Re: [Driu] Resolverless DNS Side Meeting in Montreal

Patrick McManus <> Sat, 28 July 2018 16:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7A48313112F; Sat, 28 Jul 2018 09:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1LHR9oc1sEUa; Sat, 28 Jul 2018 09:32:06 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id C8006131058; Sat, 28 Jul 2018 09:32:05 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTPSA id 3E0353A01E; Sat, 28 Jul 2018 12:32:04 -0400 (EDT)
Received: by with SMTP id 13-v6so14401967ois.1; Sat, 28 Jul 2018 09:32:04 -0700 (PDT)
X-Gm-Message-State: AOUpUlEgs9tLYUFMInrRu5Ed1/r6qRSyB9pQWcfS2V6E6xBmqwyb/Ddh h/hGbAcvoEI/gIA442lIIaxCH5f9LC0tBR7Wkhk=
X-Google-Smtp-Source: AAOMgpe3GfMsU8IPLMBVMGcTYzO5YR2A132mu6+fScl/bN/My52Qoncd98FN47XywI0p+XDbx93EUAyTeO21dD3DrRA=
X-Received: by 2002:aca:31c6:: with SMTP id x189-v6mr11878333oix.213.1532795523956; Sat, 28 Jul 2018 09:32:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4a:8a22:0:0:0:0:0 with HTTP; Sat, 28 Jul 2018 09:32:02 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Patrick McManus <>
Date: Sat, 28 Jul 2018 12:32:02 -0400
X-Gmail-Original-Message-ID: <>
Message-ID: <>
To: Patrick McManus <>, DNS Privacy Working Group <>
Cc: Ben Schwartz <>, Daniel Kahn Gillmor <>, DoH WG <>,, HTTP Working Group <>, dnsop <>
Content-Type: multipart/mixed; boundary="000000000000b82213057211c474"
Archived-At: <>
Subject: Re: [Driu] Resolverless DNS Side Meeting in Montreal
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "DNS Resolver Identification and Use \(DRIU\)." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 28 Jul 2018 16:32:16 -0000

 Hi All -

This is a wrap-up email for the Resolverless DNS meeting held on July 16 in
Montreal. We had, by my rough count, about 50 people and two sets of
minutes are attached. If you attended, contributed, or took minutes (Thanks
Shane and Ben!) thank you - it was, imo, a productive, professional, and
even pretty focused discussion.

We identified a next step: using an AD sponsored list (See Below!),
identify one minimal context or use case that provides value for using DNS
information without direct recursive resolver contact, and enumerate the
concerns and potential mitigations for those concerns. If we can focus on
that and make some progress then we might have a proposal for a future BoF
- if we cannot make progress then that is also telling.

Adam and Warren have setup a list for us to use. I apologize to the various
working group's cc'd on this so far (and thank them for their indulgence) -
future communications should move to the new list.

New List Info


On Mon, Jul 9, 2018 at 10:49 PM, Patrick McManus <>

> Hi All,
> I am organizing an ad-hoc Side Meeting regarding 'Resolverless DNS' in
> Montreal.
> We have often talked about the benefits and concerns of DNS information
> obtained from sources that are, shall we say, less globally trusted than a
> recursive a resolver. The central use case is DoH when pushed from an
> endpoint that isn't a recursive resolver but there have been other
> proposals.
> For example pushes you a AAAA record for
> Should you use it? What if it is for ? Do the
> relationship between these domains matter? What kind of relationship (i.e.
> it could be a domain relationship, or in the context of a browser it might
> be a first-party tab like relationship, etc..)? What are the implications
> of poison? Trackers? Privacy of requests never made? Speed? Competitive
> shenanigans or DoS attacks?
> This was out of scope for DoH.
> *We'll do the meeting over 1 hour in the Dorchester room from 16:30 to
> 17:30 on Monday July 16th.*
> This is a meeting of interested folks looking to see if we can agree on
> next steps - we're not going to work out the details (nor should a side
> meeting try and do so). so we'll have a tight agenda that I suggest
> organizaing as follows:
> 1] What forms of transport could be in scope? HTTP/2 push is one such
> vector, but I've heard others. Spray paint for example.
> 2] What needs to be considered when using such data? (signatures? scope?
> etc?)
> 3] Who are the stakeholders for 1 + 2?
> 4] Is there enough interest to explore further? Next steps as output
> I hope you can come!
> -Patrick