Re: [Doh] panel discussion on DoH/DoC

Jim Reid <jim@rfc1035.com> Mon, 11 February 2019 17:30 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A05AD1310A8 for <doh@ietfa.amsl.com>; Mon, 11 Feb 2019 09:30:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErzjdQO2POFH for <doh@ietfa.amsl.com>; Mon, 11 Feb 2019 09:30:05 -0800 (PST)
Received: from shaun.rfc1035.com (shaun.rfc1035.com [93.186.33.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C862A1310A0 for <doh@ietf.org>; Mon, 11 Feb 2019 09:30:04 -0800 (PST)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 1D815242109D; Mon, 11 Feb 2019 17:30:02 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <CABcZeBN-b+=whs4WjcAE=dg0ie+txjdu8mnjwmPLiTaeNOGgSg@mail.gmail.com>
Date: Mon, 11 Feb 2019 17:30:01 +0000
Cc: DoH WG <doh@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <781D20D5-D130-4B50-B7A9-317C0660FF12@rfc1035.com>
References: <20190207105106.GB1772@server.ds9a.nl> <C7C3BAF7-4BD4-4EE2-B3F2-1F8B49222980@fugue.com> <20190207130313.7g7hf4swaopnr75e@nic.fr> <FD7BFAFF-88B9-49BF-A652-3649ADCD53F9@fugue.com> <637C85D5-EACC-4C39-A220-753AC83FD78A@rfc1035.com> <35CBC108-69C9-4EB9-AACE-EEB39F802456@fugue.com> <1503183837.15474.1549549260349@appsuite.open-xchange.com> <97216205-8415-42F6-BF24-5FFB589FC887@rfc1035.com> <CABtrr-UfwtgmO80A9en0-4tyPKqRRdvwR3BVEQQv+ykrNt-=mg@mail.gmail.com> <f9a06c5d-7af2-46b1-5929-490c22c602bb@time-travellers.org> <CABtrr-WNfQ16FQWmtZFUoCDc1R3rua8zw8FCAr2JBNx4cLyaAA@mail.gmail.com> <1549842687.561412.1655109464.1F2DA0B4@webmail.messagingengine.com> <168d9e46ec8.278b.55b9c0b96417b0a70c4dcaded0d2e1c6@anvilwalrusden.com> <CABcZeBOXevwJne3uY0kMFk0b_w0Hx0e9qsHmBK61JdPd2hruBw@mail.gmail.com> <d122cbe2-3ea4-71cb-b4fb-9f90c7aef7d6@cs.tcd.ie> <CABcZeBN-b+=whs4WjcAE=dg0ie+txjdu8mnjwmPLiTaeNOGgSg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/g0DLPDZSd-mu0NMal6L0zGHpyPU>
Subject: Re: [Doh] panel discussion on DoH/DoC
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Feb 2019 17:30:07 -0000

On 11 Feb 2019, at 17:18, Eric Rescorla <ekr@rtfm.com> wrote:
> 
>> On Mon, Feb 11, 2019 at 3:40 AM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>> 
>> I agree that picking one like that is no worse and likely better than
>> round robin or similar, when considering how the DoH servers can affect
>> the browser user's privacy in "normal" scenarios. I'd guess that the
>> censorship scenario might call for something else though, esp if the
>> selected DoH server becomes unresponsive. Be interested if you've
>> thoughts on that. (Not sure myself what browser behaviours might be
>> best in such failure cases.)
> 
> Well, as I said, we haven't really sorted this out. But it's also kind of out of scope for this WG.

Hmmm. Wouldn't the WG’s charter commitments on privacy and security apply to this topic?

Picking your favourite DoH service/server would probably be out of scope for the WG. However I think the privacy and security considerations that should be part of that selection decision would be in scope for the WG.