Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

Paul Vixie <> Sun, 07 April 2019 19:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AF20812036F; Sun, 7 Apr 2019 12:16:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id uDdlJWSzNE0y; Sun, 7 Apr 2019 12:16:21 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0AFB7120340; Sun, 7 Apr 2019 12:16:21 -0700 (PDT)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 1053E892C6; Sun, 7 Apr 2019 19:16:17 +0000 (UTC)
To: william manning <>
Cc: nalini elkins <>, Stephen Farrell <>,, dnsop <>, Christian Huitema <>,, Vittorio Bertola <>, "Ackermann, Michael" <>
References: <> <> <> <> <> <>
From: Paul Vixie <>
Message-ID: <>
Date: Sun, 7 Apr 2019 12:16:17 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/6.1.13
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 07 Apr 2019 19:16:23 -0000

william manning wrote on 2019-04-05 09:43:
> Every now and then, Paul Vixie and I are in complete harmony.  

i am in no way concerned about that.

> In my 
> current slot, we are one of thousands of entities that are being held 
> accountable to a series of regulatory requirements that have significant 
> fiscal impacts on the exfiltration of private/patient data.  We are 
> starting to focus on three distinct areas to reduce the impact that DOH 
> presents to our security posture.  ...

sadly, there are some here, and many elsewhere, who consider that you 
already had that burden, because the opacity of HTTPS especially with 
TLS 1.3 and encrypted SNI, means that the exfiltration risk preexisted, 
and was not made worse by DOH.

those considerations are naive and incorrect. however, it's necessary to 
explicitly re-dismiss them every time you mention the imposed costs of 
DOH. it is the _standardization_ aspect of DOH, and the possibility of 
encountering it inside HTTPS TCP IP DST addresses that did not offer it 
pre-standardization, that imposes the _new_ exfiltration and other risks.

> This genie has not signed BAA or supplier agreement with us and we will 
> not allow it to dictate our business processes or affect our liability 
> without the DOH enabler shouldering fiscal and legal exposure when DOH 
> is shown to be the culprit in exposure of private data.  I can't see how 
> DOH is going to pass GDRP muster inside the EU either, but that is for 
> others to debate.  I have told my GDRP affected counterparts about the 
> privacy risks with DOH deployment.

i hear your pain.

P Vixie