Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-reid-doh-operator

"Winfield, Alister" <> Fri, 15 March 2019 08:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6A7F61311EC; Fri, 15 Mar 2019 01:49:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2yoafV22cvy1; Fri, 15 Mar 2019 01:49:51 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 56F761311FD; Fri, 15 Mar 2019 01:49:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q2MK3cJYrYJcScS6SB5zPoJQJ/YMdvA5Dzqod+fWyTg=; b=MOMGMra0wei19MybfbOpIs/BgqkFN4e7Fz9XXIQL5aEO6zG8ApTXrt9pYipGu3zn+i0PzcwGF70OUDR6txlDpQVIkvSMkD5VoRMtdstaXHvlG99vr8Ytm3HxgSVTGCT/uHPIAGIHdql0o/ZFu4HPXFG69pEKBS9IyDO7tlB2K7o=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1709.14; Fri, 15 Mar 2019 08:49:48 +0000
Received: from ([fe80::ed97:fec5:56f0:586c]) by ([fe80::ed97:fec5:56f0:586c%7]) with mapi id 15.20.1709.011; Fri, 15 Mar 2019 08:49:48 +0000
From: "Winfield, Alister" <>
To: Paul Vixie <>, Ted Hardie <>
CC: dnsop <>, DoH WG <>
Thread-Topic: [EXTERNAL] Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator
Thread-Index: AQHU2RWz4x417yc18UCnZL38/f7OWaYMU8+AgAARlYA=
Date: Fri, 15 Mar 2019 08:49:48 +0000
Message-ID: <>
References: <> <1914607.BasjITR8KA@linux-9daj> <> <1900056.F7IrilhNgi@linux-9daj>
In-Reply-To: <1900056.F7IrilhNgi@linux-9daj>
Accept-Language: en-GB, en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
authentication-results: spf=none (sender IP is );
x-originating-ip: [2a02:c7d:e20a:2d00:fdf8:995:b7f8:f9bf]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3267adb5-266d-4f06-319f-08d6a9232e28
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:AM4PR0601MB2196;
x-ms-traffictypediagnostic: AM4PR0601MB2196:
x-microsoft-antispam-prvs: <>
x-forefront-prvs: 09778E995A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(396003)(376002)(39860400002)(346002)(199004)(189003)(83716004)(14444005)(71190400001)(71200400001)(110136005)(54906003)(58126008)(68736007)(305945005)(5660300002)(74482002)(93886005)(53936002)(6246003)(316002)(5024004)(7736002)(256004)(8676002)(82746002)(446003)(6486002)(99286004)(46003)(4326008)(6512007)(86362001)(476003)(72206003)(2616005)(11346002)(97736004)(486006)(102836004)(6436002)(229853002)(36756003)(105586002)(6116002)(14454004)(8936002)(33656002)(81166006)(2906002)(25786009)(186003)(6506007)(81156014)(478600001)(76176011)(106356001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0601MB2196;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: eqAEAhgmTlYPs/IGagekodGg51V6E/ff6m40HDUYXQNqI8rxFCmzbOzcgpaNIyVNKrFp2cXCqzv6i/bhKzVx9gEgAytcD6i+zxWufq3f9/O+ZVZJOICnW5p2+fllKxqEIYk6uPuMK95wiV4+veAvD5dKw3FOuvJQlLfu1egXzePfCtu89ZmQOYcE9CmgSvdCbr3NH35dyeomPH0BVZgNM+IDHlquXpjnMc4ptTuSKG0mf0Xr+SYIPC5/An99WSFxMwtDZy0Un+RyxdjZnq9Zm9k8x+ZU3JojpT1vag/80C1um3M124oJV2W09XQJWGq2iQH1LE90lYMv6aJqbIjRHxNWBTrtb2FRzSBCSmDJLOXt/XVpJ/LHRcnBx0H0r4eL+YpIJsFrfv3kpNZCL9mClZOTGVnoHYm82GWukjC3HLQ=
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 3267adb5-266d-4f06-319f-08d6a9232e28
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2019 08:49:48.1718 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0601MB2196
Archived-At: <>
Subject: Re: [Doh] [EXTERNAL] Re: [DNSOP] New I-D: draft-reid-doh-operator
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 15 Mar 2019 08:49:55 -0000

On 15/03/2019, 07:45, "Doh on behalf of Paul Vixie" < on behalf of> wrote:

    DoH's stated goals include "prevent on-path interference in DNS operations." i
    am an on-path interferer, and "i aim to misbehave"[1]. DoH is, in that sense,
    targeted at me. i think it was wrong to do so, not morally wrong, but wrong on
    its own terms, to falsely equate all on-path interferers. parental controls
    and corporate security are forms of on-path interference in DNS operations
    which have a valid and moral place in our digital society. DoH could have
    distinguished between edge network operators who interfere for reasons our
    users and their apps are either cooperative with or unwelcome entirely. they
    did not. they lumped us all together.

    I might also note that the outcome of blocking such 'interference' will likely increase the chance of successful data exfiltration by the 'unwelcome'. Thus in fact this "privacy" protocol may one day be shown to reduce overall privacy and security for the majority of users due to yet more data leaks.

Alister Winfield

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD