Re: [DNSOP] [hrpc] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

Warren, I would suggest that you wait on creating a new list. I think Stephane was proposing an *in person* meeting, using the 104sidemeetings Wiki, and I’d like to see that happen first. That also gives time for the dust from the release of these new drafts to settle a bit, so that the conto

Re: [DNSOP] Proposal for a side-meeting on services centralization at IETF 104 Prague

On Mon, Mar 11, 2019 at 01:59:25PM -0400, Allison Mankin wrote a message of 94 lines which said: > Perfect idea, very good use of the Wednesday slot. New date and place registered at , wednesday, Karlin 1/2, 1500 to 1700. (Note the

Re: [DNSOP] Proposal for a side-meeting on services centralization at IETF 104 Prague

On Mon, Mar 11, 2019 at 06:57:03PM +0100, Vittorio Bertola wrote a message of 18 lines which said: > Moreover, centralization is not the only Do*-related problem > category that has been raised (my draft alone lists eight others). IMHO, this is precisely the biggest problem with these three d

Re: [DNSOP] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

On Tue, Mar 12, 2019 at 9:46 AM Warren Kumari wrote: > also, a good suggestion for a name would be helpful :-) That is, aside from "scent" which is as obvious, as it is weird? -- Töma ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/

Re: [DNSOP] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

Hi, I'm already starting to pile up conflicts on Wednesday. I'm also very conscious that we had a side meeting about similar issues in Singapore (IIRC), and didn't make much progress at all in that time. Are we going to be able to productively use two hours for this? Could we come up with a mor

Re: [DNSOP] [Doh] Proposal for a side-meeting on services centralization at IETF 104 Prague

On Tue, Mar 12, 2019 at 08:14:49PM +1100, Mark Nottingham wrote a message of 32 lines which said: > I'm also very conscious that we had a side meeting about similar > issues in Singapore (IIRC), and didn't make much progress at all in > that time. This time, we have drafts (poor ones, IMHO, b

Re: [DNSOP] Proposal for a side-meeting on services centralization at IETF 104 Prague

> Il 12 marzo 2019 alle 10.01 Stephane Bortzmeyer ha > scritto: > > > On Mon, Mar 11, 2019 at 06:57:03PM +0100, > Vittorio Bertola wrote > a message of 18 lines which said: > > > Moreover, centralization is not the only Do*-related problem > > category that has been raised (my draft alone

[DNSOP] Fwd: New Version Notification for draft-sury-toorop-dns-cookies-algorithms-00.txt

Dear DNSOP, A new draft has been submitted addressing the issue of DNS Cookies in multi-vendor anycast deployments. DNS Cookies are currently impractical in such deployments, because one implementation - even though it shares its secret with another implementation - cannot validate the Server Coo

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

>> ISTM that it is quite possible that enterprises that deploy their own DoH >> services could potentially reduce such leakage and gain overall. (I'm >> assuming here that sensible browser-makers will end up providing >> something that works for browsers running in networks with split-horizon >> se

Re: [DNSOP] [EXTERNAL] Re: [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

MDM is also a red-herring given >90% of devices world-wide aren't managed so anyone talking of MDM riding to the rescue of DoH client configuration is walking around with blinkers on. Even inside company networks there are servers not under MDM; locally developed applications that might in futur

Re: [DNSOP] [EXTERNAL] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

Hi, > On 12 Mar 2019, at 14:11, Winfield, Alister wrote: > > MDM is also a red-herring given >90% of devices world-wide aren't managed so > anyone talking of MDM riding to the rescue of DoH client configuration is > walking around with blinkers on. Firefox has published a specific policy inte

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

Please see inline [TR] From: dns-privacy On Behalf Of Neil Cook Sent: Tuesday, March 12, 2019 5:14 PM To: Konda, Tirumaleswar Reddy Cc: d...@ietf.org; Vittorio Bertola ; dnsop@ietf.org; Paul Vixie ; Christian Huitema ; nalini elkins ; dns-priv...@ietf.org; Ackermann, Michael ; Stephen Farrel

Re: [DNSOP] [dns-privacy] [EXTERNAL] [Doh] New: draft-bertola-bcp-doh-clients

MDM may or may not be acceptable even in Enterprise networks. For instance, today network security services are using ML techniques to identify malware flows without acting as a TLS proxy. MDM is also not an option to secure devices in the home networks, especially consumer IoT devices. Cheers,

