Re: [homenet] DoH??

Michael Thomas <> Wed, 18 September 2019 22:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C757A1200FE for <>; Wed, 18 Sep 2019 15:27:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=GJPk4EYw; dkim=pass (2048-bit key) header.b=CdgRqVIn
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FEPIw-cYdQzV for <>; Wed, 18 Sep 2019 15:27:37 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 31B5412002F for <>; Wed, 18 Sep 2019 15:27:37 -0700 (PDT)
Received: by with SMTP id y72so880432pfb.12 for <>; Wed, 18 Sep 2019 15:27:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=fluffulence; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=2bSaf+4puAwhl+S/oyR/E/6khhqeQAhtlzkWxPn1Meo=; b=GJPk4EYw5qIjUoq4v+TQxw99jtAIY/kK4wPuj7i6SsXkzDYprZMWB90kubolUDqM5x isXdcgRCF0gMS42Bacjlcq4sYIUZunqziD5zPrOGNKO4SCR9JZPHJ/pARa3U0P+TU2Ot 1mSFLB9T5IzdLjZalT6iHKqfVoMz36q95WB9I=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=2bSaf+4puAwhl+S/oyR/E/6khhqeQAhtlzkWxPn1Meo=; b=CdgRqVInVb0zE5wM4Ug1xZO/0zAOacroH/sozv5WmHj8XS6RjygQ/ywex1YvBLUKJ4 oaYB2B7B7Vubz84knm1+fzN7HdR2tpjxuJPI8rAhQ6TcvRBODIKNqOmSLXeX741h+hoP dOhqcw+bR28Sots2XzjNB6OmTaUOpSG3IB45731xiYDZBXfVjXwmSE4OtRUg4DT6gSl4 0/XxGV82qy78+cTBYTnDItFJSC44tnWWBpFLyl6OEGCtvrf5UKK8+5HAQ9qC2XY5e78Z /b3U9nximjb2b/hsgBPpxNuTQop1IhX5ewxA8dqX5i/N2GwFclA5F9VJ98zLmNtE01BT oMLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language; bh=2bSaf+4puAwhl+S/oyR/E/6khhqeQAhtlzkWxPn1Meo=; b=SeoWmW/C2ruP1n13F/+J9VpP3b625IjaQ0Doau5VgUGWUMKfNSzR2QJPw77no3XueB DCoKogV7cOhg85tHzCTplwEbihHAd5QdDmSzzHTR/UDPYfwTuM/YPW+7WIzwgqFI6ZTk EWC0SxyFk6w2MrSxYhUB6hFfyAzOKPjL3tOHj/rUnAS5UHLy2cPacVUJ4xbK9y2iBWrv O2WzmYI5yXMnMG7zDfyXiDXblF/akqNkugqxyzsZF6+A0iQ3d8VqwaCsN+oZzqalGy4g Hjo5m67JUZDAW+XrHGVFo8a8/Z9x+T2Evl2LH5ttEm7ZhN5/c61Q6Com/hDBD1vh8/SW a+3A==
X-Gm-Message-State: APjAAAVi7/PV+a88vbAsDvdm0t5pnmYgymohrGu103y1LVKCZ4B37c3K yIPY8A3yl0yWGpyzfyXNVrjgKdU5lR8=
X-Google-Smtp-Source: APXvYqxsrbZ2VJiJzKOKqp13v1ODzd4XXb6PwMspMJhWz9v/GMoOToUqby7YwOTAi6Nx9AWSExUYmQ==
X-Received: by 2002:a17:90a:5d05:: with SMTP id s5mr205394pji.125.1568845656340; Wed, 18 Sep 2019 15:27:36 -0700 (PDT)
Received: from MichaelsMacBook.lan ([]) by with ESMTPSA id z19sm6213174pgv.35.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 18 Sep 2019 15:27:35 -0700 (PDT)
Sender: Michael Thomas <>
To: Ted Lemon <>
Cc: "" <>
References: <> <>
From: Michael Thomas <>
Message-ID: <>
Date: Wed, 18 Sep 2019 15:27:41 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------C562A8F1AD896DC3AFF7EEB8"
Content-Language: en-US
Archived-At: <>
Subject: Re: [homenet] DoH??
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 18 Sep 2019 22:27:39 -0000

On 9/18/19 3:12 PM, Ted Lemon wrote:
> On Sep 18, 2019, at 6:07 PM, Michael Thomas < 
> <>> wrote:
>> So I'm a little unclear about the specifics of Firefox using DNS over 
>> HTTP, but wouldn't this affect homenet naming, or any split horizon 
>> kind of naming?
> In order for DoH to not break lots of things, it has to be implemented 
> in such a way that special-use names are not resolved using a global 
> resolver, and that VPN-supported names are looked up using the VPN 
> resolver.   It would also be nice if there were a way for the homenet 
> to signal that a public domain belonging to it is resolved locally, so 
> that split-horizon naming on the homenet works correctly.  Similar 
> functionality will be required for corporate networks that do 
> split-horizon naming.
Yeah, that's pretty much what it seemed to me too. How vetted was this? 
I mean, did it make the rounds in standards-ville, or is this roll your 
own by Mozilla?

I also don't get what the motivation is, and/or problem it's trying to 
solve. Seems pretty scary to have a single point of failure (Cloudflare)