Re: [Doh] [Ext] panel discussion on DoH/DoC

Paul Hoffman <paul.hoffman@icann.org> Thu, 07 February 2019 16:06 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8439B126D00 for <doh@ietfa.amsl.com>; Thu, 7 Feb 2019 08:06:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RiTsiXPjhsad for <doh@ietfa.amsl.com>; Thu, 7 Feb 2019 08:06:47 -0800 (PST)
Received: from out.west.pexch112.icann.org (out.west.pexch112.icann.org [64.78.40.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD91412008F for <doh@ietf.org>; Thu, 7 Feb 2019 08:06:47 -0800 (PST)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Thu, 7 Feb 2019 08:06:45 -0800
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1367.000; Thu, 7 Feb 2019 08:06:45 -0800
From: Paul Hoffman <paul.hoffman@icann.org>
To: Adam Roach <adam@nostrum.com>
CC: DoH WG <doh@ietf.org>
Thread-Topic: [Doh] [Ext] panel discussion on DoH/DoC
Thread-Index: AQHUvvxAEP+7HWaqMUqobPKZXoU3rqXVBmAA
Date: Thu, 7 Feb 2019 16:06:44 +0000
Message-ID: <7A52C280-F26A-4C2E-B77E-2A8C019151F3@icann.org>
References: <20190207105106.GB1772@server.ds9a.nl> <C7C3BAF7-4BD4-4EE2-B3F2-1F8B49222980@fugue.com> <20190207130313.7g7hf4swaopnr75e@nic.fr> <FD7BFAFF-88B9-49BF-A652-3649ADCD53F9@fugue.com> <7A2202F4-FAE9-4282-BC0B-8229A9A6E016@icann.org> <54d1803d-c0a1-1324-8c0c-41214d05eaa9@nostrum.com>
In-Reply-To: <54d1803d-c0a1-1324-8c0c-41214d05eaa9@nostrum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <20C3C242F5EC8B4E82AA99E3B5CE391E@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/e6eY9k5Fjseg67NtPl92BQ3h6Ac>
Subject: Re: [Doh] [Ext] panel discussion on DoH/DoC
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2019 16:06:50 -0000

On Feb 7, 2019, at 7:46 AM, Adam Roach <adam@nostrum.com> wrote:
> 
> On 2/7/19 9:36 AM, Paul Hoffman wrote:
>> 
>>> although not the use case that subsequently emerged, where browsers do it instead of using the local resolver.
>> A browser vendor (Mozilla) does use a cloud provider as their default DoH server. That browser vendor has not explained why.
> 
> 
> The claim that Firefox has a cloud provider as its default DoH server isn't wrong on its face, but the implication that Firefox uses DoH by default is.

Sorry, I certainly didn't mean to imply that. The dialog where you can turn on DoH is completely clear that it is off by default.

> The claim that Mozilla has not explained why, however, is flatly false. There's been a lot of electronic ink spilled on the topic; including, notably: https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/

We disagree that that article from six months ago explains why Cloudflare is still the default provider. 

--Paul Hoffman