Re: [Doh] DOH and Induced DNS

Mark Nottingham <mnot@mnot.net> Mon, 06 November 2017 23:42 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 711E013FC96 for <doh@ietfa.amsl.com>; Mon, 6 Nov 2017 15:42:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=CJ0QD8XG; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=BRR5MdtK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fqfW_OUeutvg for <doh@ietfa.amsl.com>; Mon, 6 Nov 2017 15:42:51 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E14BA13F698 for <doh@ietf.org>; Mon, 6 Nov 2017 15:42:50 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 4701F20D21; Mon, 6 Nov 2017 18:42:50 -0500 (EST)
Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Mon, 06 Nov 2017 18:42:50 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=MbCyosn95C//h8VRKsZIAwBgmFdKo fQim941/O9XSJw=; b=CJ0QD8XGiBJzdII4ioRqeZQFhEgwCuqmu6335pVNp4IsL E+ua4LY1q2LUixTFHnlClISy+MAiBEY+BwfdDZZLYYncxyFD/38TjrCvVi/jkR2f z4TmCkzmqF4v6G7jpVfjTPHbUTAj4OKp9g+oQ8BiRpzTDRHcHDKhjwEm/MfR116W +LyYY8gpU0F+2w2M3Mf3fUFckLXrm1ZmRYbGWANNrRKlEUt3W/8JO6cHij5XLgih vx6FY9yL7CqTl+L3Sc4SXBk2+MR7lRvecs1pIebpvtudzym6Vecw9Ee/FLFVdgYg D8qR4DJTPI6Uqzoxwr3hOu2Ky1Gt4z/cR4vzyVVJA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=MbCyos n95C//h8VRKsZIAwBgmFdKofQim941/O9XSJw=; b=BRR5MdtKijDOhNCuql5tXZ FEy4CueKx97oEzD4W7RZBVkpDp15PauhnKtQfDq5jb3cPe5N6x+SYdtYwTVc+fdz qiGVMMw+PcMl6tJCDBybk2W7Hykxeu6Lh5KgIPVh7YNbS/QhzOpEeA2nHdOGq8UO ZjMlfExdcTsMXEUoILdQ1Z0uNhuQIOKhmWbeHatnLQlud1NFjHoy7n9h5LFFqUfJ BZw1sz0xDa8K14sK9wKsWVqauvzh3/GNnP3CW1IbUg1RDbkhcKRfLIBrT0aRa1WZ yyziSWddVRssWreqmOXRNz8ijDJtLIIBKHYz0mu9hywhqhOXG/SOJuWgCUdQO6Xg ==
X-ME-Sender: <xms:evMAWjuaFDMLTtFwyO0mkcK7l8ZJAc8pb2TUg3CZNusDZoSxH505zA>
Received: from [192.168.1.18] (cpe-124-188-19-231.hdbq1.win.bigpond.net.au [124.188.19.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 286BD7F8DC; Mon, 6 Nov 2017 18:42:48 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <73c2dac6-b3bb-c9f7-4710-e1c3750b50f8@nostrum.com>
Date: Tue, 7 Nov 2017 10:42:48 +1100
Cc: dagon <dagon@sudo.sh>, doh@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <24074F51-B167-42A4-83F0-29FCB750ACEB@mnot.net>
References: <20171106170750.GA24665@sudo.sh> <C93D011F-68D3-4B21-BB37-4ABF10488372@mnot.net> <73c2dac6-b3bb-c9f7-4710-e1c3750b50f8@nostrum.com>
To: Adam Roach <adam@nostrum.com>
X-Mailer: Apple Mail (2.3445.1.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/xi_vvlBcZIiBQ1yYtx9N-pTF4mc>
Subject: Re: [Doh] DOH and Induced DNS
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 23:42:52 -0000


> On 7 Nov 2017, at 10:39 am, Adam Roach <adam@nostrum.com> wrote:
> 
> If the notion here is to prevent JS-initiated queries, I'll point out that this is explicitly prohibited by the working group charter: "While access to DNS-over-HTTPS servers from JavaScript running in a typical web browser is not the primary use case for this work, precluding the ability to do so would require additional preventative design. The working group will not engage in such preventative design."

No, the intent is to allow a DOH server to distinguish between JS-initiated requests and "native" ones, making up its own mind what to do with that information.


--
Mark Nottingham   https://www.mnot.net/