Hiya, On 10/03/2019 14:55, Vittorio Bertola wrote: > Hello all, > > this new document has been allocated 10 minutes in the dprive agenda > in Prague.
I really hope someone's going to arrange one venue for these discussions. Could be a bit of a mess otherwise between dprive, doh, dnsops, suggested side meetings and the pivo club:-) > It is my attempt to launch a productive discussion on > whether the IETF can reach consensus on how to address all the issues > deriving by the early deployment attempts of encrypted DNS protocols > and especially DNS-over-HTTPS. It is meant to be the counterpart of > the draft that this WG is developing for operators, but focused on > client applications. It's clearly not finished, (which is of course fine for a -00) but I think there're two things that'll really need fixing as you do more on this: 1. I don't think your characterisation of DNS n/w-selection vs. application-selection is accurate. IIUC, what's actually done by FF is that (if the user has explicitly turned on DoH) then FF tries all the resolvers it knows about and figures out which to use based on the results and timing it sees. That's significantly more complex that the simple dichotomy you describe. And I think that difference would ripple throughout the document and affect many recommendations. 2. I may have missed it, but where in your document is the bit that says that applications and system libraries SHOULD prefer DoT/DoH or similar over cleartext DNS? (And maybe that DNS operators SHOULD provide DoT/DoH services?) ISTM that such a recommendation would be needed before you can really ask applications (who've concluded that cleartext DNS is undesirable) to follow the kind of recommendations you describe. Cheers, S. > > Even before discussing the draft recommendations (which I'm sure will > be quite controversial for some people, and of course everything is > up for discussion), I would like to understand whether people want to > work on this at the IETF (as opposed to other Internet governance > venues) and in which group. > > Regards, > > > A new version of I-D, draft-bertola-bcp-doh-clients-00.txt has been > successfully submitted by Vittorio Bertola and posted to the IETF > repository. > > Name: draft-bertola-bcp-doh-clients Revision: 00 Title: > Recommendations for DNS Privacy Client Applications Document date: > 2019-03-10 Group: Individual Submission Pages: 19 URL: > https://www.ietf.org/internet-drafts/draft-bertola-bcp-doh-clients-00.txt > > Status: https://datatracker.ietf.org/doc/draft-bertola-bcp-doh-clients/ > Htmlized: > https://tools.ietf.org/html/draft-bertola-bcp-doh-clients-00 > Htmlized: > https://datatracker.ietf.org/doc/html/draft-bertola-bcp-doh-clients > > Abstract: This document presents operational, policy and security > considerations for the authors and publishers of client applications > that choose to implement DNS resolution through any of the protocols > that provide private, encrypted connections between the application > itself and the DNS resolver. As these protocols, depending on > implementation choices and deployment models, may impact the Internet > significantly at the architectural, legal and policy levels, the > document records the current consensus on how these protocols should > be used by applications, especially user-facing applications meant > for mass usage by non-technical consumers. >
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