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Mon, Mar 11, 2019 at 08:55:18AM +0530, nalini elkins wrote a message of 202 lines which said: > The questions that the Fortune 50 company architect asked were something > like this: > > 1. You mean that DNS could be resolved outside my enterprise? I suggest to explain to this person that

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Sun, Mar 10, 2019 at 10:24:56PM -0700, Paul Vixie wrote a message of 82 lines which said: > set up a war between end users and network operators, Well, the tussle already exists. It does not depend on whether you like it or not, on whether the IETF approves it or not. When people have diff

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Mon, Mar 11, 2019 at 09:59:11AM +0530, nalini elkins wrote a message of 231 lines which said: > Companies also (validly, in my opinion) wish to know if their > employees are going to fantasyfootballgame.com while they are > supposedly doing work and of course, other sites which people shoul

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Sun, Mar 10, 2019 at 11:17:43PM -0700, Paul Vixie wrote a message of 36 lines which said: > > You claim the right to impose your rules, because it is "your network". > > Yet you have to define ownership. > my network, my rules. your provider's network, their rules. I clearly disagree. If

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

Hi Eric, In TLS 1.2, it is possible for firewalls to inspect the TLS handshake, and white-list, black-list and grey-list TLS session based on the server identity. In other words, middleboxes are conditionally acting as TLS proxies to specific servers (categorized in the grey-list). With TLS 1.3

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

> On 12 Mar 2019, at 16:36, Stephane Bortzmeyer wrote: > > On Mon, Mar 11, 2019 at 08:55:18AM +0530, > nalini elkins wrote > a message of 202 lines which said: > >> The questions that the Fortune 50 company architect asked were something >> like this: >> >> 1. You mean that DNS could be re

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Tue, Mar 12, 2019 at 8:51 AM Konda, Tirumaleswar Reddy < tirumaleswarreddy_ko...@mcafee.com> wrote: > Hi Eric, > > > > In TLS 1.2, it is possible for firewalls to inspect the TLS handshake, and > white-list, black-list and grey-list TLS session based on the server > identity. In other words, mi

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Tue, Mar 12, 2019 at 04:55:11PM +0100, Neil Cook wrote a message of 22 lines which said: > Actually many enterprises (particularly banks etc.) do not allow DNS > resolution directly from employee endpoints. They block UDP/53, which is not the same thing. Malware or non-cooperating applica

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

> On 12 Mar 2019, at 15:49, Stephane Bortzmeyer wrote: > > the case of a commercial > Internet access provider is clear in the other direction: a client is > not an employee, and is entitled to a free, open and neutral Internet > access. Stephane, that’s simply not true. A client of an Interne

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

Moin! On 12 Mar 2019, at 17:01, Stephane Bortzmeyer wrote: On Tue, Mar 12, 2019 at 04:55:11PM +0100, Neil Cook wrote a message of 22 lines which said: Actually many enterprises (particularly banks etc.) do not allow DNS resolution directly from employee endpoints. They block UDP/53, whic

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

> On 12 Mar 2019, at 17:01, Stephane Bortzmeyer wrote: > > On Tue, Mar 12, 2019 at 04:55:11PM +0100, > Neil Cook wrote > a message of 22 lines which said: > >> Actually many enterprises (particularly banks etc.) do not allow DNS >> resolution directly from employee endpoints. > > They bloc

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

> On 12 Mar 2019, at 16:01, Stephane Bortzmeyer wrote: > > I still do not understand why people have a problem with DoH whch did > not already exist before with my-own-name-resolution-protocol-over-HTTPS. It’s a question of scale/ubiquity. These “alterate” resolution tricks have up until now

Re: [DNSOP] [dns-privacy] [EXTERNAL] [Doh] New: draft-bertola-bcp-doh-clients

Hi Tiru, > On 12 Mar 2019, at 16:31, Konda, Tirumaleswar Reddy > wrote: > > MDM may or may not be acceptable even in Enterprise networks. For instance, > today network security services are using ML techniques to identify malware > flows without acting as a TLS proxy. MDM is also not an optio

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 3/12/2019 9:02 AM, Jim Reid wrote: > >> On 12 Mar 2019, at 15:49, Stephane Bortzmeyer wrote: >> >> the case of a commercial >> Internet access provider is clear in the other direction: a client is >> not an employee, and is entitled to a free, open and neutral Internet >> access. > Stephane, t

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Monday, 11 March 2019 18:18:38 UTC Eliot Lear wrote: ... > > i wonder if everyone here knows that TLS 1.3 and encrypted headers is > > going to push a SOCKS agenda onto enterprises that had not previously > > needed one, and that simply blocking every external endpoint known or > > tested to sup

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

On Monday, 11 March 2019 18:30:51 UTC Ted Hardie wrote: > On Mon, Mar 11, 2019 at 11:06 AM Paul Vixie wrote: > > DoH will moot that approach. > > Any system that actually checks the credentials presented by the responding > server will also moot that approach. yes! but it will fail "closed". thu

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Monday, 11 March 2019 21:44:06 UTC Eric Rescorla wrote: > On Mon, Mar 11, 2019 at 11:13 AM Paul Vixie wrote: > > > > Enterprise networks are already able to block DoH services, > > > > i wonder if everyone here knows that TLS 1.3 and encrypted headers is > > going to push a SOCKS agenda onto

Re: [DNSOP] Proposal for a side-meeting on services centralization at IETF 104 Prague

On Tuesday, 12 March 2019 09:01:42 UTC Stephane Bortzmeyer wrote: > On Mon, Mar 11, 2019 at 06:57:03PM +0100, > Vittorio Bertola wrote > > a message of 18 lines which said: > > Moreover, centralization is not the only Do*-related problem > > category that has been raised (my draft alone lists e

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Hi Paul, Comments in-line. On Tue, Mar 12, 2019 at 11:27 AM Paul Vixie wrote: > On Monday, 11 March 2019 18:30:51 UTC Ted Hardie wrote: > > On Mon, Mar 11, 2019 at 11:06 AM Paul Vixie wrote: > > > DoH will moot that approach. > > > > Any system that actually checks the credentials presented by

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Tuesday, 12 March 2019 15:36:36 UTC Stephane Bortzmeyer wrote: > On Mon, Mar 11, 2019 at 08:55:18AM +0530, > nalini elkins wrote > > a message of 202 lines which said: > > The questions that the Fortune 50 company architect asked were something > > like this: > > > > 1. You mean that DNS co

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Tuesday, 12 March 2019 18:56:05 UTC Christian Huitema wrote: > On 3/12/2019 11:35 AM, Paul Vixie wrote: > > if someone is concerned that some of the web sites > > reachable through some CDN are dangerous... > > Paul, who is this someone? a network operator. > How do they decide? What does dan

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 3/12/2019 11:35 AM, Paul Vixie wrote: > if someone is concerned that some of the web sites > reachable through some CDN are dangerous... Paul, who is this someone? How do they decide? What does dangerous mean? These questions are very much behind the tension we see today. And the answers are

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

On Tuesday, 12 March 2019 19:15:16 UTC Ted Hardie wrote: > ... > > that's precisely the goal, because very few network operators can > > preordain the users and apps that will connect through their networks. > > I do not believe this goal is met by what you describe, since an > application can use

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 12/03/2019, 20:37, "Doh on behalf of Stephane Bortzmeyer" wrote: On Tue, Mar 12, 2019 at 04:55:11PM +0100, Neil Cook wrote a message of 22 lines which said: > Actually many enterprises (particularly banks etc.) do not allow DNS resolution directly from employee end

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 3/12/19 9:14 AM, Jim Reid wrote: > > >> On 12 Mar 2019, at 16:01, Stephane Bortzmeyer wrote: >> >> I still do not understand why people have a problem with DoH whch did >> not already exist before with my-own-name-resolution-protocol-over-HTTPS. > > It’s a question of scale/ubiquity. These

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 12/03/2019, 20:37, "Doh on behalf of Stephane Bortzmeyer" wrote: On Tue, Mar 12, 2019 at 04:55:11PM +0100, Neil Cook wrote a message of 22 lines which said: > Actually many enterprises (particularly banks etc.) do not allow DNS resolution directly from employee en

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 3/12/2019 12:56 PM, Paul Vixie wrote: >> As Stephane wrote, that may be legit in some circumstances, but much >> more questionable in others, such as a hotel Wi-Fi attempting to decide >> what sites I could or could not access. It really is a tussle. > i don't like the chinese government's rule

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Tuesday, 12 March 2019 20:31:54 UTC Christian Huitema wrote: > On 3/12/2019 12:56 PM, Paul Vixie wrote: > > i don't like the chinese government's rules for the great firewall. so, i > > keep my visits to that otherwise-great country short. this hurts me, and > > maybe hurts them also. but,

