Re: [Doh] New: draft-livingood-doh-implementation-risks-issues

Eliot Lear <> Sun, 10 March 2019 11:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2336B124D68 for <>; Sun, 10 Mar 2019 04:32:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dYSqmi0ZeVZp for <>; Sun, 10 Mar 2019 04:32:47 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E8D711200ED for <>; Sun, 10 Mar 2019 04:32:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=4149; q=dns/txt; s=iport; t=1552217567; x=1553427167; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=CxXjpUikNiS3JVMp2fncAdGnLO0se0Bo7Q06SyQrh7o=; b=FynXBtslMDS9jWQVOLrb0jRK28M+wza+AWZ4Xn9tgriiSUjxFTM9zOHg KyNouI/YVwO2YONYGdoUKaz+Odm79BCELDZSxy0qYsiiGhRL2Ue0n6KLJ e2rivCa0Ji5bDPZkBDmRzZ40UGG52wZyCiPLsnVXik2qTkQvDoHR8WB0c U=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A9AABh9YRc/xbLJq1jGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBZYNIIRKEMIh5jDeSWIduCAMBAYRsAoRXOBIBAQMBAQc?= =?us-ascii?q?BAwJtKIVLBiNPBxALBD4CAlcGgzUBgXWuS4EvhUWEUA+BL4FJiXuBf4E4DBO?= =?us-ascii?q?CTIRagzExgiYDkTySZQmEWY4zGYsCiDiaUYJuAgQGBQIVgV4hgVYzGggbFWU?= =?us-ascii?q?BgkI9kA4+A45ogk0BAQ?=
X-IronPort-AV: E=Sophos;i="5.58,464,1544486400"; d="asc'?scan'208,217";a="10653213"
Received: from (HELO ([]) by with ESMTP/TLS/DHE-RSA-SEED-SHA; 10 Mar 2019 11:32:44 +0000
Received: from [] ([]) by (8.15.2/8.15.2) with ESMTPS id x2ABWhSC023115 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 10 Mar 2019 11:32:44 GMT
From: Eliot Lear <>
Message-Id: <>
Content-Type: multipart/signed; boundary="Apple-Mail=_229251FD-6891-4084-BC74-8C5EC8D04B2F"; protocol="application/pgp-signature"; micalg=pgp-sha256
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Sun, 10 Mar 2019 12:32:42 +0100
In-Reply-To: <>
Cc: "Livingood, Jason" <>, DoH WG <>
To: Stephen Farrell <>
References: <> <>
X-Mailer: Apple Mail (2.3445.102.3)
X-Outbound-SMTP-Client:, []
Archived-At: <>
Subject: Re: [Doh] New: draft-livingood-doh-implementation-risks-issues
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 10 Mar 2019 11:32:49 -0000

Hi Stephen,

I think this is a great discussion to have.  Both drafts are provocative and, at least to me, important.  I don’t agree with everything in them, but I especially like how draft-livingood is organised, because one can essentially break out each paragraph into its own exploration to determine if one agrees or not, both in terms of issues raised and recommendations.

Is this a DoH thing?  I guess that boils down to whether the IETF views its standards as enabling technology.  In as much as we do, then we should discuss the ramifications of our decisions, especially if someone sees architectural risks.  Two examples of how this broadens out:
Centralization/concentration isn’t limited to DoH but DoH could well act as a catalyst.  it depends if the mechanism is benefiting from non-preexisting relationships.
Trust and accountability, as relates to a service. This is a whopper of a topic, but clearly worthy of exploration.  Anyone who thinks this is a simple topic is fooling themselves.
I’d be up for a side meeting on all of this in Prague if others are interested.