> Il 22 marzo 2019 alle 4.40 Christian Huitema <[email protected]> ha scritto:
>
> Much of the debate is on the second point. One position is that users should
> be forced to trust the DNS resolver provided by the local infrastructure.
> Another position is that users have the right to apply their own policy and
> decide which server they will trust, based on some configuration.
I think this is a mischaracterization of the debate, which actually started
because of a third position that you don't mention: Mozilla's public statement
that in the future they will force (or, at least, make as a default -
clarification requests haven't solved the doubt yet) Firefox users to use a
remote resolver chosen within a shortlist that they will manage.
There are some people advocating that in some cases people should have to use
the local resolver so that the local network can monitor them and apply
policies, but that's always been limited to private / corporate / high security
networks. I don't think anyone has ever proposed that all users be always
required to use a local resolver, full stop; though, if DoH deployment
continues this way, I do see some governments - even in Europe - trying to go
in that direction, either by mandating the use of in-country resolvers or by
passing GDPR-style legislation that requires any global operator to apply
national DNS policies when serving their citizen, or be fined for 4% of their
revenues.
In the end, I think that everyone should agree on the principle of user choice
(which is actually the first recommendation in my draft). There will then be
some discussion on whether the local resolver should continue being the silent
default or not; though I note that the opposite policy, i.e. letting each
application pick its own default resolver, creates a fragmented mess of a
network and makes it much harder for the user to implement any practical
choice. But anything different than "users are fully in charge as far as they
want" is IMHO dangerous and unmanageable.
Regards,
--
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
[email protected]
Office @ Via Treviso 12, 10144 Torino, Italy
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