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

Paul, Since it is apparent our disagreement is at a more fundamental level, I will make only two further comments. The first is that you recently chided someone for using the word "rant", saying that it would "diminish and disrespect" someone's words. In the note below you use terms like "warfar

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

Paul, On 12/03/2019 20:51, Paul Vixie wrote: > just as i've cautioned the RFC 8484 authors against imposing their anti- > censorship views on my parental controls or corporate network policies, let > me > here caution you against imposing your (clearly) western liberal-democratic > views on th

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Tuesday, 12 March 2019 21:05:36 UTC Stephen Farrell wrote: > Paul, > > On 12/03/2019 20:51, Paul Vixie wrote: > > just as i've cautioned the RFC 8484 authors against imposing their anti- > > censorship views on my parental controls or corporate network policies, > > let me here caution you agai

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 12/03/2019 21:11, Paul Vixie wrote: > he's trying to achieve a political aim using technology. Ok, now I think I understand and am pretty sure I disagree with you there. There are reasons to want confidentiality for DNS queries and answers, and access patterns, for which the IETF has achieve

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

I realize you're responding to Paul, but your message below did pique (in a good way) my thinking and the distinction in my mind, as an operator, between DoH and DoT (and other forms of encrypted communication). I am top-posting intentionally because I am responding to your entire message. I supp

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Tuesday, 12 March 2019 21:38:44 UTC Stephen Farrell wrote: > On 12/03/2019 21:11, Paul Vixie wrote: > > ... > > There are reasons to want confidentiality for DNS queries > and answers, and access patterns, for which the IETF has > achieved consensus. (See RFC7626) (*) i have no qualms about co

Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

On Tue, Mar 12, 2019 at 3:51 PM Paul Vixie wrote: > On Tuesday, 12 March 2019 21:38:44 UTC Stephen Farrell wrote: > > On 12/03/2019 21:11, Paul Vixie wrote: > > > ... > > > > There are reasons to want confidentiality for DNS queries > > and answers, and access patterns, for which the IETF has > >

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

Hiya, On 12/03/2019 22:51, Paul Vixie wrote: > On Tuesday, 12 March 2019 21:38:44 UTC Stephen Farrell wrote: >> On 12/03/2019 21:11, Paul Vixie wrote: >>> ... >> >> There are reasons to want confidentiality for DNS queries >> and answers, and access patterns, for which the IETF has >> achieved co

Re: [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

> On 13 Mar 2019, at 3:02 am, Jim Reid wrote: > > > >> On 12 Mar 2019, at 15:49, Stephane Bortzmeyer wrote: >> >> the case of a commercial >> Internet access provider is clear in the other direction: a client is >> not an employee, and is entitled to a free, open and neutral Internet >> acc

Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

On Wed, 13 Mar 2019, Stephen Farrell wrote: Hmm. Not sure what to make of that. DNSSEC presumably makes it possible to detect interference, and yet RPZ (IIRC) calls for not changing DNSSEC-signed answers. I don't get why an inability to change is ok for the RPZ/DNSSEC context but not for DoH.

Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

On Tue, 12 Mar 2019, Paul Vixie wrote: i don't like the chinese government's rules for the great firewall. so, i keep my visits to that otherwise-great country short. this hurts me, and maybe hurts them also. but, it's their country, and i will obey their laws when i am using their network. and

Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

Hiya, On 13/03/2019 01:04, Paul Wouters wrote: > RPZ allows filtering answers which would turn into BOGUS for > DNSSEC validating clients. Could well be my terminology was imprecise. What I recalled from some discussion a year or more ago was that RPZ MUST NOT change a DNSSEC-signed answer that

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 2019-03-12 4:51 p.m., Paul Vixie wrote: On Tuesday, 12 March 2019 21:38:44 UTC Stephen Farrell wrote: DoH intends "to prevent on-path interference with DNS operations", and that's well beyond the remit of RFC 7626, and is therefore not spoken to one way or another by IETF consensus. i do not b

Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

> Il 13 marzo 2019 alle 3.20 Raymond Burkholder ha > scritto: > > It appears to me that there is considerable support for DoH, meaning > there is support for non-interference. I think there is support within the IETF, but "non-interference" on DNS has lots of implications at the legal, busine

