> Il 02/03/2020 16:16 Sara Dickinson <[email protected]> ha scritto: > > Suggest: > > "For users to have the ability to inspect and control the > application-specific DNS settings in a similar fashion to the OS DNS > settings, each application also needs to: > > o expose the default settings to the user > > o provide configuration options to manually override the default > settings so that resolution is performed via > * user specified resolvers > * the resolvers configured into the system settings > * the system resolver via conventional API calls > > If all such applications are updated to use the system resolver, as > described in the last bullet point, the device reverts to a single point of > control for all DNS queries." > I don't want to nitpick, but I'd point out that from the policy/privacy viewpoint what is important is which resolver is used, not (as long as it does not add any specific new privacy risk) the interface used to contact it - so the second and third "*" bullets are functionally equivalent and it would be fine if an application provided only either one of the two.
In theory, one could say that the two interfaces are not completely privacy-equivalent, since the use of the system API introduces one more party that gets access to data, i.e. the operating system - so one could argue that applications should bypass the OS to prevent it from spying over the user's DNS traffic, exactly like they do with the network. If this is what we want to argue, then we should remove the last "*" bullet. However, exactly as the network, the OS might want to exert some general policy over the user's DNS traffic, such as monitoring infections or filtering specific destinations, so I don't know if such a recommendation would be beneficial in the end. -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange [email protected] mailto:[email protected] Office @ Via Treviso 12, 10144 Torino, Italy
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
