IETF Logo Mail Archive

[DNSOP] Re: DNS, censorship, attacks and centralization

Mark Nottingham <mnot@mnot.net> Mon, 19 May 2025 23:35 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 8DD4B2A76119 for <dnsop@mail2.ietf.org>; Mon, 19 May 2025 16:35:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b="TB6ePHEg"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="cc2O271E"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id otWj_J4F08wD for <dnsop@mail2.ietf.org>; Mon, 19 May 2025 16:35:20 -0700 (PDT)
Received: from fhigh-b4-smtp.messagingengine.com (fhigh-b4-smtp.messagingengine.com [202.12.124.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id CB2462A760FD for <dnsop@ietf.org>; Mon, 19 May 2025 16:35:20 -0700 (PDT)
Received: from phl-compute-03.internal (phl-compute-03.phl.internal [10.202.2.43]) by mailfhigh.stl.internal (Postfix) with ESMTP id 749292540180; Mon, 19 May 2025 19:35:20 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Mon, 19 May 2025 19:35:20 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1747697720; x=1747784120; bh=2CM6G8QLijcDkKwO+mhddpKoRTtmje9rUuzSwS/Wxxw=; b= TB6ePHEg5pneEZW6kkiqJmXP8U3g/ZOp+Xxcxm+E/gDiGA7lyTxU2RX3BxzFPM3n jqbpk5bgmccqQYRTDat35pofOwP/ottWJli6FyMfGVDPvoLkYMz4dyPXo03W3+y/ KgKVQY6dkDIzQNVlRu1xq+rveP/depG7flUxl2JVFy9mWpG0ZOPx1j7MkB+YlJSG t7MHW5Ix9IUxtD2yE4xJf4eDjj3m3F3jAGY0np4lnJNQr3g/OAz+/Sh902tez+qW 1m+SwTY6wkEWTmRMgufONRThQ9R+ScfFllGlSRqcpRMISd6KMiG7At/Z2CKPNN0u e0/yB8qHLQOS09t1qQMKoA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1747697720; x= 1747784120; bh=2CM6G8QLijcDkKwO+mhddpKoRTtmje9rUuzSwS/Wxxw=; b=c c2O271Ek8GnqDIdXbel6gFoYtZ7GjZZqOpImqPTMq6HNfwn9znXTFabFthtgGPjU vg3mKpKFgbW7ImaqqvRFKMu/uIRfTMPd78xIdAwie/2bNhHzqK9zbVh1cNYBNnt0 hUjnkmRAClFUCXF/x5YaqbphZkZs7vOdxJildL+HDGV73aFdfbQNeSpoi6S/K/jf hbRsUthVtmkdsD9GFK5t3hCYBmvJ4Ji4nl8U/WaQPLvlewW2N6iTMjo03iad/CSm TS/EOt575jpRdxU3YGV8A3MPnKMf+VP7QdOynItia4urwxhHdOBh/9/xcPLZRtQE AKtR45rImyO7hxn93sH1g==
X-ME-Sender: <xms:OMAraKnJuKwuZggxDJrRJaVA0RYSNHsybiQOePwp4Ek73wPuPAzhcA> <xme:OMAraB3PnU3inxfIl3eKQRAdlKnahnO2UuhpQD6L6MeQoXErqxTTNHOD-Uay1Bh4k jkfVLNe514lVIHG2A>
X-ME-Received: <xmr:OMAraIqVYeAzn7FyNuhWEhvmMLGs1bc9LUB7BDuufcKmjR8inWGaqTY0tEtF5KZoSJBBcy0YnNgMe4WwTtZEajbXWCRC4yVqrrcu8I2hkWy0HswcQd5llwAZ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdefvddvjeduucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih gvnhhtshculddquddttddmnecujfgurheptggguffhjgffvefgkfhfvffosehtqhhmtdhh tdejnecuhfhrohhmpeforghrkhcupfhothhtihhnghhhrghmuceomhhnohhtsehmnhhoth drnhgvtheqnecuggftrfgrthhtvghrnhepfefhhfelleejjeejieekhfejfeeiheetgeej gffhudegveeigeehgefftdetudetnecuffhomhgrihhnpehmnhhothdrnhgvthenucevlh hushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmnhhothesmhhn ohhtrdhnvghtpdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtph htthhopeifohhougihsehptghhrdhnvghtpdhrtghpthhtohepughnshhophesihgvthhf rdhorhhg
X-ME-Proxy: <xmx:OMAraOkTAgL02yLaZmZsuA2Q33nwIc4GIOnE5hNzaqGexwy3smJjUQ> <xmx:OMAraI2U1V2mA3OgmF80ciBv3BG0xTuGOqR0fmJ7n9kUV2IaP7EuFA> <xmx:OMAraFuKSZB0OQmds52F7Xk-xToL0_VM1Kd7hVvxTKQERrMgRwdZnA> <xmx:OMAraEU8H2oFmlflQyGY3XAnh86mKkVbQtmuhxGBUrLpxHtX8IJSMg> <xmx:OMAraL3AKGamp18OSGkDVCFYS5TgQ6krDF-JYC6oTDImimmVSYQ9LOuI>
Feedback-ID: ie6694242:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 19 May 2025 19:35:19 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.500.181.1.5\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <80A91A96-05F9-4B85-AD20-A365FC698524@pch.net>
Date: Tue, 20 May 2025 09:35:17 +1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <50D391EE-D027-40D2-B285-33D2D39786C8@mnot.net>
References: <CAFpG3gcrWH3w-SgNuk9qx6HL2iZkpWJDRTBEtNToSf6J5mG7wQ@mail.gmail.com> <CB55AFC1-633F-47B8-9E50-063430A4E7AF@nohats.ca> <135700F9-CA5E-45FF-959F-803CF393191C@mnot.net> <80A91A96-05F9-4B85-AD20-A365FC698524@pch.net>
To: Bill Woodcock <woody@pch.net>
X-Mailer: Apple Mail (2.3826.500.181.1.5)
Message-ID-Hash: ASUUSY2BUXUDZAGD5W45LJCSPPLCCXZ7
X-Message-ID-Hash: ASUUSY2BUXUDZAGD5W45LJCSPPLCCXZ7
X-MailFrom: mnot@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: DNS, censorship, attacks and centralization
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/6MFWK7gXvtaLPAOoXkJalBvI0ko>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

> On 19 May 2025, at 6:51 pm, Bill Woodcock <woody@pch.net> wrote:
> 
>>> Will the “trusted” DNS start refusing the .gl TLD soon because of a mad king ?
>> 
>> If that's the case, I don't see how proposals along this line change the outcome. If a government in a given jurisdiction wants to censor, they will censor. 
> 
> However, having three of the four big recursive resolvers all answerable only to the United States District Court for the Northern District of California does represent an astonishing degree of centralization.  Indeed, governments will censor, but we don’t all need to depend upon the same government’s idea of what should be censored.

They're answerable to any jurisdiction they operate within (for some definition of "operate"), not just N.D. Cal. 

Cheers,

--
Mark Nottingham   https://www.mnot.net/

v2.31.3 | Report a Bug | By Email | System Status