On Tue, Aug 21, 2018 at 11:23 AM, Vittorio Bertola < [email protected]> wrote:
> Still, I'm all in favour of encrypting and authenticating DNS connections > when you are in that situation. However, this should not be done in a way > that breaks many other use cases. > How do we know when we are in that situation and not in some other situation? I think this is a solvable problem, but we have to say what the solution is. That's what I've been advocating for here. Yes, but that's the law. I still don't get how is it possible that the IETF > is releasing a technology openly designed to allow people to break the law. > In my part of the world, this is ethically unacceptable, and possibly also > illegal. > It's illegal in some countries for women to drive. Should we stop making cars? Is it ethically unacceptable to make cars because women might use them to violate this law in jurisdictions where it exists? Why would you ever use an ISP that you don't trust and that is positively > evil? > There is often no alternative. > Ok, this is the real issue. There is no reason why, but this is how it is > being deployed, starting with Mozilla. And I have yet to see a statement > from the DoH community that Mozilla's idea of making DoH the default and > disregarding whatever resolver is being configured in the system via DHCP > is not a good one. Actually, during the discussions in Montreal there were > people talking about centralized DNS operators paying the browser makers to > get their DNS traffic, and then monetizing it to get back the money. How > can this be presented as "more privacy" is baffling. > The DoH community does not have consensus on this, so it can't make a statement about it. > Perhaps what we are missing is just a set of policy guidelines on how DoH > should be deployed by operators and application developers, though I do not > know how you could then enforce them. > We can't write a set of policy guidelines. That's an issue that will vary by jurisdiction. What we can do is document the threat model, document the use cases, and talk about how to address them.
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
