IETF Logo Mail Archive

Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH is Politically Motivated"

Eric Rescorla <ekr@rtfm.com> Tue, 16 November 2021 16:52 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 763953A082D for <hrpc@ietfa.amsl.com>; Tue, 16 Nov 2021 08:52:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id joS8unFs1zhT for <hrpc@ietfa.amsl.com>; Tue, 16 Nov 2021 08:52:27 -0800 (PST)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B73A3A0801 for <hrpc@irtf.org>; Tue, 16 Nov 2021 08:52:27 -0800 (PST)
Received: by mail-io1-xd2a.google.com with SMTP id k22so26810148iol.13 for <hrpc@irtf.org>; Tue, 16 Nov 2021 08:52:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3h3/V5ESzzd+5dwq7yNhxuKUAOqVZPslOCQyUH1Rb2g=; b=OEq+m3PX5scnxstkM7F7U5SmCGi6qVbMc6g7b2L65touAMyyDYWyknAAbl6IPE8HqK 7z1K1dIcj3dvljLSfLAHgn+DH7iGLIwfRWXkMi3juPMrVc8x9N6PeyZtksucZj617kGe 4cjhUiV5qN9NXOFOq+g4xHiYrbECXaALpli/W1K41Y5PCFTZQhVeBfj4eMGnrwWoxaHd ZanQ9dHCfMcaiaRecihUzwOdEYmav1IEa9JhPiuUyb5rLmVeNH8jSka6hDIbZj6rbef2 NJJHMPV7qGiImEWSsHOnfZFLlyIUr0tXVaNoUUp9c37gdMHLDrpQW+zkYGLAWQMNX1zp DCow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3h3/V5ESzzd+5dwq7yNhxuKUAOqVZPslOCQyUH1Rb2g=; b=YRmgOEeLHhNkrNA1HlQHCQyho7tefTQKINupjMpvmYW18CFLdgygprycdUaNB0XjdO THAVVqDB8xRokj8/KiqDlMDsTI/BBZynbBoLBMridd7RQOQIlANo5y1iaZPXwm+WmGsB bD1qMXNhazVkxW3sWJFzvjjHy9RENip/SGdO3sJNyFB+3G8zJIFNY2d8J7l8DqOMpYiu 6AlZZSRe81xqj/OVQrPnGSJpO5Z/LLPP5RBc4b5dxWQUKrBcpDPfrOBLf4pmoFVkJj+p Vp0W2cALBfVcJvAy9qs9NtV9Zcl6qB9bs9o6e7NaJoC8m9xf6+2TVTnc3Md4UZvUH+2X BiGA==
X-Gm-Message-State: AOAM532MihCjRfgeRYzYC2i8WwolNwUJZUjal16QbUitkKQQPuWeQDye KqRVEmkCgMTRokw9Kr/kjmC89BuAV+rRJ4lJ0MhMGw==
X-Google-Smtp-Source: ABdhPJxhBv+2qPfhf2tUCgXW80ppEadKMMYI/2zvZZKBIFs8tMXxG9VrcmD7SnENS/Zw3aI1QOQF+RnVb/5FtXTQFbo=
X-Received: by 2002:a05:6638:24ca:: with SMTP id y10mr6764729jat.109.1637081544459; Tue, 16 Nov 2021 08:52:24 -0800 (PST)
MIME-Version: 1.0
References: <YZJPwEUqvCvCUVRz@sources.org> <9AB66003-9285-4418-9BC4-9A415F033F26@pch.net> <CABcZeBOoxRMNBwMCMSsTGM_3YgbZs15ZAyxwd61=PhM05QCTRQ@mail.gmail.com> <1440178333.50167.1636999766064@appsuite-gw2.open-xchange.com> <CABcZeBMFsozNWN-Stcctr-i=xGd0OchJZj_6szazYAPVdygk8Q@mail.gmail.com> <1522915630.55835.1637080576757@appsuite-gw2.open-xchange.com>
In-Reply-To: <1522915630.55835.1637080576757@appsuite-gw2.open-xchange.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 16 Nov 2021 08:51:48 -0800
Message-ID: <CABcZeBNGTL7-t8a+-rF9hufF7uVkhLFP7KbVkrO3Sue3HU-W4w@mail.gmail.com>
To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
Cc: hrpc@irtf.org
Content-Type: multipart/alternative; boundary="000000000000ed1ddf05d0eabf85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/ciaJLtvkbvJwAX8v0XB7yBoFUkQ>
Subject: Re: [hrpc] "Paul Vixie and Peter Lowe on Why DoH is Politically Motivated"
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: hrpc discussion list <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>, <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>, <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 16:52:31 -0000

On Tue, Nov 16, 2021 at 8:36 AM Vittorio Bertola <
vittorio.bertola@open-xchange.com> wrote:

>
> Il 15/11/2021 20:20 Eric Rescorla <ekr@rtfm.com> ha scritto:
>
> However, at present, it is generally possible to filter DoH because
> DoH and ordinary HTTPS are usually on different hosts and therefore
> you can use SNI. It's true that it's possible to co-host DoH in such a
> way that it is indistinguishable from non-DoH HTTPS traffic, but it is
> *also* possible to co-host DoT and HTTPS in this way, provided that
> (1) you use a non-standard port and (2) you use ECH. The point here is
> that either DoH or DoT can be run in a way that makes it hard to filter
> if that's what you're trying to do.
>
> That's exactly why the difference between DoT and DoH is political way
> more than technical: I trust you that both may be used in ways that make
> them hard to block, but for DoT it is an unintended consequence, while for
> DoH it is an intended objective of the designers, stated in the
> specification itself and in several public statements.
>

As I said previously, I'm not interested in debating whether DoH is
political or not. My point was merely that:

1. It's a deployment question whether to make DoH or DoT unblockable.
2. Current DoH deployments are generally easily blockable.
3. If people want to deploy DoT in unblockable ways, they can do so.

Therefore the fact that browsers are choosing to deploy DoH  rather than
DoT does not have a significant impact on whether it will be blockable in
practice.

-Ekr

v2.23.0 | Report a Bug | By Email