On 3/10/2019 4:07 PM, Vittorio Bertola wrote: > Honestly, I understood it differently - at this point in time they are > doing tests on whether their resolver performs better or worse than > the system's one, but their announced model is that Firefox will adopt > a DoH resolver (though it's unclear how it will be chosen) and it will > just use that one. But if people from Mozilla could make a clearer > announcement on what their plans currently are, that would be good. > Still, most of the issues arise whenever an application, for whatever > reason and under any mechanism, starts to use one or more resolvers > different than the one set up in the operating system: even if it used > more than one, you would still get many of the issues listed in the > document (though, if it used more than one at the same time, I think > you'd actually also get some new specific issues, so we'd need to add > a discussion of this possibility).
Your view of operating systems and applications is firmly rooted in history, which is another way to say in the past. The evolution in the past years points to a systematic deconstruction of that relation, with for example virtual machine, containers, or the trend to move network stacks out of the operating system and into the application. This is pretty obvious for security stacks, but it is also becoming very clear with QUIC and transport stacks. There are two big drivers: portability, and rapid adoption of innovation. These two drivers apply to DNS just like they apply to transport. Putting QUIC in application space allows for immediate provision of innovations like 0-RTT, head-of-queue blocking mitigation, or the better crypto of TLS 1.3. Similarly, putting DNS in user space allows for immediate adoption of DNSSEC and privacy enhancements, even when the operating system or the local network does not support them. That genie is not going back in the bottle any time soon. -- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
