.org>; Fri, 22 Mar 2019 03:20:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=jVemUzsEzhgZBwmYNJSTetTq3fXcpvg+78JV2RDl1hg=; b=DGE3M60rjaqnHIhKw3/3mDk2lfw4iKaoKtOF0G7L5LKFz+5Q3XGthSp8pyIqwew4MG 9zrblYRw0T+O2PNO+iuV9SOEXQU6scK3FPXlwmovDvuB8rd84SihWB5LdWvNstTWatvV YexFJj8RqO00dd6kfERQnhKVNckZwh3Xxfgkc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=jVemUzsEzhgZBwmYNJSTetTq3fXcpvg+78JV2RDl1hg=; b=acbhZS3tHafcZtJP8oYrCZ2pEtcvPs9RFJpGAWATTlJt4yzenF+/kTolFcvp/mymYN QJH3bdqcFwbftTf7oABGgbtXX3QuYRd9vaPaoAa5U9t7CksZrJ5CLguJSUkOk/gcicGh hr1dqCYs/y1EJMKVM/d69UIc8/4WjZOzKsPI5bYUkpir3a89Zm4AUreNLnxnoQcqeW0S 9+Wluie3u2EwIW1kXT2oQvS9N0rB5EHM7fKKbtKVf4jOZkv5kQVTykc305oyPCAFGTNd S4k7CWmzjJeDOcg9/jQFyX4TBUwm0NM00gnvf3ghPpigDfJlnCtLSVFfAwV0+r9wXWXv S/VQ==
X-Gm-Message-State: APjAAAXwpDKVfIB6bH2H6JWQpiqw8EQ4VHD5lIM5Acq3O9wyBmqrZ1WX mJPSll8V/sk9vUfw2StPeRA7HA==
X-Google-Smtp-Source: APXvYqy4eRtVHcB41TcIZa9OAGvrEmObZhffgqLrzF10U6ZXlnxpi6EO28pzJCqcbI1mNrs6rgnk0w==
X-Received: by 2002:a9d:368:: with SMTP id 95mr6180459otv.49.1553250031909; Fri, 22 Mar 2019 03:20:31 -0700 (PDT)
Received: from [192.168.122.171] ([41.216.172.202]) by smtp.gmail.com with ESMTPSA id i17sm1849017otr.36.2019.03.22.03.20.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 22 Mar 2019 03:20:30 -0700 (PDT)
From: Joe Abley <jabley@hopcount.ca>
Message-Id: <D244A8A6-8E63-4A45-AEF5-CB7EA91AA67D@hopcount.ca>
Content-Type: multipart/signed; boundary="Apple-Mail=_4C4F30ED-A0ED-452C-A88F-57F9B131CA4C"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Fri, 22 Mar 2019 11:20:23 +0100
In-Reply-To: <32A78B0C-52B6-46E5-A46F-D63D21DEC52C@sky.uk>
Cc: "sthaug@nethelp.no" <sthaug@nethelp.no>, Eric Rescorla <ekr@rtfm.com>, "dnsop@ietf.org" <dnsop@ietf.org>, "doh@ietf.org" <doh@ietf.org>, "huitema@huitema.net" <huitema@huitema.net>, "vittorio.bertola=40open-xchange.com@dmarc.ietf.org" <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, "wjhns1@hardakers.net" <wjhns1@hardakers.net>
To: "Winfield, Alister" <Alister.Winfield=40sky.uk@dmarc.ietf.org>
References: <04C556AF-D3B3-41A5-B119-8FE5F81FB9A7@huitema.net> <1878722055.8877.1553241201213@appsuite.open-xchange.com> <CABcZeBPmpN-cEPK92QQW3bkvc41Cx5g7B_YuUXCJK3j1qF995Q@mail.gmail.com> <20190322.101434.307385973.sthaug@nethelp.no> <32A78B0C-52B6-46E5-A46F-D63D21DEC52C@sky.uk>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/di4UQP2GPOM9BEqInTAh7I6x23Q>
Subject: Re: [Doh] [DNSOP] [EXTERNAL] Re: New I-D: draft-reid-doh-operator
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 10:20:35 -0000

On 22 Mar 2019, at 11:15, Winfield, Alister <Alister.Winfield=40sky.uk@dmarc.ietf.org> wrote:

> Okay sorry perhaps I should put it differently...
> 
> Don't overplay the privacy provided by DoH it has no effect on the DNS provider so any hint of 'privacy' should be caveated by stating its only as private as the company and country in which that company is founded, and where it operates servers.

100% agree that any choice by a sophisticated user would be less than full-informed if the endpoint wasn't considered along with the transport between the user and that endpoint.


Joe