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

Paul, On Wed, Mar 13, 2019 at 1:03 AM Paul Vixie wrote: > On Tuesday, 12 March 2019 15:36:36 UTC Stephane Bortzmeyer wrote: > > On Mon, Mar 11, 2019 at 08:55:18AM +0530, > > nalini elkins wrote > > > > a message of 202 lines which said: > > > The questions that the Fortune 50 company architec

Re: [DNSOP] Concerns around deployment of DNS over HTTPS (DoH)

*(Sincere apologies about the multi-posting but the discussion seems to be happening in different places...)* Hi, I'm involved with Chrome's DoH efforts. I've noticed a few drafts listing concerns about certain types of deployment for DoH. It appears that the key concerns are based on assumptio

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

In the below commentary, there are some use cases which are not being included On 2019-03-12 12:56 p.m., Christian Huitema wrote: On 3/12/2019 11:35 AM, Paul Vixie wrote: if someone is concerned that some of the web sites reachable through some CDN are dangerous... Paul, who is this so

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

> Il 12 marzo 2019 alle 19.56 Christian Huitema ha > scritto: > > You are saying that whoever happens to control part of the network path > is entitled to override the user choices and impose their own. Really? > As Stephane wrote, that may be legit in some circumstances, but much > more questio

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 3/12/2019 2:11 PM, Paul Vixie wrote: >> I don't see why, based on your argument, your concerns >> trump his. >> >> Can you explain? > he's trying to achieve a political aim using technology. that is not the > purpose for which the internet engineering task force, or the internet > itself, >

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

On 2019-03-12 1:15 p.m., Ted Hardie wrote: that's precisely the goal, because very few network operators can preordain the users and apps that will connect through their networks. but there are more than just network operators. There are security people at all levels of organizati

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On 2019-03-12 2:51 p.m., Paul Vixie wrote: ... development of protocols whose ideal state is "interoperability" and never more or less. slightly out of context, but I find the 'interoperability' context as an underlying definition worthy of support. _

Re: [DNSOP] [Doh] New I-D: draft-reid-doh-operator

On 2019-03-12 2:52 p.m., Ted Hardie wrote: the feasibility of this migration.  We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload.  For many of these ac

Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

On 3/12/2019 7:56 PM, Vittorio Bertola wrote: > The reaction I got from some policy people when I mentioned this kind of > arguments going on here is "when did the IETF get the mandate to decide for > everyone that content filtering by intermediaries is always bad? This is > matter for competi

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

> Il 13 marzo 2019 alle 4.39 Christian Huitema ha scritto: > > On 3/12/2019 7:56 PM, Vittorio Bertola wrote: > > The reaction I got from some policy people when I mentioned this kind of > > arguments going on here is "when did the IETF get the mandate to decide for > > everyone that content fil

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

Gentlemen, This conversation has gone to the zoo. What is or is not political doesn’t matter at this stage in the game, and neither is arguing over rights over bits. If people want to do that I suggest doing so in the HRPC WG and with a draft in hand. Flaming back and forth without an object

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

Please see inline From: Eric Rescorla Sent: Tuesday, March 12, 2019 9:28 PM To: Konda, Tirumaleswar Reddy Cc: d...@ietf.org; dnsop@ietf.org; dns-priv...@ietf.org; Vittorio Bertola ; Stephen Farrell Subject: Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertola-bcp-doh-clients CAUTION: External

Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

On 3/12/2019 9:25 PM, Vittorio Bertola wrote: >> Il 13 marzo 2019 alle 4.39 Christian Huitema ha >> scritto: >> >> On 3/12/2019 7:56 PM, Vittorio Bertola wrote: >>> The reaction I got from some policy people when I mentioned this kind of >>> arguments going on here is "when did the IETF get the

Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

On Tuesday, 12 March 2019 23:12:37 UTC Brian Dickson wrote: >... > I think there is a way to use technical design(s) to split hairs, i.e. I > think the side meeting > has the possibility of bearing fruit which is palatable enough for all > parties. i hope so. i will only be in prague from saturday

Re: [DNSOP] [Doh] [dns-privacy] New: draft-bertola-bcp-doh-clients

On Wednesday, 13 March 2019 00:36:32 UTC Stephen Farrell wrote: > Hiya, > > On 12/03/2019 22:51, Paul Vixie wrote: > > i have no qualms about confidentiality, for traffic allowed by a network > > operator. > > To me, the above reads as self-contradictory. If the traffic is > confidential the