Re: [Doh] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 29 January 2019 15:06 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8697012D84D for <doh@ietfa.amsl.com>; Tue, 29 Jan 2019 07:06:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G87cm_9u3Rgp for <doh@ietfa.amsl.com>; Tue, 29 Jan 2019 07:06:42 -0800 (PST)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65B03124C04 for <doh@ietf.org>; Tue, 29 Jan 2019 07:06:42 -0800 (PST)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id E6B5C2801AD; Tue, 29 Jan 2019 16:06:40 +0100 (CET)
Received: by mx4.nic.fr (Postfix, from userid 500) id E03D22802CE; Tue, 29 Jan 2019 16:06:40 +0100 (CET)
Received: from relay01.prive.nic.fr (relay01.prive.nic.fr [IPv6:2001:67c:2218:15::11]) by mx4.nic.fr (Postfix) with ESMTP id D81D42801AD; Tue, 29 Jan 2019 16:06:40 +0100 (CET)
Received: from b12.nic.fr (b12.tech.ipv6.nic.fr [IPv6:2001:67c:1348:7::86:133]) by relay01.prive.nic.fr (Postfix) with ESMTP id D496E642A7A1; Tue, 29 Jan 2019 16:06:40 +0100 (CET)
Received: by b12.nic.fr (Postfix, from userid 1000) id CD03C4021E; Tue, 29 Jan 2019 16:06:40 +0100 (CET)
Date: Tue, 29 Jan 2019 16:06:40 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
Cc: Daniel Stenberg <daniel@haxx.se>, DoH WG <doh@ietf.org>
Message-ID: <20190129150640.aybtqbnndcu5obrq@nic.fr>
References: <8999D6F3-600E-4F1A-903C-10F8CAA6E4F3@icann.org> <alpine.DEB.2.20.1901230812390.17402@tvnag.unkk.fr> <2112742428.56808.1548254385497@appsuite.open-xchange.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2112742428.56808.1548254385497@appsuite.open-xchange.com>
X-Operating-System: Debian GNU/Linux 9.6
X-Kernel: Linux 4.9.0-8-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20170113 (1.7.2)
X-Bogosity: No, tests=bogofilter, spamicity=0.219956, version=1.2.2
X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2019.1.29.145116
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/lP1iVjlmXJHCRdJ5hIzUDUagvBE>
Subject: Re: [Doh] Request for the DOH WG to adopt draft-hoffman-resolver-associated-doh
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jan 2019 15:06:44 -0000

On Wed, Jan 23, 2019 at 03:39:45PM +0100,
 Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote 
 a message of 22 lines which said:

> they only make one choice, they pick an *ISP* that they decide to
> trust. They pay to get "Internet access" from that company and
> expect that company to provide all it takes for "the Internet to
> work", including DNS resolution, without them having to do anything;
> this has been the default situation for the last 20 years at least.

This is not how the Internet works. 20 years ago, may be this was true
but, today, users "trust" (not an informed trust) a lot of
intermediaries. For instance, if they use Android, a lot of choices
are made by Google, not by the ISP.

Which means that changes like DoH could be carried by other actors
than the user or the ISP. If people buy CPEs with a pre-configured DoH
client, they could use DoH even without a specific concern for privacy.

> So it's fine if smarter users make changes to this default and pick
> a DNS provider different from their connectivity provider, and it's
> fine to empower them to do so, but it's not fine to break the way
> the Internet normally works for most people, which includes an
> automated and effortless mechanism to get the DNS resolution service
> from the ISP when connecting to the network.

I don't understand this objection. Nobody suggested to deprecate DHCP
and its DNS resolver option.