Re: [dns-privacy] Barry Leiba's No Objection on draft-ietf-dprive-rfc7626-bis-06: (with COMMENT)
Alissa Cooper <alissa@cooperw.in> Thu, 08 October 2020 12:50 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A0AE3A0ADE; Thu, 8 Oct 2020 05:50:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cooperw.in header.b=YpWZoWgO; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=BhWaUh/w
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZU32pRE9L-I; Thu, 8 Oct 2020 05:50:08 -0700 (PDT)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 835C33A0A94; Thu, 8 Oct 2020 05:50:08 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 3FBAEBE8; Thu, 8 Oct 2020 08:50:06 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Thu, 08 Oct 2020 08:50:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cooperw.in; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=U xu1Uye5xqiBUexyYR7K3ZItoWnVr2v3VTmlPlkvK88=; b=YpWZoWgON1tshbF7a DUWjp8ROQ+2G4CwtEEndwNXvdFLpOTq6ozm6kXoFxzZf2li2AaAvlWwPUZ7bZDvV hwKs/3IVBouw/DpJUeazd5woJPKg3dJSyzqzPNJ0+njTJt5mKj9Kz60WzjUUm+yL KxOIA/pIuCgaKfVecyYzTorj0GYtMF7QGP5/UC3fIkqPOiLUoD9K+OMaKSmG9DGv +ctrEJb4CtO3gxJIU7YUb3XFcY74Cs6vKXCiwoJZe+Prq7TsbiHym6QTIGJLqqP6 kgGeljYctZU13hozXqK8LCJWhxGw14oWqDGhZqxqVavt+hNdzxifqGjOEGy63OAE LCtQQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=Uxu1Uye5xqiBUexyYR7K3ZItoWnVr2v3VTmlPlkvK 88=; b=BhWaUh/wj4TdJsSKbb/QJk/DONzexGW1wsbr1dNx41Jk5cjpIFO1CWPfr GymEsFJokuBz1Ad+Rm2jg2iGW7CyP86heSOk0lV+Grz9/pTsp/oVfv+5xeesh0Zf 2fLPIcCT6Vti6HOYSwq/bX+azMuDVsZw+3z2Sv8CV0ypzjPjU5f3lS3dbD1UH8a+ EgGdzXa89SCUXVeOJ60C6Uoru92gxYR/rLg8BK5bkHkgHLXP8o24kM7Iyvjv1szZ RY0rjRWg+oIEM49f8pYsdIPwfTFKQ3aBVB+ato3r4HMmw1WttIW9Za+ewvce7R1R lpXAfrTjMlfkoUwaH30RZzbUVD5kw==
X-ME-Sender: <xms:_Ap_XwxXv8cX-5fhJDBgnXd1ABr_aSPpHPsO5gC3dVv607nARNkt-A> <xme:_Ap_X0T0suMrwxSHAwWrEfPZup2QU1yeccqNYbgdp6QBeBHwKnwlng49PisK7hLjM Gdcn3ryQqSjtPchOQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrgeelgddvlecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpegtggfuhffrjgffgffkfhfvofesthhqmhdthhdtjeenucfhrhhomheptehlihhs shgrucevohhophgvrhcuoegrlhhishhsrgestghoohhpvghrfidrihhnqeenucggtffrrg htthgvrhhnpeeuteejjeeljeekgfetueefhfdvfedvtefhffdvjedtveelveeifeeiveff iedugfenucfkphepuddtkedrhedurddutddurdelkeenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrlhhishhsrgestghoohhpvghrfidrihhn
X-ME-Proxy: <xmx:_Ap_XyVxt9iAfHeBD13cMaKjGD5U_CBnDcHJ1f4aCA2In6jQj8XW7A> <xmx:_Ap_X-jWwb6U5WXAZWyJLUP9RVP7UWdofuMVtnR7Wx5B5rgmiT5k5Q> <xmx:_Ap_XyC1wOmpZ-NPn4TLGGn-qHk011RrT7Hu-kCi9yNj7fgxRqcIyA> <xmx:_Qp_X1NGwZzp9-egdAZz9KQfl03lPght16E6An3eroomVAJAwCWIuQ>
Received: from alcoop-m-c46z.fios-router.home (pool-108-51-101-98.washdc.fios.verizon.net [108.51.101.98]) by mail.messagingengine.com (Postfix) with ESMTPA id 41B69328005A; Thu, 8 Oct 2020 08:50:04 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Alissa Cooper <alissa@cooperw.in>
X-Priority: 3
In-Reply-To: <1789906825.14713.1602150174683@appsuite-gw1.open-xchange.com>
Date: Thu, 08 Oct 2020 08:50:02 -0400
Cc: Barry Leiba <barryleiba@computer.org>, IESG <iesg@ietf.org>, dns-privacy@ietf.org, draft-ietf-dprive-rfc7626-bis@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3FDDAE70-EEA9-4EDD-96BF-7B57A96E4C34@cooperw.in>
References: <160213056016.5526.9970713132843971319@ietfa.amsl.com> <1789906825.14713.1602150174683@appsuite-gw1.open-xchange.com>
To: Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/yFu7vRqCxc-m4PdxfTH4KW-3gDk>
