Re: [Doh] [EXTERNAL] Re: Googles Experimental DoH Endpoint.

"Winfield, Alister" <Alister.Winfield@sky.uk> Fri, 17 May 2019 10:07 UTC

Return-Path: <Alister.Winfield@sky.uk>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 254D7120147 for <doh@ietfa.amsl.com>; Fri, 17 May 2019 03:07:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sky.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DgdpWcyHOjNT for <doh@ietfa.amsl.com>; Fri, 17 May 2019 03:07:20 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20085.outbound.protection.outlook.com [40.107.2.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00FD8120047 for <doh@ietf.org>; Fri, 17 May 2019 03:07:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky.uk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BxpXDl95blDKcpMvpye3nlE5HUYIrkzakPrRCS3LBt8=; b=eqUMNKObcqo5RfuvRl9p3AvZOVtxatwQbmmFmtack062r7uChlyLCAzo6LQT5JyabEPbTpiMozpDfJFvCUOsodGoQquZJJ2E2BynifUccIUprB9BmtTYJpVR/0ig4ZZFH/HUjetwihikanwj8/VhlyjQHUvJlArlVsbADBdjcR8=
Received: from DB6PR0601MB2184.eurprd06.prod.outlook.com (10.168.51.153) by DB6PR0601MB2215.eurprd06.prod.outlook.com (10.168.53.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.16; Fri, 17 May 2019 10:07:17 +0000
Received: from DB6PR0601MB2184.eurprd06.prod.outlook.com ([fe80::883b:b573:ea6d:2d54]) by DB6PR0601MB2184.eurprd06.prod.outlook.com ([fe80::883b:b573:ea6d:2d54%3]) with mapi id 15.20.1878.024; Fri, 17 May 2019 10:07:17 +0000
From: "Winfield, Alister" <Alister.Winfield@sky.uk>
To: Mark Nottingham <mnot@mnot.net>
CC: "doh@ietf.org" <doh@ietf.org>
Thread-Topic: [EXTERNAL] Re: [Doh] Googles Experimental DoH Endpoint.
Thread-Index: AQHVDCVQeEeedLcigU6Yk5iVYmPLhKZuVGwAgADUoIA=
Date: Fri, 17 May 2019 10:07:16 +0000
Message-ID: <758C0ED4-7136-4427-992B-038966DCDB94@sky.uk>
References: <BF0C7A3C-17F5-4BD0-AD7C-25922B085D23@sky.uk> <F59BCD3A-6F42-4626-95A4-4ECFF1DB6864@mnot.net>
In-Reply-To: <F59BCD3A-6F42-4626-95A4-4ECFF1DB6864@mnot.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Alister.Winfield@sky.uk;
x-originating-ip: [78.86.37.208]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f0d6c612-bf38-4e4c-d934-08d6daaf712d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:DB6PR0601MB2215;
x-ms-traffictypediagnostic: DB6PR0601MB2215:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <DB6PR0601MB22153A6F27E2265187065165E30B0@DB6PR0601MB2215.eurprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-forefront-prvs: 0040126723
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(39860400002)(396003)(136003)(346002)(376002)(189003)(199004)(86362001)(6916009)(83716004)(68736007)(4326008)(71190400001)(66066001)(91956017)(6116002)(66574012)(45080400002)(73956011)(82746002)(25786009)(102836004)(66946007)(72206003)(6512007)(966005)(6306002)(66556008)(66476007)(71200400001)(316002)(7736002)(76116006)(305945005)(58126008)(3846002)(64756008)(66446008)(33656002)(229853002)(446003)(476003)(76176011)(478600001)(81166006)(11346002)(81156014)(2616005)(53936002)(14444005)(5024004)(486006)(256004)(8676002)(5660300002)(2906002)(8936002)(6506007)(74482002)(186003)(6486002)(26005)(99286004)(36756003)(14454004)(6246003)(6436002)(53546011); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0601MB2215; H:DB6PR0601MB2184.eurprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
received-spf: None (protection.outlook.com: sky.uk does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: pKJpkkGUm4N5ab3VwvpVJ9B9rwQAi9PhCC7scB/zkcw54l5cznSzIWwaKD/yhLGc7ZI0HrBsglWQ/MB88FM3NIEG4ddoJQKo4TG1CBn1cqar5IhMbK1gnRC1PUmJMhpqdnkyZHKeLiU/+t0oiuczogssd1o86RN+K5rEJDdMuSjpE/Z2p8dQ5+TjGQQHp1c9KmHna4z7GKFAsNcLT3/AgXZTmoXJPWUvebRUMS7Q8K7xVdAeJn9aeoHS/VP7ENORz4VN3XlCs35XOwkcjwLd3QVkVo3Xeo7W96RUjPAFXLjfb+ygiPioFb0C+KV0ewj43tbi6ozHsGukRMCDQfq5piKDhBXRy8IeusCztGYC1evy0mrOlWc0nIEv6rDYNa2tq9L20TB0ngy2MnOOJLwcYLcBIrJskcgMvOiUM0nViu8=
Content-Type: text/plain; charset="utf-8"
Content-ID: <368F531E7F76814AB54A13B14ED7B2A6@eurprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sky.uk
X-MS-Exchange-CrossTenant-Network-Message-Id: f0d6c612-bf38-4e4c-d934-08d6daaf712d
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 May 2019 10:07:16.9033 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 68b865d5-cf18-4b2b-82a4-a4eddb9c5237
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0601MB2215
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/pxjBRfrCv8OjkNLvWPg7EDBkDEU>
Subject: Re: [Doh] [EXTERNAL] Re: Googles Experimental DoH Endpoint.
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2019 10:07:22 -0000

  > On 16/05/2019, 23:26, "Mark Nottingham" <mnot@mnot.net>; wrote:
  >
  >    So, you're effectively doing domain fronting here; i.e., routing to one server name with SNI, while using a different host header.
  >
  >    Firefox (for example) doesn't support doing this with its DoH implementation, AFAICT; you'd have to write a custom client (or
  >.   intermediary).


That may be true, but the change to allow it in a mainstream client will, in most cases, be trivial and malware writers really don't care.



    > On 16 May 2019, at 8:24 pm, Winfield, Alister <Alister.Winfield=40sky.uk@dmarc.ietf.org>; wrote:
    >
    > $ openssl s_client -connect search.google.com:443 -servername search.google.com
    > …
    > ---
    >
    > GET /experimental?dns=AAABAAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB HTTP/1.1
    > host: dns.google.com

    --
    Mark Nottingham   https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mnot.net%2F&amp;data=02%7C01%7CAlister.Winfield%40sky.uk%7C1d37fab671d04f769d0b08d6da4d8824%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C1%7C636936423881565755&amp;sdata=U1mbd%2FYW8GyL%2Bfyq%2BAjozT4se2vE0Si8GG5r%2F0LOj%2FU%3D&amp;reserved=0

    --------------------------------------------------------------------
    This email is from an external source. Please do not open attachments or click links from an unknown or suspicious origin. Phishing attempts can be reported by sending them to phishing@sky.uk as attachments. Thank you
    --------------------------------------------------------------------



Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD