Re: [Doh] [Ext] Re: Use cases and URLs

Justin Henck <henck@google.com> Wed, 07 March 2018 22:49 UTC

Return-Path: <henck@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84B4712D886 for <doh@ietfa.amsl.com>; Wed, 7 Mar 2018 14:49:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.709
X-Spam-Level:
X-Spam-Status: No, score=-2.709 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yrVfoMh8zsXV for <doh@ietfa.amsl.com>; Wed, 7 Mar 2018 14:49:09 -0800 (PST)
Received: from mail-it0-x234.google.com (mail-it0-x234.google.com [IPv6:2607:f8b0:4001:c0b::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EC81127419 for <doh@ietf.org>; Wed, 7 Mar 2018 14:49:09 -0800 (PST)
Received: by mail-it0-x234.google.com with SMTP id u5so5519323itc.1 for <doh@ietf.org>; Wed, 07 Mar 2018 14:49:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ELDZcutipQtmhS06cEdVtOixasKqzB260cQHtJ7MdcI=; b=cNGBMRhd6T1uqOsOMra2ZAVzpPi23Wqp6rwhH3jbEZOJz01ca4HFd/7RRbOvVfTFfh v9mPRORjqQOEve3vuFS0wwJOfRaA1d1HqR4O7cSPfMe5r9CENvkongcU7BnaME8wP/Uv VRc31pWRAZR37xAO2HoIUzutPFXhcGRALRBL7+GkIDVC7Py5AcVfyUNlFAFx+Uwkczh5 YdzI2ySw3fMC2oE/DQxyktapD/VdkO6vWQ2uEYZD/IbaLV0RpU5E8TGxWj40Ub0LElaS oZ4LDj0XWPPXheJYSTXq6w8EXIkiTcgESskvUDZbKPMSi/uhAZcolMqq0kqxlrwUiodi JsKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ELDZcutipQtmhS06cEdVtOixasKqzB260cQHtJ7MdcI=; b=baUD1QeZ/FyYSf/evnFcZnn3yzdAtjLnbSkj3kJ9lipAh3EOU1HdW9KjKTt8peyVBk ryPRxytvwJM5NsscCDqTbRFchIGkLlYYiDwnckLPZEwQ8YXbWHbfLlKXqGs/sYtKcPy1 zEO493N7xAhJsQCzT83aBbb9N+HrGQ3v6BopmUPSdd5l4t+vxTc8IKeweMw5T0qUJcdC WsQzj5XyoVxltD+V6Ujgq5plJ189ceZzvh8EJo1GlqOfYDxYooBiEVvj2toAA+gmRAmE b7BGoDW3rq9UQ5DK7iSmgzgnWiz3rcNwA3YTH1JBPHAipUodtgoD/YZVxq4zPwVpALJW rEvA==
X-Gm-Message-State: AElRT7FBhF4STQ29fDXeGwOlQjCD96DbfK2oAE6zynApd2l/6Dfjo39E h+G91UW3vOu9DT6EajFWmdPye+BbOM6Ml+VDBuIueott+GI=
X-Google-Smtp-Source: AG47ELt6fpwfniFd5JfNDfnMjVLsESX4tNLOedTiZJ0A9lfcMmujVQaT7IB1cv6yHJF3GAKXrXqbx94oCznXdQbKP10=
X-Received: by 10.36.113.67 with SMTP id n64mr24829478itc.4.1520462948206; Wed, 07 Mar 2018 14:49:08 -0800 (PST)
MIME-Version: 1.0
References: <24DEFAAB-D2A3-45E5-8CEE-E2E4EA23B9C2@icann.org> <5bca3f4f-e40a-4afc-c71a-25ede395a065@nostrum.com> <497ECCA2-5453-40CC-8385-7FEBE1A3FB0D@icann.org> <08C4E0C7-4C4E-4F65-82A5-9266A029A61C@mnot.net> <79E77AB7-5A2E-4DC1-A2B6-F5B8AC066513@icann.org> <AC1A646D-606B-4D1C-A5B5-FCD8F0F5C02A@mnot.net>
In-Reply-To: <AC1A646D-606B-4D1C-A5B5-FCD8F0F5C02A@mnot.net>
From: Justin Henck <henck@google.com>
Date: Wed, 07 Mar 2018 22:48:57 +0000
Message-ID: <CAN-AkJtG2DMT2in8SA3W=iWvYSy1vt_xjDuCPyP0k1geY3gdcQ@mail.gmail.com>
To: mnot@mnot.net
Cc: paul.hoffman@icann.org, doh@ietf.org
Content-Type: multipart/alternative; boundary="001a114061d8ecb5380566da5db2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/k004Cm1WHtfwv_z3KVATXMp1r0Q>
Subject: Re: [Doh] [Ext] Re: Use cases and URLs
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 22:49:11 -0000

>
> Your suggestion uplevels that from 1 address to 1 hostname but the
> fundamental problem remains.


As I understand the proposal, the metadata in .well-known would be
optional?  If that's the case, is this any more objectionable than
www.BANK.com <http://www.bank.com/> being interpreted as
http://www.BANK.com/ <http://www.bank.com/>;, which is in turn redirected to
https://www.BANK.com/index.html <https://www.bank.com/index.html>?  It
seems to me we only gain potential use cases by having an optional
discovery endpoint, and lose nothing.

An additional use case might be DNS-over-TLS auto-upgrade if a potentially
hostile network blocks port 853.



Justin Henck
Product Manager
212-565-9811
google.com/jigsaw

PGP: EA8E 8C27 2D75 974D B357 482B 1039 9F2D 869A 117B


On Wed, Mar 7, 2018 at 5:46 PM Mark Nottingham <mnot@mnot.net>; wrote:

>
>
> > On 8 Mar 2018, at 8:30 am, Paul Hoffman <paul.hoffman@icann.org>; wrote:
> >
> > On Mar 7, 2018, at 1:41 AM, Mark Nottingham <mnot@mnot.net>; wrote:
> >>
> >> Is making it super-easy for non-technical end users to configure a new
> DNS server a feature or a bug?
> >
> > It has been considered a feature for as long as there has been an
> Internet. That is, every operating system allows users to do this in the
> operating system. Why should browsers be different?
> >
> > The question is parallel to "Is making it super-easy for non-technical
> end users to configure a new search engine a feature or a bug?". Some
> parties feel that it is a bug because users will pick a new, crappy search
> engine based on bad advice. Some parties feel that it is a feature because
> some search engines have better privacy policies than others, or have
> better ways of providing results, and so on.
>
> Sure, they're both attack vectors. I note that to configure a new search
> engine in most browsers, you need to type in what is effectively a URL
> template.
>
> Also, we don't make decisions based upon what people feel in the IETF --
> we decide based upon rough consensus and running code. Is there *any*
> implementer interest in what you're describing?
>
>
> --
> Mark Nottingham   https://www.mnot.net/
>
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh
>