> Il 22 agosto 2018 alle 7.18 Doug Barton <[email protected]> ha scritto: > On 08/21/2018 09:19 AM, Vladimír Čunát wrote: > > Ehm, we somehow forgot that this thread is supposed to be about DHCP, so > > that's only the "uninteresting" case where you do trust the ISP and want > > to use their DNS over a secure channel:-D > > This perspective that users "trust" their network environment is deeply > flawed. Users don't understand how any of this stuff works, and we > should not be making any decisions with that as a premise.
But we should also not make the premise that the user does not trust the network environment. It really depends on the situation. Also, there are cases in which the user perhaps does not trust his network, but his network has the right to enforce policies on the user: think at the employees on a corporate network. We should be making this enforcement easier, not harder - for example, adding ways for the network operator to communicate to DoH operators that certain restrictions have to be put in place for the users of its network. Moreover, even if the user does not trust his network and has the right to do something about this, you cannot also assume that he trusts his application maker or his destination website operator more than he trusts his network. Actually, if you define trust in terms of expectations, until now the users that understand what we are talking about expect their network operator to provide the resolver, not the application maker. The real problem here is that you cannot establish a trust model that is always valid, and the trust model that applies to a situation can be opposite to the model applying to another one, without any automatable way to distinguish among the two. This is also what makes this issue so thorny. You can decide that, in the end, the only way to get out of this is to entrust the user with the choice of who to trust, though, as you say, many users will not be able to make an informed choice. Or you can entrust the network operator or the DoH server operator: it is more likely to make competent choices, but in some cases might not make them in the user's interest, though in some cases it also has the right, or even the legal duty, to make choices that users dislike. All in all, I see no easy way to find a model and a policy that work in all cases. Regards, -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange [email protected] Office @ Via Treviso 12, 10144 Torino, Italy _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
