Re: [dns-privacy] [Last-Call] Review of draft-ietf-dprive-rfc7626-bis-03 - Section 3.5.1.1 Comments

[<mohamed.boucadair@orange.com>]

Hi all,

I agree with Vittorio.

FWIW, slide 6 of https://datatracker.ietf.org/meeting/104/materials/slides-104-maprg-dns-observatory-monitoring-global-dns-for-performance-and-security-pawel-foremski-and-oliver-gasser-01 shows that very few DNS providers are handling +53% of the traffic. It is fair to mention the risk to see such centralization further exacerbated. Of course, the one mentioned by Christian is to be called as well.

Cheers,
Med

De : last-call [mailto:last-call-bounces@ietf.org] De la part de Vittorio Bertola
Envoyé : mercredi 8 janvier 2020 12:42
À : Christian Huitema; Sara Dickinson
Cc : last-call@ietf.org; DNS Privacy Working Group
Objet : Re: [Last-Call] [dns-privacy] Review of draft-ietf-dprive-rfc7626-bis-03 - Section 3.5.1.1 Comments


Il 08/01/2020 09:10 Christian Huitema <huitema@huitema.net> ha scritto:


Centralization manifests itself in many ways. EKR is correct that big ISP do get a huge part of the traffic -- last time I checked, there was at least one ISP in China and another in India that served pretty much as many customers as Google DNS. There is also centralization at work due to outsourcing of the DNS service by ISP. This is a classic concentration path: an outsourcer that serves many ISP will achieve economies of scale and may be able to monetize the data flow, making outsourcing a viable option for the ISP. Experience predicts that competition between these outsourcers will exhibit "winners take all" dynamics leading to concentration. As EKR says, the move to third party resolvers may well counter concentration in the back end of the network. It could also achieve the opposite, but there are risks on both sides of this issue. I don't see how we can achieve consensus that one side of the risk is more dangerous than the other.
As I understood it, the purpose of the draft is to document all possible risks, and not necessarily to provide a consensus view on which ones are stronger or more important than others. Personally, I think that ISPs can "take all" on the scale of a single country/region but their "physicalness" makes it much harder for them to achieve dominance on a global scale, while third parties operating immaterial services over the network can more easily "take all" on a planetary level - but this is just a personal assessment, and I may just be wrong. So you could just state this view and the opposite one, and then the readers (the implementers using this as guidance) will then be free to decide which of these risks are more relevant to their use case, context and views of the world.

Thus I would suggest text that describes "both sides of the risk" and then leaves it to the readers to decide which one is more problematic for them.

--

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com<mailto:vittorio.bertola@open-xchange.com>
Office @ Via Treviso 12, 10144 Torino, Italy