I have to say it but almost certainly Ill stop using any software that choses 
at any point to silently choose what I mean by the word privacy. (using a large 
scale American provider fior doh example). This is simple you allow choice but 
that choice MUST be both visible and explicit on what the choice means in terms 
of how it affects privacy. No lies and half truths and no defaults changing the 
risks I know about.

Note, I guarantee certain US organisations are loving the idea that large 
percentages of worldwide DNS might go to a small number of American companies. 
Those companies will be receiving little letters and they WILL be forced to 
silently comply.

Oh and in the general case did anyone weigh up total privacy. That is does this 
decrease security by removing visibility of bad things such that the likelihood 
of data breaches and thus privacy invasion is in total far worse than it was 
before creating the DoH protocol?

Alister


________________________________
From: Doh <[email protected]> on behalf of Eric Rescorla <[email protected]>
Sent: Friday, March 22, 2019 8:35 am
To: Vittorio Bertola
Cc: dnsop; DoH WG; Christian Huitema; Wes Hardaker
Subject: [EXTERNAL] Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator



On Fri, Mar 22, 2019 at 12:53 AM Vittorio Bertola 
<[email protected]<mailto:[email protected]>>
 wrote:


> Il 22 marzo 2019 alle 4.40 Christian Huitema 
> <[email protected]<mailto:[email protected]>> ha scritto:
>
> Much of the debate is on the second point. One position is that users should 
> be forced to trust the DNS resolver provided by the local infrastructure. 
> Another position is that users have the right to apply their own policy and 
> decide which server they will trust, based on some configuration.

I think this is a mischaracterization of the debate, which actually started 
because of a third position that you don't mention: Mozilla's public statement 
that in the future they will force (or, at least, make as a default - 
clarification requests haven't solved the doubt yet) Firefox users to use a 
remote resolver chosen within a shortlist that they will manage.

I'm not sure where you have attempted to clarify this point (I think we've been 
clear on this point at
https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacks.mozilla..org%2F2018%2F05%2Fa-cartoon-intro-to-dns-over-https%2F&data=02%7C01%7Calister.winfield%40sky.uk%7C7e9a280a7ea649d80ec408d6aea15daf%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C636888405417671655&sdata=it0Fg12iOaBUyYOhwn2KxeUx76UgZhytVtGS%2BmuwXHM%3D&reserved=0>)

Regardless of what the default is, users will be able to disable DoH.

-Ekr




--------------------------------------------------------------------
This email is from an external source. Please do not open attachments or click 
links from an unknown or suspicious origin. Phishing attempts can be reported 
by sending them to [email protected] as attachments. Thank you
--------------------------------------------------------------------

Information in this email including any attachments may be privileged, 
confidential and is intended exclusively for the addressee. The views expressed 
may not be official policy, but the personal views of the originator. If you 
have received it in error, please notify the sender by return e-mail and delete 
it from your system. You should not reproduce, distribute, store, retransmit, 
use or disclose its contents to anyone. Please note we reserve the right to 
monitor all e-mail communication through our internal and external networks. 
SKY and the SKY marks are trademarks of Sky Limited and Sky International AG 
and are used under licence.

Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited 
(Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 
2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect 
subsidiaries of Sky Limited (Registration No. 2247735). All of the companies 
mentioned in this paragraph are incorporated in England and Wales and share the 
same registered office at Grant Way, Isleworth, Middlesex TW7 5QD
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to