Ted Lemon wrote on 2019-02-12 12:07:
On Feb 12, 2019, at 11:04 AM, Paul Vixie <[email protected]
<mailto:[email protected]>> wrote:
actually, there are other choices.
I may have failed to communicate. What I mean is that you said that
you can detect all nefarious traffic, but you can’t detect DoH, which to
you is nefarious. What I’m saying is that there’s no such distinction,
or at least if there is at present, it is a temporary situation.
i realize that the political tacticians who designed DoH are searching
for a world in which network operators have no control plane choices. i
think they're proceeding from the mistaken belief that all control is
evil, and that all network operators are equally deserving of
disintermediation. and other mistaken beliefs as well, which i won't
enumerate.
Of course you have choices about what to do about this; my point is not
to suggest that you do not.
whether the situation turns out to be temporary or not is important to
your final argument. probably you shouldn't go there so soon. spammers
also believe that network operators should not be able to control their
own networks, and malware authors, and botnet creators, and IoT
innovators, and surveillance capitalists. none of those matters seem
like they are, or will ever be, settled. so, none are "temporary".
my network, my rules. anyone who acts otherwise will be treated by me as
an adversary, even folks like mozilla who have been fellow travelers for
decades now, if they continue to pursue unblockable endpoint technology.
--
P Vixie
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
