On 3/13/19 4:17 PM, Stephen Farrell wrote:
On 13/03/2019 21:06, Brian Dickson wrote:
Things like DMCA and its ilk might raise the software to the
level of "illegal" rather than just a contract violation by a user.
Whacking someone in the head with a fish could well be
illegal... but fish are
On 13/03/2019 21:06, Brian Dickson wrote:
> Things like DMCA and its ilk might raise the software to the
> level of "illegal" rather than just a contract violation by a user.
Whacking someone in the head with a fish could well be
illegal... but fish are not illegal:-) [1]
Similarly typing "dig
On Wed, Mar 13, 2019 at 12:18 PM Christian Huitema
wrote:
> But then, if the user has not opted in such system, it would be nice if
> the ISP refrained from interfering with name resolution for that user. How
> do we achieve those two goals in practice?
>
> -- Christian Huitema
>
Even that
On 3/13/2019 9:56 AM, Livingood, Jason wrote:
> On 3/12/19, 11:40 PM, "Doh on behalf of Christian Huitema"
> wrote:
>
>> Why do you think you can filter content? Who made you king?
> [JL] End users may have opted into / subscribed to such a parental control
> system. An enterprise may say
On 3/12/19, 11:40 PM, "Doh on behalf of Christian Huitema"
wrote:
> Why do you think you can filter content? Who made you king?
[JL] End users may have opted into / subscribed to such a parental control
system. An enterprise may say we'll only connect to the Internet and allow
traffic of X
On Wednesday, 13 March 2019 02:59:07 UTC Christian Huitema wrote:
> On 3/12/2019 2:11 PM, Paul Vixie wrote:
> >> I don't see why, based on your argument, your concerns
> >> trump his.
> >>
> >> Can you explain?
> >
> > he's trying to achieve a political aim using technology. that is not the
> >
On Wednesday, 13 March 2019 00:36:32 UTC Stephen Farrell wrote:
> Hiya,
>
> On 12/03/2019 22:51, Paul Vixie wrote:
> > i have no qualms about confidentiality, for traffic allowed by a network
> > operator.
>
> To me, the above reads as self-contradictory. If the traffic is
> confidential
Please see inline
From: Eric Rescorla
Sent: Tuesday, March 12, 2019 9:28 PM
To: Konda, Tirumaleswar Reddy
Cc: d...@ietf.org; dnsop@ietf.org; dns-priv...@ietf.org; Vittorio Bertola
; Stephen Farrell
Subject: Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertola-bcp-doh-clients
CAUTION:
Gentlemen,
This conversation has gone to the zoo. What is or is not political doesn’t
matter at this stage in the game, and neither is arguing over rights over bits.
If people want to do that I suggest doing so in the HRPC WG and with a draft
in hand. Flaming back and forth without an
> Il 13 marzo 2019 alle 4.39 Christian Huitema ha scritto:
>
> On 3/12/2019 7:56 PM, Vittorio Bertola wrote:
> > The reaction I got from some policy people when I mentioned this kind of
> > arguments going on here is "when did the IETF get the mandate to decide for
> > everyone that content
On 2019-03-12 2:51 p.m., Paul Vixie wrote:
... development of protocols whose ideal state is "interoperability"
and never more or less.
slightly out of context, but I find the 'interoperability' context as an
underlying definition worthy of support.
On 3/12/2019 2:11 PM, Paul Vixie wrote:
>> I don't see why, based on your argument, your concerns
>> trump his.
>>
>> Can you explain?
> he's trying to achieve a political aim using technology. that is not the
> purpose for which the internet engineering task force, or the internet
> itself,
>
> Il 12 marzo 2019 alle 19.56 Christian Huitema ha
> scritto:
>
> You are saying that whoever happens to control part of the network path
> is entitled to override the user choices and impose their own. Really?
> As Stephane wrote, that may be legit in some circumstances, but much
> more
In the below commentary, there are some use cases which are not being
included
On 2019-03-12 12:56 p.m., Christian Huitema wrote:
On 3/12/2019 11:35 AM, Paul Vixie wrote:
if someone is concerned that some of the web sites
reachable through some CDN are dangerous...
Paul, who is this
Paul,
On Wed, Mar 13, 2019 at 1:03 AM Paul Vixie wrote:
> On Tuesday, 12 March 2019 15:36:36 UTC Stephane Bortzmeyer wrote:
> > On Mon, Mar 11, 2019 at 08:55:18AM +0530,
> > nalini elkins wrote
> >
> > a message of 202 lines which said:
> > > The questions that the Fortune 50 company
On 2019-03-12 4:51 p.m., Paul Vixie wrote:
On Tuesday, 12 March 2019 21:38:44 UTC Stephen Farrell wrote:
DoH intends "to prevent on-path interference with DNS operations", and that's
well beyond the remit of RFC 7626, and is therefore not spoken to one way or
another by IETF consensus. i do not
Hiya,
On 12/03/2019 22:51, Paul Vixie wrote:
> On Tuesday, 12 March 2019 21:38:44 UTC Stephen Farrell wrote:
>> On 12/03/2019 21:11, Paul Vixie wrote:
>>> ...
