On Wed, Dec 18, 2019 at 7:07 AM Sara Dickinson <[email protected]> wrote:
> > Suggest the following text with the goal of getting consensus that the > opinion exists and is held by many network operators, not that the opinion > itself has consensus: > > OLD: > “ In some cases, networks might block access to remote resolvers for > security reasons, for example to cripple malware and bots or to prevent > data exfiltration methods that use encrypted DNS communications as > transport. In these cases, if the network fully respects user privacy in > other ways (i.e. encrypted DNS and good data handling policies) the block > can serve to further protect user privacy by ensuring such security > precautions." > > NEW: > “ Many network operators argue that they block access to remote resolvers > for security reasons, for example to cripple malware and bots or to prevent > data exfiltration methods that use encrypted DNS communications as > transport. Further discussion of Internet service blocking and filtering > can be found in [RFC7754]." > Well, this is a new form of "many people are saying..." to me. I sent a few messages about specific sections of this document, which are yet to be addressed, but I also think the entire document is misguided and shouldn't be published. It seems to contain a lot of "both sides" rhetoric that is ungrounded in technical matters, and not appropriate for the IETF to publish. For example, a reasonable person might look at ways of preventing and/or uninstalling malware rather than relying on DNS to block it. thanks, Rob
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
