[Driu] Resolverless DNS Side Meeting in Montreal

Patrick McManus <pmcmanus@mozilla.com> Tue, 10 July 2018 02:49 UTC

Return-Path: <pmcmanus@mozilla.com>
X-Original-To: driu@ietfa.amsl.com
Delivered-To: driu@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id C89F71310EA; Mon, 9 Jul 2018 19:49:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id KfgTZYcMkAzA; Mon, 9 Jul 2018 19:49:26 -0700 (PDT)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id C47081310ED; Mon, 9 Jul 2018 19:49:26 -0700 (PDT)
Received: from mail-oi0-f52.google.com (mail-oi0-f52.google.com []) by linode64.ducksong.com (Postfix) with ESMTPSA id 12C9D3A050; Mon, 9 Jul 2018 22:49:26 -0400 (EDT)
Received: by mail-oi0-f52.google.com with SMTP id s198-v6so39781256oih.11; Mon, 09 Jul 2018 19:49:26 -0700 (PDT)
X-Gm-Message-State: APt69E2PXvlg6nvwDBpXKzTjDwTSUXUG7RfATuebEoj3vkoeWPjTvBSj Oq0QBsXOLls+aPF0ebOh18/SGd1pPPeQv5zPViw=
X-Google-Smtp-Source: AAOMgpffJRnEVtif8+cFsl4FKNUPJTA+LEwMl/QGr0LUV51oilorMcOyIo28iD/WwBekvMa9HXZF6rHRmAZdoRXM9qY=
X-Received: by 2002:aca:e80c:: with SMTP id f12-v6mr27287137oih.38.1531190965716; Mon, 09 Jul 2018 19:49:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4a:8a22:0:0:0:0:0 with HTTP; Mon, 9 Jul 2018 19:49:25 -0700 (PDT)
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Mon, 09 Jul 2018 22:49:25 -0400
X-Gmail-Original-Message-ID: <CAOdDvNp0S5-aEzy4ziqVvL1Kd+V79nD49_Zuo1dLoThXYP7nFg@mail.gmail.com>
Message-ID: <CAOdDvNp0S5-aEzy4ziqVvL1Kd+V79nD49_Zuo1dLoThXYP7nFg@mail.gmail.com>
To: Ben Schwartz <bemasc@google.com>, Daniel Kahn Gillmor <dkg@aclu.org>, DoH WG <doh@ietf.org>, driu@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000984e2405709c2d48"
Archived-At: <https://mailarchive.ietf.org/arch/msg/driu/QT1s6MTDZaGwHZGdBby5jvMlkos>
Subject: [Driu] Resolverless DNS Side Meeting in Montreal
X-BeenThere: driu@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "DNS Resolver Identification and Use \(DRIU\)." <driu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/driu>, <mailto:driu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/driu/>
List-Post: <mailto:driu@ietf.org>
List-Help: <mailto:driu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/driu>, <mailto:driu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 02:49:29 -0000

Hi All,

I am organizing an ad-hoc Side Meeting regarding 'Resolverless DNS' in

We have often talked about the benefits and concerns of DNS information
obtained from sources that are, shall we say, less globally trusted than a
recursive a resolver. The central use case is DoH when pushed from an
endpoint that isn't a recursive resolver but there have been other

For example www.example.com pushes you a AAAA record for img1.example.com.
Should you use it? What if it is for img1.img-example.com ? Do the
relationship between these domains matter? What kind of relationship (i.e.
it could be a domain relationship, or in the context of a browser it might
be a first-party tab like relationship, etc..)? What are the implications
of poison? Trackers? Privacy of requests never made? Speed? Competitive
shenanigans or DoS attacks?

This was out of scope for DoH.

*We'll do the meeting over 1 hour in the Dorchester room from 16:30 to
17:30 on Monday July 16th.*

This is a meeting of interested folks looking to see if we can agree on
next steps - we're not going to work out the details (nor should a side
meeting try and do so). so we'll have a tight agenda that I suggest
organizaing as follows:

1] What forms of transport could be in scope? HTTP/2 push is one such
vector, but I've heard others. Spray paint for example.

2] What needs to be considered when using such data? (signatures? scope?

3] Who are the stakeholders for 1 + 2?

4] Is there enough interest to explore further? Next steps as output

I hope you can come!