>>
>> There are reasons to want confidentiality for DNS queries
>> and answers, and access patterns, for which the IETF has
>> achieved
On Tuesday, 12 March 2019 21:38:44 UTC Stephen Farrell wrote:
> On 12/03/2019 21:11, Paul Vixie wrote:
> > ...
>
> There are reasons to want confidentiality for DNS queries
> and answers, and access patterns, for which the IETF has
> achieved consensus. (See RFC7626) (*)
i have no qualms about
On 12/03/2019 21:11, Paul Vixie wrote:
> he's trying to achieve a political aim using technology.
Ok, now I think I understand and am pretty sure I disagree
with you there.
There are reasons to want confidentiality for DNS queries
and answers, and access patterns, for which the IETF has
On Tuesday, 12 March 2019 21:05:36 UTC Stephen Farrell wrote:
> Paul,
>
> On 12/03/2019 20:51, Paul Vixie wrote:
> > just as i've cautioned the RFC 8484 authors against imposing their anti-
> > censorship views on my parental controls or corporate network policies,
> > let me here caution you
Paul,
On 12/03/2019 20:51, Paul Vixie wrote:
> just as i've cautioned the RFC 8484 authors against imposing their anti-
> censorship views on my parental controls or corporate network policies, let
> me
> here caution you against imposing your (clearly) western liberal-democratic
> views on
On Tuesday, 12 March 2019 20:31:54 UTC Christian Huitema wrote:
> On 3/12/2019 12:56 PM, Paul Vixie wrote:
> > i don't like the chinese government's rules for the great firewall. so, i
> > keep my visits to that otherwise-great country short. this hurts me, and
> > maybe hurts them also. but,
On 3/12/2019 12:56 PM, Paul Vixie wrote:
>> As Stephane wrote, that may be legit in some circumstances, but much
>> more questionable in others, such as a hotel Wi-Fi attempting to decide
>> what sites I could or could not access. It really is a tussle.
> i don't like the chinese government's
On 12/03/2019, 20:37, "Doh on behalf of Stephane Bortzmeyer"
wrote:
On Tue, Mar 12, 2019 at 04:55:11PM +0100,
Neil Cook wrote
a message of 22 lines which said:
> Actually many enterprises (particularly banks etc.) do not allow DNS
resolution directly from employee
On 3/12/19 9:14 AM, Jim Reid wrote:
>
>
>> On 12 Mar 2019, at 16:01, Stephane Bortzmeyer wrote:
>>
>> I still do not understand why people have a problem with DoH whch did
>> not already exist before with my-own-name-resolution-protocol-over-HTTPS.
>
> It’s a question of scale/ubiquity.
On 12/03/2019, 20:37, "Doh on behalf of Stephane Bortzmeyer"
wrote:
On Tue, Mar 12, 2019 at 04:55:11PM +0100,
Neil Cook wrote
a message of 22 lines which said:
> Actually many enterprises (particularly banks etc.) do not allow DNS
resolution directly from employee
On 3/12/2019 11:35 AM, Paul Vixie wrote:
> if someone is concerned that some of the web sites
> reachable through some CDN are dangerous...
Paul, who is this someone? How do they decide? What does dangerous mean?
These questions are very much behind the tension we see today. And the
answers
On Tuesday, 12 March 2019 18:56:05 UTC Christian Huitema wrote:
> On 3/12/2019 11:35 AM, Paul Vixie wrote:
> > if someone is concerned that some of the web sites
> > reachable through some CDN are dangerous...
>
> Paul, who is this someone?
a network operator.
> How do they decide? What does
On Tuesday, 12 March 2019 15:36:36 UTC Stephane Bortzmeyer wrote:
> On Mon, Mar 11, 2019 at 08:55:18AM +0530,
> nalini elkins wrote
>
> a message of 202 lines which said:
> > The questions that the Fortune 50 company architect asked were something
> > like this:
> >
> > 1. You mean that DNS
On Monday, 11 March 2019 21:44:06 UTC Eric Rescorla wrote:
> On Mon, Mar 11, 2019 at 11:13 AM Paul Vixie wrote:
> > > > Enterprise networks are already able to block DoH services,
> >
> > i wonder if everyone here knows that TLS 1.3 and encrypted headers is
> > going to push a SOCKS agenda onto
On Monday, 11 March 2019 18:18:38 UTC Eliot Lear wrote:
...
