Re: [Doh] [Ext] Re: Use cases and URLs

Andrew Sullivan <ajs@anvilwalrusden.com> Wed, 07 March 2018 22:59 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C50112D88C for <doh@ietfa.amsl.com>; Wed, 7 Mar 2018 14:59:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=TNfOPu8S; dkim=pass (1024-bit key) header.d=yitter.info header.b=fyRWLTTd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xriMXjMJVANB for <doh@ietfa.amsl.com>; Wed, 7 Mar 2018 14:59:52 -0800 (PST)
Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1891612D86B for <doh@ietf.org>; Wed, 7 Mar 2018 14:59:52 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id 38EEBBE780 for <doh@ietf.org>; Wed, 7 Mar 2018 22:59:21 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1520463561; bh=AXYYeCSS3zByUPRZYtA7013Smqzrd4ISGTRKfo2AtZQ=; h=Date:From:To:Subject:References:In-Reply-To:From; b=TNfOPu8SXVtaimO4O2raiGf6dRqODaZQWVaDSNoxyVXLIAapg+QBczdNQFI8y1k8n 05PUxu+qrsuaO/1PQguJoFc9nqyg+dcUurlSgqem1ffj0ZuvitbVaIIWh/r1Fjyuuo FTUWMSDFnSsHPbZsMlktcG23uwEbFyN1WwoKLYoY=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UhLNOX40F1UC for <doh@ietf.org>; Wed, 7 Mar 2018 22:59:19 +0000 (UTC)
Date: Wed, 7 Mar 2018 17:59:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1520463559; bh=AXYYeCSS3zByUPRZYtA7013Smqzrd4ISGTRKfo2AtZQ=; h=Date:From:To:Subject:References:In-Reply-To:From; b=fyRWLTTdNh7Hz8X7iLegclNgYjJoyg7z/QxqkmkoEN5X/lphOaVvUdJk4an8QzYym igOzbtATbEPWt0fAnxF80uPYfSwMIQPgBUl7GGSrKEPgfHq6mI9aHaUSF9NOfAs1I8 1en9yOebGxkZSlefFYFqumatTaL9K4nlIlSMfZN0=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: doh@ietf.org
Message-ID: <20180307225916.mtedvpezetnctco2@mx4.yitter.info>
References: <24DEFAAB-D2A3-45E5-8CEE-E2E4EA23B9C2@icann.org> <5bca3f4f-e40a-4afc-c71a-25ede395a065@nostrum.com> <497ECCA2-5453-40CC-8385-7FEBE1A3FB0D@icann.org> <08C4E0C7-4C4E-4F65-82A5-9266A029A61C@mnot.net> <79E77AB7-5A2E-4DC1-A2B6-F5B8AC066513@icann.org> <AC1A646D-606B-4D1C-A5B5-FCD8F0F5C02A@mnot.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <AC1A646D-606B-4D1C-A5B5-FCD8F0F5C02A@mnot.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/uT4GfDylhVtVzwZG5DLPsx9KbN8>
Subject: Re: [Doh] [Ext] Re: Use cases and URLs
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 22:59:53 -0000

On Thu, Mar 08, 2018 at 09:46:19AM +1100, Mark Nottingham wrote:
> 
> Sure, they're both attack vectors. I note that to configure a new search engine in most browsers, you need to type in what is effectively a URL template.
> 

Well, maybe that's part of the care would be that I suggested in
another message.

> Also, we don't make decisions based upon what people feel in the IETF -- we decide based upon rough consensus and running code. Is there *any* implementer interest in what you're describing?
> 

If the IETF is standardising a feature that users can't get out of or
use in ways that suit them, then I would have to ask why we are
willing to touch it with a 93 1/2' pole.  That really would make us
the IVTF, and I'm not interested in such efforts.  I agree that there
is a serious attack vector in allowing users to configure doh, but
it's also an attack vector if only your vendor can control how it can
be used.  If _that's_ what we think we're building, then I at least
was fooled by the charter.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com