On Nov 23, 2018, at 2:45 AM, Vittorio Bertola <[email protected]> wrote: >> Please stop with the "IETF is disrupting" stuff. No one forces anyone to use >> DoT or DoH. Both were features that the user communities asked for, and the >> user communities will ask for changes when they get deployed. > Which user communities are you referring to?
Users of browsers. > It doesn't look like there is much request for DoH in the ISP and DNS > operator community - actually, I see more and more pushback. The current round of pushback, all of which appeared after the standard was finished, seems to mostly be coming from DNS vendors, not ISPs or DNS operators. During the development of the DoH standard, people from many DNS vendors (including the one you work for) contributed to the spec without objection in the WG. > If you talk about the end-users of the Internet, where and when did they ask > for this, and how many users actually want this? By choosing a browser. That's the best metric we have, unfortunately, since most of them can't choose their ISP based on the type of DNS service their ISP offers. > Because I am quite sympathetic with any dissident community under > authoritarian regimes, but in Europe there currently are millions of > end-users that use DNS-based security and parental control filters, for > example. The ratio would be something like 10'000 people who happily and > voluntarily ask their ISP to, as you say, "lie" on DNS queries (and will lose > this service if their browser starts to direct their DNS queries somewhere > else) We cannot be sure that they will lose such a service: we still have no idea how browser vendors will offer DoH. I suspect that if they offer it in a way that causes users to get fewer of the services that they have now, those browsers will (correctly) get castigated. > for every dissident that absolutely needs Cloudflare to get all his DNS > queries by default because he is planning to overthrow the government but > does not know how to get into Firefox's preferences and manually set the name > server to 1.1.1.1. (Technical note: Firefox never sent DoH queries to 1.1.1.1.) > Sorry if I am being sarcastic, but these DoH "pro user" claims sounds quite > unrealistic to me, and just an excuse for business interests and more Silicon > Valley data greediness - or, as a minimum, they reflect an incomplete, > partial view of what users want. We fully agree here. There are no good metrics for why users pick one browser over another. In their absence, we have to assume gross overall usage which is absolutely "an incomplete, partial view of what users want". But the same is true fo how they pick an ISP based on that ISP's DNS service offerings. As PaulW pointed out earlier in the thread, we know that many ISPs give local addresses to a resolver that simply forwards to 8.8.8.8 (or presumably to other open resolvers). Users have zero visibility to those practices as well. This thread comes down to "we think applications should not do X", as if we have now become the application police. It's fine to say "doing X has these negative effects" so that the application vendors will become aware of that, but we still have no idea if any application will even do X at this point. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
