> On 9 Apr 2020, at 14:24, Eric Rescorla <[email protected]> wrote: >
<snip> >> >> How about making the last sentence a little more specific instead: >> >> If not, then (depending on the application and transport used for DNS >> queries) users should take note that they may not be able to inspect the DNS >> queries generated by such applications, or manage them to set consistent >> application-level controls across the device for e.g. domain based query >> re-direction or filtering. “ > > If the feeling is that it is really needed then I would suggest text that is > consistent with that used in section 3.5.2.1, for example: > > “ In addition, if a client device is compromised by a malicious application, > the attacker can > use application-specific DNS resolvers, transport and settings of its own > choosing.” > > Sort of. This seems like it still buries the lede. > > "Note that if a client device is compromised by a malicious application, the > attacker can use application-specific DNS resolvers, transport and settings > of its own choosing and thus will not be affected by these controls.” By 'these controls’ do you mean any controls that the malicious application appears to offer to the user? If so, then does this capture your point: "Note that if a client device is compromised by a malicious application, the attacker can use application-specific DNS resolvers, transport and settings of its own choosing regardless of what DNS configuration the malicious application may appear to offer the user (if any).” Sara.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