> > i wonder if everyone here knows that TLS 1.3 and encrypted headers is
> > going to push a SOCKS agenda onto enterprises that had not previously
> > needed one, and that simply blocking every external endpoint known or
> > tested to
> On 12 Mar 2019, at 16:01, Stephane Bortzmeyer wrote:
>
> I still do not understand why people have a problem with DoH whch did
> not already exist before with my-own-name-resolution-protocol-over-HTTPS.
It’s a question of scale/ubiquity. These “alterate” resolution tricks have up
until now
> On 12 Mar 2019, at 17:01, Stephane Bortzmeyer wrote:
>
> On Tue, Mar 12, 2019 at 04:55:11PM +0100,
> Neil Cook wrote
> a message of 22 lines which said:
>
>> Actually many enterprises (particularly banks etc.) do not allow DNS
>> resolution directly from employee endpoints.
>
> They
Moin!
On 12 Mar 2019, at 17:01, Stephane Bortzmeyer wrote:
On Tue, Mar 12, 2019 at 04:55:11PM +0100,
Neil Cook wrote
a message of 22 lines which said:
Actually many enterprises (particularly banks etc.) do not allow DNS
resolution directly from employee endpoints.
They block UDP/53,
On Tue, Mar 12, 2019 at 04:55:11PM +0100,
Neil Cook wrote
a message of 22 lines which said:
> Actually many enterprises (particularly banks etc.) do not allow DNS
> resolution directly from employee endpoints.
They block UDP/53, which is not the same thing. Malware or
non-cooperating
On Tue, Mar 12, 2019 at 8:51 AM Konda, Tirumaleswar Reddy <
tirumaleswarreddy_ko...@mcafee.com> wrote:
> Hi Eric,
>
>
>
> In TLS 1.2, it is possible for firewalls to inspect the TLS handshake, and
> white-list, black-list and grey-list TLS session based on the server
> identity. In other words,
> On 12 Mar 2019, at 16:36, Stephane Bortzmeyer wrote:
>
> On Mon, Mar 11, 2019 at 08:55:18AM +0530,
> nalini elkins wrote
> a message of 202 lines which said:
>
>> The questions that the Fortune 50 company architect asked were something
>> like this:
>>
>> 1. You mean that DNS could be
Hi Eric,
In TLS 1.2, it is possible for firewalls to inspect the TLS handshake, and
white-list, black-list and grey-list TLS session based on the server identity.
In other words, middleboxes are conditionally acting as TLS proxies to specific
servers (categorized in the grey-list).
With TLS
On Mon, Mar 11, 2019 at 09:59:11AM +0530,
nalini elkins wrote
a message of 231 lines which said:
> Companies also (validly, in my opinion) wish to know if their
> employees are going to fantasyfootballgame.com while they are
> supposedly doing work and of course, other sites which people
On Mon, Mar 11, 2019 at 08:55:18AM +0530,
nalini elkins wrote
a message of 202 lines which said:
> The questions that the Fortune 50 company architect asked were something
> like this:
>
> 1. You mean that DNS could be resolved outside my enterprise?
I suggest to explain to this person that
> -Original Message-
> From: Eliot Lear
> Sent: Monday, March 11, 2019 11:49 PM
> To: Paul Vixie
> Cc: nalini elkins ; Konda, Tirumaleswar Reddy
> ; d...@ietf.org; dnsop@ietf.org;
> Ackermann, Michael ; Christian Huitema
> ; dns-priv...@ietf.org; Vittorio Bertola
> ; Stephen Farrell
>
>
That's what they told me.
On Mar 11, 2019, 14:20, at 14:20, Daniel Stenberg wrote:
>On Mon, 11 Mar 2019, Paul Vixie wrote:
>
>> CF has so far only supported DoH on 1.1.1.0/24 and 1.0.1.0/24
>
>If that's what you believe and block, then you're not blocking
>Cloudflare DoH
>very effectively... =)
On Mon, Mar 11, 2019 at 11:13 AM Paul Vixie wrote:
>
>
> nalini elkins wrote on 2019-03-11 10:26:
> > Tiru,
> >
> > Thanks for your comments.
> >
> > > Enterprise networks are already able to block DoH services,
> i wonder if everyone here knows that TLS 1.3 and encrypted headers is
> going to
On Mon, 11 Mar 2019, Paul Vixie wrote:
CF has so far only supported DoH on 1.1.1.0/24 and 1.0.1.0/24
If that's what you believe and block, then you're not blocking Cloudflare DoH
very effectively... =)
--
/ daniel.haxx.se
___
DNSOP mailing
Hi Paul,
> On 11 Mar 2019, at 19:12, Paul Vixie wrote:
>
>
>
> nalini elkins wrote on 2019-03-11 10:26:
>> Tiru,
>> Thanks for your comments.
>> > Enterprise networks are already able to block DoH services,
> i wonder if everyone here knows that TLS 1.3 and encrypted headers is going
> to
45 matches
Mail list logo
