Hiya, One individualistic data point on this sub-topic, and a real point:
On 20/03/2019 01:13, Jared Mauch wrote: > My impression is there are people who will not be satisfied until all traffic > looks > identical and you have zero way to protect your home, I would be happier if my home emitted no cleartext and have no intention of MITMing any TLS in my home. And that leaves me with plenty of ways to protect my home network (and as an aside that is absolutely not the same as protecting my home at all - such overstatement still doesn't help the discussion). For example, I discourage use of certain OSes, products and services, and try help the people using the network to understand enough about what they're doing to be less than randomly unsafe. Of course I have some f/w rules and do some monitoring but I would never use a net-nanny type thing. I do not claim that everyone ought do the same, but I absolutely do claim that encouraging voluntary policy adherence by dealing with the people using the n/w is preferable to many egregiously invasive attempts to force technical policy enforcement on unwilling serf-like users. And to be clear (but repetitive, sorry;-) my general point is that my policy is not the only defensible one, just as yours is not, (even if you claim it is). And nor is Paul V's - "My network, my rules" can also mean a much more permissive technical enforcement regime than is often assumed when hearing such a forceful-sounding catchphrase. Not all policies need to be enforced technically. Cheers, S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop