Hi, I have no objection to a WG forming, but I have some concerns about the charter. On 9/15/17 5:44 PM, The IESG wrote: > > This working group will standardize encodings for DNS queries and responses > that are suitable for use in HTTPS. This will enable the domain name system > to function over certain paths where existing DNS methods (UDP, TLS, and DTLS) > experience problems. There is a fundamental question that is left open in the charter: is the HTTPS server intended to be a substitute for a resolver, or is intended to provide name service for domains related to the authority section of the URL used to connect to the current service? There is some hint along the lines of the latter in the draft, and I see nothing wrong with that use, and could see quite a bit of benefit, because the browser would be following the express intent of the origin. On the other hand, if this is intended to be used as a full scale replacement of a resolver, the placement of that resolver and more precisely locality would become a big operational issue for all sorts of reasons, such as anti-malware protection, split dns behavior, split personalities across applications that might impact non-participating web services, and more. And yet.. > The working group will coordinate with the DNSOP and INTAREA working groups > for input on DNS-over-HTTPS's impact on DNS operations and DNS semantics, > respectvely. In particular, DNSOP will be consulted for guidance on the [nit - s/respectvely/respectively/] > operational impacts that result from traditional host behaviors (i.e., > stub-resolver to recursive-resolver interaction) being replaced with the > specified mechanism. > > Specification of how the DNS data may be used for new use cases, and > the discovery of the DOH servers, are out of scope for the working group. The last sentence seems to put the cart before the horse. How about letting the working group decide in consultation with dnsop and intarea whether or not to handle discovery? The fact is, you are not leaving discovery out of scope. You are making a decision that discovery will take place either in a proprietary way, on an ad hoc basis, or via manual configuration, but you are ruling out a standard discovery mechanism. Eliot > > The working group will use draft-hoffman-dispatch-dns-over-https as input. > > Milestones: > > Apr 2018 - Submit specification for performing DNS queries over HTTPS to > the IESG for publication as PS > > >
Attachment:
signature.asc
Description: OpenPGP digital signature