Re: [Doh] [EXTERNAL] Re: DoH

"Winfield, Alister" <> Thu, 28 March 2019 21:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6DC651203DE for <>; Thu, 28 Mar 2019 14:41:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GwnDa5Nuhof3 for <>; Thu, 28 Mar 2019 14:41:04 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 23D7C1204A0 for <>; Thu, 28 Mar 2019 14:41:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=okK6pyaMl1PvTCRGRcNiAHtKfiB27pKOePcofC2WQ8w=; b=bhYZPt3nalKyClLVBdhRdJdaofpKZL4wWEdfLz2/s65Tyh5CWWeGeRz0ZnaGPwuaYf4KN8rn7+SjHXc965J1fha3L17P2vIMdVT8bZmqD65zgNi1aAIrUtly6GG85nhsVDN/DflMDOaRko+BP5WOCnwTmqfwCwX9aHtkl6noFJY=
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.15; Thu, 28 Mar 2019 21:40:59 +0000
Received: from ([fe80::5cb7:e589:692e:7d93]) by ([fe80::5cb7:e589:692e:7d93%9]) with mapi id 15.20.1730.019; Thu, 28 Mar 2019 21:40:59 +0000
From: "Winfield, Alister" <>
To: Adam Roach <>, "" <>, "" <>, "" <>
CC: "" <>, "" <>
Thread-Topic: [EXTERNAL] Re: [Doh] DoH
Date: Thu, 28 Mar 2019 21:40:59 +0000
Message-ID: <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5eb65502-0e1f-4be5-c0d9-08d6b3c6112d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:DB6PR0601MB2661;
x-ms-traffictypediagnostic: DB6PR0601MB2661:
x-microsoft-antispam-prvs: <>
x-forefront-prvs: 0990C54589
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(346002)(396003)(136003)(376002)(39860400002)(189003)(199004)(81166006)(14454004)(6246003)(2201001)(25786009)(86362001)(72206003)(5660300002)(478600001)(8676002)(4326008)(93886005)(83716004)(81156014)(2501003)(33656002)(106356001)(105586002)(5024004)(74482002)(11346002)(71190400001)(68736007)(186003)(71200400001)(99286004)(58126008)(97736004)(7736002)(6512007)(476003)(14444005)(486006)(6116002)(3846002)(2906002)(53546011)(256004)(102836004)(6506007)(66574012)(2616005)(110136005)(6436002)(6306002)(446003)(8936002)(82746002)(53936002)(236005)(316002)(26005)(36756003)(66066001)(76176011)(229853002)(6486002)(54896002)(54906003); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0601MB2661;; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
received-spf: None ( does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 80HuTXtclY9VWLY63roGe3a8aUfN1/U1NiYzZX0YYzBo00BGgZQ1H0sIgd/EFWx8psDn81B1lRGYUxt5kKHdRWrcdhBFZQ2MUypyXgvEe6W4j9kQsaBUq0n206QSb322c4VqBCqk3paVxkF4gE5pQzGjRkkS32ap+6ZVIoCfOqHR3faBXFdK96ybSVh6Awiaa62uw3s4KHYHKQi11It93kDKYoPjHtn0oDsuprsZcrrSt9SISw87IWO71hBIYaDfOX3oA9/onoYhLjr/jh+fr0bJWKIYo0FD4P4Kj9l1DKHm/C79mMdU4CIUyJwlu6xTsNTHoWesWmt9uiyBMbxYtfZVvAulaQUmo/LxPYTHrJeT6zIH4fLPOABLWX+TtMuphy32OjFl0NaE7fleVew4erajxbZucxbg486rqJpL5iQ=
Content-Type: multipart/alternative; boundary="_000_9E29A232BA75478D96BF5D6164142BDDskyuk_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5eb65502-0e1f-4be5-c0d9-08d6b3c6112d
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2019 21:40:59.1130 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0601MB2661
Archived-At: <>
Subject: Re: [Doh] [EXTERNAL] Re: DoH
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Mar 2019 21:41:21 -0000

Top posting on purpose ….

I’ve tried to respond twice to this and I think third time I might get closer to my thinking…

The DoH solution (note not necessarily protocol) is missing at least two key elements which together would have reduced the immediate panic in the implementation. Not to say there aren’t other things that need work just the really problematic issues could be contained or deferred.

The current active work on discovery and somehow defining a trust and privacy mechanism surrounding TRR’s.

With trusted lists of TRR’s you’d then be able to use the output of a fundamentally insecure discovery method. If that ‘trust and privacy’ were to be selectable say by choice of provider. You get the option to allow the local network policy / or not. You can chose to allow trusted coffee shops but others may be not in your list because they do things that ‘you’ don’t like. Parents can chose to trust only those DNS providers that give strong parental controls. Whatever group you are in many things would be less controversial. Oh, it’s not easy but at least we wouldn’t be in the current position where it is almost certain that a sudden change will occur to a keystone of the Internet.

Worst case example is that given the billions of queries per second we are talking about here and the localisation of content delivery it impacts, many terrabytes per second of traffic could / would rapidly migrate to less-optimal CDN’s. The distribution of this might well break networks, sadly there is no research that can reliably work out the full impact. Small trials really don’t help because we already handle small percentages of non-local DNS use. It’s the unknown of what happens if 80% of the users in a single software update change to a non-local DNS provider (especially if it’s one that doesn’t forward granular enough EDNS client-subnet data because ‘privacy’).

I admit that last paragraph may be FUD, but in this case the risk to the stability of the Internet is potentially at stake so largest possible ‘we’ owe everyone a little time exposing the potential issues in detail with any mitigations if they exist. Preparing those who will be impacted for change and then somehow containing the initial  change so if it really does cause hard to contain issues we have a small enough problem its solvable in reasonable timeframes. Anyone who has done operations will tell you that big changes that happen fast are the nightmare you fight hardest to avoid.

One more thing I’ll repeat others warning.. beware unintended consequences this must not end in a fight between networks, or governments and DoH providers. If this goes wrong and corporates and other players decide this is a step too far because of the impacts we all know the outcome could be very messy and I for one would rather work to get a less painful and most likely less privacy impactful result.

NB: Don’t bite I do like the protocol and I agree that there are some that need it to exist.

Alister Winfield

From: Doh <> on behalf of Adam Roach <>
Date: Thursday, 28 March 2019 at 19:12
To: "" <>om>, "" <>eu>, "" <>
Cc: "" <>rg>, "" <>
Subject: [EXTERNAL] Re: [Doh] DoH

On 3/28/19 18:35,<> wrote:

  *   For the types of home networks you mention, which generally lack professional and dedicated network administrators, DoH does not inherently represent any significant change to the decade-old status quo resulting from publicly-available DNS.

I disagree, there is a fundamental change here.  If / when browsers enable DoH by default...

Yes, and this pertains to product decisions rather than the DoH protocol itself. I tried to make this point in the third paragraph of my response. I apologize if that point was insufficiently clear.
This email is from an external source. Please do not open attachments or click links from an unknown or suspicious origin. Phishing attempts can be reported by sending them to as attachments. Thank you

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD