IETF Logo Mail Archive

Re: [Doh] Talking to my resolver

Ben Schwartz <bemasc@google.com> Mon, 18 March 2019 15:28 UTC

Return-Path: <bemasc@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F7D4127968 for <doh@ietfa.amsl.com>; Mon, 18 Mar 2019 08:28:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.501
X-Spam-Level:
X-Spam-Status: No, score=-17.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DunZ6Q1INQfa for <doh@ietfa.amsl.com>; Mon, 18 Mar 2019 08:28:21 -0700 (PDT)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6603E1310FD for <doh@ietf.org>; Mon, 18 Mar 2019 08:28:17 -0700 (PDT)
Received: by mail-vs1-xe36.google.com with SMTP id z25so8401620vsk.8 for <doh@ietf.org>; Mon, 18 Mar 2019 08:28:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4Fe7dvM2gNtvgyaP+hDHIffD2ZpcysNQMV6XxnBU/ag=; b=JY29i2FLR2piCzXNCFOozlbedX5SEQkc5T+31y2/thnwCdSNekQsN6tlxHF1Z5hgnb gM25NyelRiHaW/lkWzjri/HIPs/MqrRjOqYzo5H/sg6YBJcdd25VcBzfM/kf8w7tZmUq CHyKf2Hr6D1qZRmCc3XNfP9I1BEiHfGVqXZu3x9fOkcTj2fYJDiyAwj9Z9OYK4fgcQJg iQGroIvcNa6tX4/1qHTZakVr7L9OrSFyqt40VZGFiHhwRJ/WMM5nXuquKCpSw/3XaNgB NDlQwFji/IJ9WUhagygapT7oYkyf6iSkz0gfPMVdb0BUvyXlcjRQF0K1Mttyv4DwCZyX ea3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4Fe7dvM2gNtvgyaP+hDHIffD2ZpcysNQMV6XxnBU/ag=; b=Pov7TdWv9Gm6QVKQtZFy1KeWZpsbzmaSfE6/+IwYdg62hBPUqxTHz2pxYrMJ2RDE15 X1DG3a2+rcs+mIsDaLXX3Ouk45IRth3r4tMZtCA3CckHtPV33ThOFwQl0En8ngl468Ya bYgqZ/Zu/IyOPXIU4Uo5pBMYsl8mgOe88JlavsfjCqiF9Npn985QB/sq/IFWUxefgWT8 oyaA2sh0QlrWkaF3bxgn1KKpAB2pnS3L+xOIhf4jovZoIbpOzmwb7qaQT8rAaize2/Zm bju7U/kQCBHDTYedTpFkEVj1t5WqmMvDvUKLRLQWmsjX8S7AUqxXuU+sbyIMAKbc7O1H Nb/Q==
X-Gm-Message-State: APjAAAWXwFF339j49CDGuZzeRC80OHcmQ0IzDV0mzDSxWy+ytQjgwA6T 5ikomnAVmp5BCSthlTSGpfxUXaSSx67EKpU/hfiQ7zMU0omhAA==
X-Google-Smtp-Source: APXvYqzT8ajj/Dczq4bNWYmHjgRn9Uhk3cWRqNTJhdv9VP5vLBg7d8pn9ddxojMDhIKoGgDlLq4VeK1MC9vTsrBSZEs=
X-Received: by 2002:a67:581:: with SMTP id 123mr4983060vsf.207.1552922895744; Mon, 18 Mar 2019 08:28:15 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbrMsCNyeabhk0sVexOHVedVkgG2dvV9T8wWL++om5juAUvEw@mail.gmail.com> <b3c252eb-f8de-42f7-bedd-ef23375b5325@www.fastmail.com>
In-Reply-To: <b3c252eb-f8de-42f7-bedd-ef23375b5325@www.fastmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Mon, 18 Mar 2019 11:28:04 -0400
Message-ID: <CAHbrMsAbYFvec_MotKo=3pPyJw626APLWYfbnbMCD+xm7SXwzg@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: DoH WG <doh@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000009f3a0a0584600963"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/wZ0jISjJqsZs1A-E8t0CYEyDu1A>
Subject: Re: [Doh] Talking to my resolver
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Mar 2019 15:28:24 -0000

On Sun, Mar 17, 2019 at 6:03 PM Martin Thomson <mt@lowentropy.net> wrote:

> I don't know if there is any hope of adding a general facility to DNS
> where a client could talk to the server about itself, rather than the data
> that it can provide.


As a chair, I agree with nusenu that this topic might be out of charter,
but if we decide that it is the best course of action then we can make
organizational changes as necessary.  We may also be able to find a
balance, by implementing a DoH-specific practice that seems likely to
generalize well.


> p.p.s., I really wish that DoT had decided to add some meta-information
> channel.  That solves a bunch of these issues.  I guess we can ALPN-up
> ourselves a v2 if we needed one.
>

Not as chair, here's a free, slightly unsettling idea: use the "h2" ALPN on
port 853 to negotiate a DoT-to-DoH upgrade during the TLS handshake.


> On Sat, Mar 16, 2019, at 00:13, Ben Schwartz wrote:
> > I'd like to thank the working group participants for the extensive
> > discussion of our most recent drafts. However, I would appreciate more
> > review of the Resolver-Associated DOH draft, which has the largest time
> > segment allocated for the upcoming meeting. This draft contains several
> > components that have been controversial in the past:
> >
> > 1. IP-address certificates
> > 2. A new .well-known endpoint
> > 3. JSON
> > 4. Recursive resolvers synthesizing responses as if they were
> > authoritative for certain names
> > 5. Machine-readable content in a TXT record
> >
> > Also, the draft does not enable the use of DoH if (1) an application
> > relies on POSIX-like DNS APIs to bootstrap AND (2) the resolver is only
> > reachable on a non-public IP address (e.g. RFC 1918). This is a side
> > effect of the requirement that the DoH server provide a valid
> > certificate for its name, chained to a root that is already trusted by
> > the client. This draft does not alter that requirement.
> >
> > If any of these technical elements are of concern to you, please
> > comment now, so that the meeting can be as productive as possible.
> >
> > --Ben
> > _______________________________________________
> > Doh mailing list
> > Doh@ietf.org
> > https://www.ietf.org/mailman/listinfo/doh
> >
> > Attachments:
> > * smime.p7s
>
> _______________________________________________
> Doh mailing list
> Doh@ietf.org
> https://www.ietf.org/mailman/listinfo/doh
>

v2.8.7 | Report a Bug | By Email