On 5/13/2020 3:19 PM, Andrew Campling wrote: > I also note that RFC 3552 (Guidelines for Writing RFC Text on Security > Considerations) includes section 2.3 on systems security so does > indeed look beyond the network. So, alongside RFC 7754 and RFC 6973, > there seem to be a good number of examples where the IETF has reached > consensus on documents with scope that extends beyond the network. > I’m unclear why this one should not.
Because we do not in fact have consensus on what to say. Also, if we want to tackle the topic of centralization, it should probably be best to decouple it from client system architecture. There are many forces pushing centralization, and it is very unclear that application configuration is the worst of them. For example, we see many ISPs subcontracting their DNS services to big centralized providers. We also see centralization of authoritative servers, with many web sites getting their DNS services from big providers. We see centralization in the TLD services, with many TLD registries subcontracting operations to specialized providers. Which means it is probably much simpler to leave the client system architecture discussions out of the rfc7626-bis draft, and start a separate effort to describe centralization issues. -- Christian Huitema
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
