Re: [Doh] New Privacy Considerations Section Proposal

Sara Dickinson <sara@sinodun.com> Thu, 21 June 2018 14:00 UTC

Return-Path: <sara@sinodun.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D0ED130E5A for <doh@ietfa.amsl.com>; Thu, 21 Jun 2018 07:00:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.198
X-Spam-Level:
X-Spam-Status: No, score=-4.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q7L-IGN6f5Dc for <doh@ietfa.amsl.com>; Thu, 21 Jun 2018 07:00:52 -0700 (PDT)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 752AD130DDD for <doh@ietf.org>; Thu, 21 Jun 2018 07:00:52 -0700 (PDT)
Received: from [2001:b98:204:102:fffa::409] (port=55602) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <sara@sinodun.com>) id 1fW08k-0007gs-AJ; Thu, 21 Jun 2018 15:00:50 +0100
From: Sara Dickinson <sara@sinodun.com>
Message-Id: <2E0A7A4D-C419-4833-94C2-A38C3CA836F1@sinodun.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_69123310-983F-4743-A18D-E3601D7D219D"
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Date: Thu, 21 Jun 2018 15:00:38 +0100
In-Reply-To: <CAOdDvNrV7ue7oG4QcuU4vcWH4XTQCm67QEb+XFavrgway3TQzw@mail.gmail.com>
Cc: Howard Chu <hyc@symas.com>, Ted Hardie <ted.ietf@gmail.com>, DoH WG <doh@ietf.org>, Adam Roach <adam@nostrum.com>
To: Patrick McManus <pmcmanus@mozilla.com>
References: <CAOdDvNpY4NpvSKW_D__jztDD_wkaRsJna9L+Br+hdnDnQ8w5SQ@mail.gmail.com> <CA+9kkMDt03Uv6UvtZw=mvo=+6dprGqUDMkC7Ef6bd=kb6vX_Fg@mail.gmail.com> <CAOdDvNrjZu-q63DUhNjf7fYjNux2ewv4DTZkGPvFRrGfBBJFMA@mail.gmail.com> <c67dc5cb-f6a5-4352-da59-71c4bb9ff98b@nostrum.com> <fc01b1ca-c0ca-88af-abf4-5fcfc1d954a3@symas.com> <CAOdDvNrV7ue7oG4QcuU4vcWH4XTQCm67QEb+XFavrgway3TQzw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.8.2)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/hfZrAru9G8sv68KXX1IWGI7GeRM>
Subject: Re: [Doh] New Privacy Considerations Section Proposal
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 14:00:57 -0000


> On 21 Jun 2018, at 13:57, Patrick McManus <pmcmanus@mozilla.com> wrote:
> 
> 
> 
> On Thu, Jun 21, 2018 at 7:22 AM, Howard Chu <hyc@symas.com <mailto:hyc@symas.com>> wrote:
> 
> I would expect this to be the common case - most of the time, clients' HTTP(s) traffic will be to a wide variety of web servers, but only a single DNS/DoH serve
> 
> I strongly disagree with the view point that DoH clients and servers are dedicated only to DoH. The granularity of DoH is a URI (configured via a template).
> 
> I understand that the use case of "use HTTPS's port and ALPN" to do something akin to DNS-over-TLS is the attractive use case for some.

To many members of this working group in fact. There are already 2 implementations in progress that fall into this category - Stubby using DoH as a system resolver and dnsdist as a DNS resolver that offers service over DoH. These are legitamate use cases and running code that should be recognised in this draft even though they differ from the browser centric view of:

>  But we're using HTTP and trying to align with the ecosystem. Its not a tunnel..

There are many that want to use DoH and align it with the DNS ecosystem where it might be akin to just a tunnel and yet still provide distinct benefits.

Sara.