On Fri, Sep 15, 2017 at 08:44:53AM -0700, The IESG wrote:
[...]
> Specification of how the DNS data may be used for new use cases, and
> the discovery of the DOH servers, are out of scope for the working group.
I disagree on this becoming a working group unless the charter says either:
a) Discovery is in scope
I have no specific preferences of what discovery is done, i just
think that the security discussion needs to take the discovery being used
into account. I can already see how DoH clients will just use some
configured IP address for the DoH server and accept whatever self-signed
TLS certs are being offered. And the industry thinks its great security
improvement because it uses TLS. I am sure there are enough people willing
to work on DoH that would be able to write down how to do that discovery piece
more securely, so why stop them doing it by writing "out of charter".
or
b) Security is optional. The documents will sprinkle some security fairy
dust in by mandating simple buzzwords like TLS Vmax so we can escape further
security discussions.
;-)
Cheers
Toerless