Re: [Doh] Seeking input on draft-03

Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 09 February 2018 09:24 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05A2A12422F for <doh@ietfa.amsl.com>; Fri, 9 Feb 2018 01:24:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S9snsGfteiEF for <doh@ietfa.amsl.com>; Fri, 9 Feb 2018 01:23:59 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D503D12420B for <doh@ietf.org>; Fri, 9 Feb 2018 01:23:58 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 378EABE4D; Fri, 9 Feb 2018 09:23:56 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5h9n2E65AjbT; Fri, 9 Feb 2018 09:23:54 +0000 (GMT)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 55E7CBE49; Fri, 9 Feb 2018 09:23:54 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1518168234; bh=vAKdT7mer22fn6W4AaESwSo6Xcytpd2DwGhAYXma7MM=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=M01zAhEd4ylSFmtpEIZGC6WiRwxTTt3RtKyljugKjVN9UPZEaHSCf92liaL90icAP dHlFLSL9Dn4auOJyfD+/6oSuO99OvY1H6lVxbpHVW1+adFMneO7RNUvYEREDXHnVQy FJEoda+kUXT/i9Ms6+/YBoCS4mI0Sdm6uFKNEwoc=
To: Patrick McManus <pmcmanus@mozilla.com>
Cc: Ben Schwartz <bemasc@google.com>, doh@ietf.org
References: <CAHbrMsDwWvtcZy8fpg9gs3o+gc_umi9okJW6rvv+s4T7K9-sVQ@mail.gmail.com> <5855fc09-0518-7fb0-56b6-07a8667cbf31@cs.tcd.ie> <CAOdDvNqS=cQe2a4bkKO2eGK9wih6gcwmQEhU8XHQcs+yk-W7ug@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <7f5075cc-60c3-adb1-54b1-dccb8ba13240@cs.tcd.ie>
Date: Fri, 9 Feb 2018 09:23:53 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CAOdDvNqS=cQe2a4bkKO2eGK9wih6gcwmQEhU8XHQcs+yk-W7ug@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3zP56FoX6pmdaVUyaUUZEUkvvhxW6joUp"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/uJvfBk8nhOcY48j-Ag14IaZZfIM>
Subject: Re: [Doh] Seeking input on draft-03
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2018 09:24:03 -0000

Thanks Patrick,

On 08/02/18 20:24, Patrick McManus wrote:
> WRT the removal of .wk:
> 
> * its previous presence had never been meant as a discovery mechanism of
> the form "I know a hostname, therefore I know the URL". origin is a
> security primitive for http, but its not an addressing primitive for http
> services such as a DoH endpoint.. indeed the DoH server might sensibly wish
> to offer multiple URIs on the same host (in the same way some free dns

Fair point.

> providers make a variety of resolution policies available with different IP
> addresses).  The configuration primitive for a DoH server is the URI - not
> origin.
> 
> * I had originally included .wk as a bit of future proofing for a use case
> not part of the DoH charter (not to enable it, but being sure not to
> preclude it at a later time). I have been convinced that .wk is not
> necessary for that - and so it was removed from the draft. I regret that
> these two things were confused by readers of <= -02 due to my own
> composition skills (or lack thereof).
> 
> As to Stephen's query - this was both discussed f2f in singapore and
> https://github.com/dohwg/draft-ietf-doh-dns-over-https/issues/24 . Of

I read that and it's overall convincing enough for me.

I do also wonder about the point raised there about doing surveys of
doh deployments - as one poster (willscott) said though, I'm not sure
if I think enabling that is a good thing or not. (The downside being
that censors discover deployments too.) I'd not argue that's reason
enough to retain well-known in the draft.

Cheers,
S.

> course there hasn't been consensus declared on the issue - the editors are
> just trying to make the newer drafts as closely aligned with the group's
> discussion as we can manage as part of the proces> -P
> 
> 
> On Thu, Feb 8, 2018 at 2:56 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>;
> wrote:
> 
>>
>>
>> On 08/02/18 18:05, Ben Schwartz wrote:
>>>
>>> One important difference is that draft-03 no longer proposes a
>>> ".well-known" entry.  In draft-02 and prior, clients could check for the
>>> presence of a DOH service at the default path, given only the domain name
>>> of a server.  In draft-03, there is no default path, so clients must be
>>> configured with the full URL of the DOH endpoint.
>>
>> Apologies if I'm forgetting a thread where this was discussed,
>> but what's the reason for dropping .well-known? (If there is a
>> thread, a pointer to that is a sufficient answer.)
>>
>> Thanks,
>> S.
>>
>> --
>> PGP key change time for me.
>> New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018.
>> NewWithOld sigs in keyservers.
>> Sorry if that mucks something up;-)
>>
>> _______________________________________________
>> Doh mailing list
>> Doh@ietf.org
>> https://www.ietf.org/mailman/listinfo/doh
>>
>>
> 

-- 
PGP key change time for me.
New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018.
NewWithOld sigs in keyservers.
Sorry if that mucks something up;-)