On 2021-01-18 4:27 p.m., John Levine wrote:
They think DoH is swell, but not when it bypasses security controls
and leaks info to random outside people
Sage advice.
In the OPSAWG where RFC8520 (MUD) currently lives, we are trying to
codify advice to to IoT manufacturers about these things.
please see recently adopted: draft-ietf-opsawg-mud-iot-dns-considerations-00
The -01 coming out next week with many clarifications.
Most of the advice is of the form, "Doctor it hurts when I poke myself
in the eye", but there is a real tussle between shipping devices that
work even when the "luser" (or their monopoly ISP) has toasted their
local recursive server, vs privacy vs RFC8520 ACLs.
In fact, the reason I opened up the IMAP to dnsop (which I haven't time
to read regularly, sorry), is because I wanted to ask to present at
IETF110, with the hope of getting some additional review.
(I understand this WG decided not to standardize the term "QuadX", and I
would dearly like an equally terse replacement)
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
