Re: [Doh] New version: draft-ietf-doh-resolver-associated-doh-03.txt

"Ralf Weber" <> Mon, 25 March 2019 15:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B5C941203F4 for <>; Mon, 25 Mar 2019 08:05:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id P7JdpQ3WjcC4 for <>; Mon, 25 Mar 2019 08:05:52 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 47A561203C5 for <>; Mon, 25 Mar 2019 08:05:52 -0700 (PDT)
Received: by (Postfix, from userid 107) id B34F15F40907; Mon, 25 Mar 2019 16:05:50 +0100 (CET)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id B362D5F40458; Mon, 25 Mar 2019 16:05:49 +0100 (CET)
From: "Ralf Weber" <>
To: "Paul Hoffman" <>
Cc: "DoH WG" <>
Date: Mon, 25 Mar 2019 16:05:48 +0100
X-Mailer: MailMate (1.12.4r5594)
Message-ID: <>
In-Reply-To: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [Doh] New version: draft-ietf-doh-resolver-associated-doh-03.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 25 Mar 2019 15:05:55 -0000


On 24 Mar 2019, at 9:20, Paul Hoffman wrote:

> The diffs here are what I think have general agreement from the 
> discussion about this draft so far, but I may have missed things. 
> Comments are still quite welcome.
I have some questions after reading -03 (and skipping -02 ;-)
- The resolver IP addresses returned from DNS on section 4 are these 
Do53 server addresses or DoH server address or are they just the IP to 
start the process in section 2 (maybe 3)?
- On section 3 a non compliant current server will return NXDomain. What 
are we going to do with this answer (treat is as no DoH associated)?

> As for the late discussion of using the URI RRtype instead of TXT, I 
> would not know what to put in the "priority" and "weight" values. That 
> alone seems enough reason to leave this as a TXT record, but others 
> might disagree. It's not a lot of effort to change the text to the URI 
> RRtype, but I don't want to do so unless it is actually better than 
> TXT.
Another option could be a new RRType, given that it doesn’t have to be 
provisioned on auth servers it should not be that difficult to roll it 
out. We still could use the special name or just ask .

So long
Ralf Weber