On 18/03/2021 16.42, Tommy Pauly wrote: > >> On Mar 18, 2021, at 8:32 AM, Eric Rescorla <[email protected]> wrote: >> >> On Thu, Mar 18, 2021 at 5:02 AM Tomas Krizek <[email protected] >> <mailto:[email protected]>> wrote: >> I oppose adoption. >> >> The draft introduces huge amount of additional complexity, both for >> implementors and operators of DoH. This raises the bar for both smaller >> vendors and operators, thus leading to more centralization. >> >> This seems like an odd argument. We shouldn't do something that's >> a manifest increase in privacy (even as experimental!) because it's >> work to implement? > > I would also point out that no one is asking that generic recursive resolvers > implement this strategy, not only because it would be experimental. Certainly > there would be no expectation that all DoH servers support this. Instead, > cases where clients are particularly concerned about revealing client IP and > identity to very large public resolvers benefit more from this. The intent of > having an experimental RFC is to have a common way to achieve that goal.
I'm just pointing out that due to the complexity of both supporting and operating such setup, only very few implementations and very large providers could use it. Since the draft doesn't address the underlying issue for DoT or DoQ and might be subject to be obsoleted in the future by OHTTP, I think work to improve privacy is better spent elsewhere. -- Tomas Krizek PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
