IETF Logo Mail Archive

Re: [dns-privacy] Trying to understand DNS resolver 'discovery'

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 26 November 2019 18:36 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CC43120A93 for <dns-privacy@ietfa.amsl.com>; Tue, 26 Nov 2019 10:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.159
X-Spam-Level:
X-Spam-Status: No, score=-0.159 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.244, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vAKLFnwEtFLA for <dns-privacy@ietfa.amsl.com>; Tue, 26 Nov 2019 10:36:08 -0800 (PST)
Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com [209.85.210.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05422120B1F for <dns-privacy@ietf.org>; Tue, 26 Nov 2019 10:34:51 -0800 (PST)
Received: by mail-ot1-f41.google.com with SMTP id z25so16793203oti.5 for <dns-privacy@ietf.org>; Tue, 26 Nov 2019 10:34:50 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IvAncyb5oyb4HuIApYfodXrd6j38KdsXIMJulYv9G+I=; b=AgR6M8hyWzVsUKcvlXqnCpso22KYW7gHx7ZpBD8f6+jlzLVFIfgv6lkvgi9xIHGMRd I5nImG07uGE+JXGXb01uTRCJ8N/jBcxTdonS2kJLFqU8zSPEof9v8I80+bevyHNuwELN P6q3mbZXXSPr37blMm/qh8BeR3F2JZOm3UR2ntlQ+zxPJI31mBhkPY7M35Lb6Qzwanhp 1XpyBwuHDucZa7Gamn/A4kRRWofGX/IeTvUW2NnZhOoveOqZtaFvp5K55gitKaLzlPfx BcbAOXszSzOYDrK3bdg1iHyrOM3qt10mSj0oCiNW67pWIbZka3R0wX3UYXUzu+G7zMYj kkFQ==
X-Gm-Message-State: APjAAAWN0oqA1tYT7wsmH0uPdJF/crWKEtFwe5PsJfCeA02yJFSSMau2 iZD5RcKfyyOCkLm7qZjZbQB/Lyyuwse4GFkPMYw=
X-Google-Smtp-Source: APXvYqyjyTQZwYy45xGO9IdVn0ZUYaexx2Ti/npty8GrOkYS3hqfm6giLkkoNtHLaVhZGIIQcemyLNifnPr1NRolvPE=
X-Received: by 2002:a9d:6f15:: with SMTP id n21mr316922otq.231.1574793290158; Tue, 26 Nov 2019 10:34:50 -0800 (PST)
MIME-Version: 1.0
References: <CAMm+Lwig+90Riqav6BT6D-0n4pZJFgAr3p996Q+qXJSPt0kqBQ@mail.gmail.com> <20191126180441.GA4452@sources.org>
In-Reply-To: <20191126180441.GA4452@sources.org>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Tue, 26 Nov 2019 13:34:38 -0500
Message-ID: <CAMm+LwgVvWpJBDWACS7A61j7Ae3DTRo5phdH5iRhA7nT11wOKw@mail.gmail.com>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: dns-privacy@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a798a00598442256"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/GnR0ufdC6SJxg6KsyNxrEtbT8ik>
Subject: Re: [dns-privacy] Trying to understand DNS resolver 'discovery'
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2019 18:36:09 -0000

On Tue, Nov 26, 2019 at 1:08 PM Stephane Bortzmeyer <bortzmeyer@nic.fr>
wrote:

> On Tue, Nov 26, 2019 at 12:35:13PM -0500,
>  Phillip Hallam-Baker <phill@hallambaker.com> wrote
>  a message of 166 lines which said:
>
> > 2) Admin/User Configured DNS
> >     The client obtains the information to connect to a resolver through
> an
> > Administrator or User configuration action. This may be inserting an IP
> > address (8.8.8.8/1.1.1.1/etc) or some form of DNS label.
> >
> > 3) Application/Platform Provider Configuration.
> >     The application or OS platform can simply ignore user preferences and
> > choose a DNS provider of its own liking.
>
> Note that, for free software, there is no real difference between 2)
> and 3). Someone can always change the source and recompile. (And there
> is of course no real privacy without free software.)
>

A very small number of people have that ability. It is not possible for the
typical iOS user for example.

>From my perspective, the user is the only valid source of authority. The
user must have control of their environment (unless they are at work and
know that they have surrendered control in return for a consideration).




> > But please, assure me that we are not the brink of users being faced
> > with pop ups asking them 'would you like to choose me as your DNS
> > provider'.
>
> Why not? But, anyway, the IETF does not do UI so it's not really our
> job.
>

Modern Web browsers have countless security blunders. Allowing sites to do
pop ups at all was an abomination.

Saying we don't do UI in this case is like saying we don't do security.
Changes to the security configuration should only be initiated by the user.

v2.23.0 | Report a Bug | By Email