> On 31 Dec 2019, at 22:35, Rob Sayre <say...@gmail.com> wrote: > > On Wed, Dec 18, 2019 at 7:07 AM Sara Dickinson <s...@sinodun.com > <mailto:s...@sinodun.com>> wrote: > > Suggest the following text with the goal of getting consensus that the > opinion exists and is held by many network operators, not that the opinion > itself has consensus: > > OLD: > β In some cases, networks might block access to remote resolvers for security > reasons, for example to cripple malware and bots or to prevent data > exfiltration methods that use encrypted DNS communications as transport. In > these cases, if the network fully respects user privacy in other ways (i.e. > encrypted DNS and good data handling policies) the block can serve to further > protect user privacy by ensuring such security precautions." > > NEW: > β Many network operators argue that they block access to remote resolvers for > security reasons, for example to cripple malware and bots or to prevent data > exfiltration methods that use encrypted DNS communications as transport. > Further discussion of Internet service blocking and filtering can be found in > [RFC7754]." > > Well, this is a new form of "many people are saying..." to me. I sent a few > messages about specific sections of this document, which are yet to be > addressed, but I also think the entire document is misguided and shouldn't be > published. > > It seems to contain a lot of "both sides" rhetoric that is ungrounded in > technical matters, and not appropriate for the IETF to publish. > > For example, a reasonable person might look at ways of preventing and/or > uninstalling malware rather than relying on DNS to block it.
I think you misunderstood the point of the document. As the abstract says βIt is intended to be an analysis of the present situation and does not prescribe solutions.β The original RFC was published on this basis, this document just extends the analysis. Sara.
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
