Moin!
On 22 Nov 2018, at 17:26, Paul Hoffman wrote:
DoH did not suddenly allow browser vendors to do something new:
they've been able to do exactly what DoH is standardizing for more
than 20 years. Saying that the IETF is reducing the privacy is
completely incorrect. What the DoH standard did is make it so that
browser vendors (and, to a much smaller extent, web applications)
could reach a larger variety of DNS servers in a standardize way.
Well everybody can send random protocols over the Internet without
standardisation. It usually works. We still have standards for lots of
stuff usually because we want it to become ubiquitous. If privacy was
the only concern there is an older protocol you should be aware of
(RFC7858 ;-) that can accomplish that. RFC8484 is just adding another
layer beside it for those who only understand http ;-).
If you want to prevent over-centralization of queries going to a small
number of large resolvers, you should be making it easier for resolver
operators of all sizes to become DoH servers.
Well there is a cost for deploying these protocols. This cost can be
easily absorbed by the companies that have a large web presence already,
are distributed worldwide and might even gain a commercial advantage by
directly talking to the end users. These costs are harder for ISP who
are used to handle hundreds of thousands of users with a single DNS
server.
Also on the centralising aspect there are single digit browser vendors,
maybe double digit OS vendors, but there are multiple thousands of ISP
around the world and usually also a lot of different ones in a country a
user can choose from. So any singular decisions on browser or OS vendors
has a much larger impact than what an ISP can do with it. Pointing this
out especially as there were steps taken by browser vendors that could
lead towards that centralisation is a valid point IMHO.
And to be honest I personally think that name resolution is an OS
function and not something an application should do, but I’m just an
old grey bearded unix sysadmin.
So long
-Ralf
—--
Ralf Weber
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
