Re: [Doh] A question of trust (was Re: Draft -09 and WGLC #2)

Mateusz Jończyk <> Wed, 30 May 2018 15:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9735112E046 for <>; Wed, 30 May 2018 08:59:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id W0XHN87YwDlW for <>; Wed, 30 May 2018 08:59:26 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8D35612E86E for <>; Wed, 30 May 2018 08:59:26 -0700 (PDT)
Received: (wp-smtpd 26602 invoked from network); 30 May 2018 17:59:22 +0200
Received: from (HELO []) ([]) (envelope-sender <>) by (WP-SMTPD) with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP for <>; 30 May 2018 17:59:22 +0200
To: Patrick McManus <>, DoH WG <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
From: =?UTF-8?Q?Mateusz_Jo=c5=84czyk?= <>
Openpgp: preference=signencrypt
Message-ID: <>
Date: Wed, 30 May 2018 17:59:06 +0200
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2uVL5Ovd9Ig77ze9cyisOHcGRhdQDgkvQ"
X-WP-MailID: b4f37ae718618bca9a5b4eda7479c94c
X-WP-AV: skaner antywirusowy Poczty o2
X-WP-SPAM: NO 0000000 [sXPk]
Archived-At: <>
Subject: Re: [Doh] A question of trust (was Re: Draft -09 and WGLC #2)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 May 2018 15:59:30 -0000


>+A DNS API client MUST NOT use a different URI simply because it was discovered
>+outside of the client's configuration, or because a DNS API server offers an
>+unsolicited response
>+that appears to be a valid answer to a DNS query.

The second part of this sentence is unclear to me. Some people may read it as
prohibiting all Server Pushed messages.
I would reword it as:
	... or simply because some web server offers an unsolicited response
	that appears to be a valid answer to a DNS query.

I think the previous wording in the "Security considerations" section was much
	A client MUST NOT use arbitrary DNS API servers.
	Instead, a client MUST only use DNS
	API servers specified using mechanisms such as explicit configuration.

It only required a rewording of the section "Selection of DNS API server" to
match it.


By the way, we should clarify the section "Server push". I propose it to read so:

	A DNS API client MUST ignore pushed DNS API requests (see {{RFC7540}}
	Section 8.2) whose pushed request URI is not one that the client
	would have directed the same query to if the client had initiated the

(which is a modification of the text proposed in
and suits the comments there).

Mateusz Jończyk

W dniu 30.05.2018 o 04:14, Patrick McManus pisze:
> I've proposed
> Mateusz, it also harmonizes with the security considerations a bit.