> On Oct 8, 2020, at 5:42 AM, Vittorio Bertola > <[email protected]> wrote: > > > >> Il 08/10/2020 06:16 Barry Leiba via Datatracker <[email protected]> ha >> scritto: >> >> On her second point, I’ll go in a different direction: it’s bordering on >> silly >> to think that any real end user can be said to “be aware of and have the >> ability to control” anything related to DNS settings and resolution options. >> If “users” refers to those of us writing these specs, sure. But when we’re >> talking about our siblings and cousins and parents, who are doctors and >> nurses, >> chefs and bakers, bank tellers and car mechanics, there is no hope of >> awareness >> and understanding of the choices and their consequences, nor that any form of >> “communicate clearly” will really accomplish anything. I see little to >> recommend pretending that it will. > > I see your point, but then, this clashes with the picture of "8.8.8.8" > painted on a wall in Istanbul that has been abundantly circulated as evidence > in favour of encrypted DNS, to support the importance of letting average > users control their choice of DNS resolvers when they do not trust their > government and their Internet access provider. > > As another example, a few days ago I was checking online discussion forums > for user reviews of a new fiber provider, and one of the most often noted > points was that their CPE doesn't let users change the DNS settings that are > then broadcast to devices via DHCP(*). It was not a minor issue; several > messages in the thread were discussing it, with some people even saying "this > is the reason why I am not choosing them". Of course only smarter users go to > an online forum and discuss fiber providers, yet these were in no way DNS > professionals or even Internet professionals. > > So I think the truth lies somewhere in the middle - most users do not care or > even understand what DNS is, but lots of them do, especially when one of the > two following motivations comes up: > 1. "the Internet" doesn't work because the resolvers don't work, or > 2. changing DNS resolvers allows access to previously forbidden content (for > multiple, differently desirable cases of "forbidden"). > > IMHO there is enough of these two cases to warrant preserving the user's > ability to control the choice of resolvers if they want (except that, in my > opinion, in democratic countries they should never be allowed to use this > ability to circumvent their own national laws and policies, but I know that > some people disagree).
As far as the text in the document goes, I think it’s fine to say that the best practice is to provide configuration controls for users who want to use them. But recommending some level of awareness for users in general does not seem actionable or realistic. Alissa > > > (*) which, by the way, made me think that those recommendations should not > only apply to "applications". > > -- > Vittorio Bertola | Head of Policy & Innovation, Open-Xchange > [email protected] > Office @ Via Treviso 12, 10144 Torino, Italy > _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
