I have to say it but almost certainly Ill stop using any software that choses at any point to silently choose what I mean by the word privacy. (using a large scale American provider fior doh example). This is simple you allow choice but that choice MUST be both visible and explicit on what the choice means in terms of how it affects privacy. No lies and half truths and no defaults changing the risks I know about.
Note, I guarantee certain US organisations are loving the idea that large percentages of worldwide DNS might go to a small number of American companies. Those companies will be receiving little letters and they WILL be forced to silently comply. Oh and in the general case did anyone weigh up total privacy. That is does this decrease security by removing visibility of bad things such that the likelihood of data breaches and thus privacy invasion is in total far worse than it was before creating the DoH protocol? Alister ________________________________ From: Doh <[email protected]> on behalf of Eric Rescorla <[email protected]> Sent: Friday, March 22, 2019 8:35 am To: Vittorio Bertola Cc: dnsop; DoH WG; Christian Huitema; Wes Hardaker Subject: [EXTERNAL] Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator On Fri, Mar 22, 2019 at 12:53 AM Vittorio Bertola <[email protected]<mailto:[email protected]>> wrote: > Il 22 marzo 2019 alle 4.40 Christian Huitema > <[email protected]<mailto:[email protected]>> ha scritto: > > Much of the debate is on the second point. One position is that users should > be forced to trust the DNS resolver provided by the local infrastructure. > Another position is that users have the right to apply their own policy and > decide which server they will trust, based on some configuration. I think this is a mischaracterization of the debate, which actually started because of a third position that you don't mention: Mozilla's public statement that in the future they will force (or, at least, make as a default - clarification requests haven't solved the doubt yet) Firefox users to use a remote resolver chosen within a shortlist that they will manage. I'm not sure where you have attempted to clarify this point (I think we've been clear on this point at https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhacks.mozilla..org%2F2018%2F05%2Fa-cartoon-intro-to-dns-over-https%2F&data=02%7C01%7Calister.winfield%40sky.uk%7C7e9a280a7ea649d80ec408d6aea15daf%7C68b865d5cf184b2b82a4a4eddb9c5237%7C0%7C0%7C636888405417671655&sdata=it0Fg12iOaBUyYOhwn2KxeUx76UgZhytVtGS%2BmuwXHM%3D&reserved=0>) Regardless of what the default is, users will be able to disable DoH. -Ekr -------------------------------------------------------------------- This email is from an external source. Please do not open attachments or click links from an unknown or suspicious origin. Phishing attempts can be reported by sending them to [email protected] as attachments. Thank you -------------------------------------------------------------------- Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trademarks of Sky Limited and Sky International AG and are used under licence. Sky UK Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration No. 2067075), Sky Subscribers Services Limited (Registration No. 2340150) and Sky CP Limited (Registration No. 9513259) are direct or indirect subsidiaries of Sky Limited (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
