> Il 07/04/2020 18:22 Eric Orth <[email protected]> ha scritto: > > > "consistent application-level controls across the device" > > Right there is where followers of the misunderstanding will read this > text incorrectly. Browsers and other non-malicious applications allowing > control does not guarantee consistent application control. > Thanks, now I get the point. But it is in line with Sara's text, which starts with an "if": "If all of the applications used on a given device also provide a setting to use the system resolver, then the device can be reverted to a single point of control for all DNS queries." (I have no problems in replacing the movement verb "revert" with a static one). Of course DNS-based malware won't provide that setting, and it's fine to add a warning to the user that not all the applications will comply with the best practice that we are suggesting, though it's also implicit in the concept of a best practice.
The point that I'd like to have in the text is that it would be good if at least the well-intentioned applications empowered their users, so that those few smarter ones that really want to pick their resolver have a simple way to do so. Ideally, the OS would have a way to signal to all applications that the user explicitly wants a specific resolver, rather than whatever default is suggested by the application and/or by the network, so that applications pick up that preference without even requiring the user to manually configure each of them; the preference could even be for a deployment/discovery model rather than for a single specific resolver. Anyway, I'm fine with Sara's latest text proposals. -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange [email protected] mailto:[email protected] Office @ Via Treviso 12, 10144 Torino, Italy
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