Subject: Re: [dns-privacy] Barry Leiba's No Objection on draft-ietf-dprive-rfc7626-bis-06: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2020 12:50:10 -0000
> On Oct 8, 2020, at 5:42 AM, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote: > > > >> Il 08/10/2020 06:16 Barry Leiba via Datatracker <noreply@ietf.org> ha scritto: >> >> On her second point, I’ll go in a different direction: it’s bordering on silly >> to think that any real end user can be said to “be aware of and have the >> ability to control” anything related to DNS settings and resolution options. >> If “users” refers to those of us writing these specs, sure. But when we’re >> talking about our siblings and cousins and parents, who are doctors and nurses, >> chefs and bakers, bank tellers and car mechanics, there is no hope of awareness >> and understanding of the choices and their consequences, nor that any form of >> “communicate clearly” will really accomplish anything. I see little to >> recommend pretending that it will. > > I see your point, but then, this clashes with the picture of "8.8.8.8" painted on a wall in Istanbul that has been abundantly circulated as evidence in favour of encrypted DNS, to support the importance of letting average users control their choice of DNS resolvers when they do not trust their government and their Internet access provider. > > As another example, a few days ago I was checking online discussion forums for user reviews of a new fiber provider, and one of the most often noted points was that their CPE doesn't let users change the DNS settings that are then broadcast to devices via DHCP(*). It was not a minor issue; several messages in the thread were discussing it, with some people even saying "this is the reason why I am not choosing them". Of course only smarter users go to an online forum and discuss fiber providers, yet these were in no way DNS professionals or even Internet professionals. > > So I think the truth lies somewhere in the middle - most users do not care or even understand what DNS is, but lots of them do, especially when one of the two following motivations comes up: > 1. "the Internet" doesn't work because the resolvers don't work, or > 2. changing DNS resolvers allows access to previously forbidden content (for multiple, differently desirable cases of "forbidden"). > > IMHO there is enough of these two cases to warrant preserving the user's ability to control the choice of resolvers if they want (except that, in my opinion, in democratic countries they should never be allowed to use this ability to circumvent their own national laws and policies, but I know that some people disagree). As far as the text in the document goes, I think it’s fine to say that the best practice is to provide configuration controls for users who want to use them. But recommending some level of awareness for users in general does not seem actionable or realistic. Alissa > > > (*) which, by the way, made me think that those recommendations should not only apply to "applications". > > -- > Vittorio Bertola | Head of Policy & Innovation, Open-Xchange > vittorio.bertola@open-xchange.com > Office @ Via Treviso 12, 10144 Torino, Italy >
- [dns-privacy] Barry Leiba's No Objection on draft… Barry Leiba via Datatracker
- Re: [dns-privacy] Barry Leiba's No Objection on d… Rob Sayre
- Re: [dns-privacy] Barry Leiba's No Objection on d… Vittorio Bertola
- Re: [dns-privacy] Barry Leiba's No Objection on d… Alissa Cooper