On Nov 26, 2018, at 6:31 AM, Ray Bellis <[email protected]> wrote:
> 
> On 23/11/2018 16:45, Paul Hoffman wrote:
> 
>> The current round of pushback, all of which appeared after the standard was 
>> finished, seems to mostly be coming from DNS vendors, not ISPs or DNS 
>> operators.
> 
> There was _plenty_ of pushback when this got presented at UKNOT,
> especially among those ISPs that are currently using government-
> mandated DNS-based blocking of CAI sites.

Ah! That is interesting to hear. Any links that you have to that would be 
greatly appreciated.

> 
>> During the development of the DoH standard, people from many DNS vendors 
>> (including the one you work for) contributed to the spec without objection 
>> in the WG.
> 
> I wouldn't say it was "without objection", because there were clearly some 
> significant impedance mismatches to resolve, both between the HTTP and DNS 
> people, and between the HTTP and DNS protocols.

You may feel differently, but I saw no comments during WG or IETF Last Call 
that indicated that any mismatches still existed. If you feel that they do, the 
DOH WG is still open, and a draft describing the problems could garner interest.

> Personally, I thought we were working on a means to provide an *ad-hoc*
> DNS resolution and validation method in certain environments, and along
> the way allow JS web-apps to perform proper DNS lookups.

Fully agree. That is indeed what the RFC says.

> The objections started when we heard that a particular browser vendor
> wanted to make this ubiquitous for *all* DNS lookups.

Then why aren't the objections aimed at that implementer instead of the spec? 
Any implementer can misuse any spec badly: that doesn't make the spec itself 
bad. The operational documents that come to the DNSOP WG are often about those 
situations.

--Paul Hoffman

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy

Reply via email to