IETF Logo Mail Archive

Re: [Doh] [Ext] draft-ietf-doh-resolver-associated-doh-02 comments

"Martin Thomson" <mt@lowentropy.net> Wed, 20 March 2019 04:35 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC23D1279A9 for <doh@ietfa.amsl.com>; Tue, 19 Mar 2019 21:35:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=GcmDbHNs; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=P2qRgdQY
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCKshll2_gtn for <doh@ietfa.amsl.com>; Tue, 19 Mar 2019 21:35:11 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53512127990 for <doh@ietf.org>; Tue, 19 Mar 2019 21:35:11 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 74D0035E5 for <doh@ietf.org>; Wed, 20 Mar 2019 00:35:10 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Wed, 20 Mar 2019 00:35:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=j561+y+i9nQnjHDhQqj3W+FAl5Io7td sXN621ZiGg3o=; b=GcmDbHNsnNX7UK9OCC4DOUHuf3c0ZkYOPBQKCASFSRV+PRi JFWBb41kd9YSsPB6QJfpYinFHTik8GuLA7ILfz0tHvnz1LGctkTmpE16pCLaGi2O FsSnl9qEY8BpMGE9NJXoYlP8h8SDsi+OE/TjFJ1DCVSDKdaJ+zcc9HR2M2a0gi2t Pbpo9OgKJKUMoQiNNsMOrrjTs6u+V2tU5Mpi9Yju3QMCG/Rx271HNgXyvAUwVSSZ vbTySFUHTValT9s+xomV4oKB2NLtIsfQNm9UZQ4y4rEbchJTRWFwC4nt2jHv56in 3W71vVTukERYwjpJG6GkiHtgLESGt2LHSq4lT7A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=j561+y +i9nQnjHDhQqj3W+FAl5Io7tdsXN621ZiGg3o=; b=P2qRgdQYnCFIRwhO7Kthr8 EVYBpRvQ7C9leVwfNdLbMUaQosjB6daHo/RVoYFFj5Fpcp6dFBWXs6UFxPDwLCmS wkrm1W67TS+O0DgXXBE7mPkFpEvhbjh1aG8ua9e3YzspFkwRh+PghpcPIAyUM9uY KjmQ9E/Ymmy+A0lv4NTGnFK2s2dHWHvXrUk2OAAQZCaXmuW+4+eX2IIoV4Rh6T1Z pGFQ4BLD+D4s3mF2/ZrUsAH6Ofk14Njr5RZg12YQLK3CxodUhsiWqPvAAc3tvHf8 DmK5UC1r28b9V4tgKl+lhvTOnvLNufcO7bgRSSoBLUjp8XcTDmrk3CdToKndBkdw ==
X-ME-Sender: <xms:_cKRXP_yubSdfP9eiGscHU9hmVYHgJ-6TP9eskIfbRUr_Cmlr4DOeg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrieehgdejgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgesthdtre dtreertdenucfhrhhomhepfdforghrthhinhcuvfhhohhmshhonhdfuceomhhtsehlohif vghnthhrohhphidrnhgvtheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofi gvnhhtrhhophihrdhnvghtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:_cKRXHyjpiolDd5g1Wtq8PuVPQPHfcUrfbxVLo-3bj2pupmXb7uunw> <xmx:_cKRXGYKwkuBDx1rA-UpHeqYjjxUV5N6vVtSbR7lVn2qx7clOx9rRA> <xmx:_cKRXDrolWQNTBnmHf1twUFFs0ogLx24mSdDbFHAk2vIuUpnJRAfUA> <xmx:_sKRXEromCsoCgT4BrGfDfPxB40_CjiIPNaPl3B22RxOr6C-H5UaQQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 7D20E7C299; Wed, 20 Mar 2019 00:35:09 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-976-g376b1f3-fmstable-20190314v3
Mime-Version: 1.0
X-Me-Personality: 92534000
Message-Id: <2862180c-c5cb-4b8b-9f18-6468dab1d623@www.fastmail.com>
In-Reply-To: <E83A0D72-01E0-4C35-9100-C745908A4340@icann.org>
References: <6980a503-bbe2-ffa1-351e-0d2005221bf2@cs.tcd.ie> <E83A0D72-01E0-4C35-9100-C745908A4340@icann.org>
Date: Wed, 20 Mar 2019 00:35:07 -0400
From: "Martin Thomson" <mt@lowentropy.net>
To: doh@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/kSAUYK2ebZHdqWzyaQdBwk10MmM>
Subject: Re: [Doh] [Ext] draft-ietf-doh-resolver-associated-doh-02 comments
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2019 04:35:13 -0000

On Wed, Mar 20, 2019, at 12:03, Paul Hoffman wrote:
> This is an interesting question. It assumes that the application has no 
> DNS resolver when the HTTPS query is sent, and that getting the 
> associated DoH server is a prerequisite to sending DNS (in this case, 
> to locate the OCSP server).
> 
> That was certainly not the intention, given that the application can 
> send DNS queries for the other protocols described. I'll add a note to 
> that effect in the next draft.

I would be unhappy with that. Our implementation can currently operate without another source of name resolution. Given that the mechanisms we are talking about are just best practice, why not just recommend that resolvers follow them? I would not mandate anything, but explaining the consequences of diverging from best practice has its own normative impetus.

v2.8.7 | Report a Bug | By Email