Re: [DNSOP] my dnse vision

Jelte Jansen <jelte.jansen@sidn.nl> Wed, 05 March 2014 14:59 UTC

Return-Path: <Jelte.Jansen@sidn.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E39671A025A for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 06:59:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.453
X-Spam-Level:
X-Spam-Status: No, score=-2.453 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_LETTER=-2, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxRm0znPDXoB for <dnsop@ietfa.amsl.com>; Wed, 5 Mar 2014 06:59:08 -0800 (PST)
Received: from arn2-kamx.sidn.nl (kamx.sidn.nl [IPv6:2a00:d78:0:147:94:198:152:69]) by ietfa.amsl.com (Postfix) with ESMTP id C5FE81A070E for <dnsop@ietf.org>; Wed, 5 Mar 2014 06:59:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=sidn.nl; s=sidn_nl; c=relaxed/relaxed; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding:x-originating-ip; bh=/M5L65FVRDcwAueOf5YyV2j9f7Pt1E9Too34bDCnXo0=; b=uDa7ovbEHkwsn3Gb4zWnkipblct4nTQ1XDG/4HQ+KQQswCHbpH6/znKHLxMu/C+NJf10wjafHGYm3CNvgH2rUwfGKpbwhcbKV3AffwNAHdMV95ADrsh5ZaAp87IHIYkpGVB3SUiWwEbN4wHSM+TKVhYmUBfcNAdKfmjyWw6x0uw=
Received: from kahubcasn01.SIDN.local ([192.168.2.73]) by arn2-kamx.sidn.nl with ESMTP id s25Ewt1R027359-s25Ewt1T027359 (version=TLSv1.0 cipher=AES128-SHA bits=128 verify=CAFAIL); Wed, 5 Mar 2014 15:58:55 +0100
Received: from [94.198.152.219] (94.198.152.219) by kahubcasn01.SIDN.local (192.168.2.77) with Microsoft SMTP Server (TLS) id 14.3.174.1; Wed, 5 Mar 2014 15:58:52 +0100
Message-ID: <53173BA9.7050007@sidn.nl>
Date: Wed, 5 Mar 2014 14:58:49 +0000
From: Jelte Jansen <jelte.jansen@sidn.nl>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10
MIME-Version: 1.0
To: Francis Dupont <Francis.Dupont@fdupont.fr>
References: <201403051327.s25DRniD078152@givry.fdupont.fr>
In-Reply-To: <201403051327.s25DRniD078152@givry.fdupont.fr>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [94.198.152.219]
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/7Wos86lBl90WZEEotD_99ZG85nY
Cc: dnsop@ietf.org, Hosnieh Rafiee <ietf@rozanak.com>
Subject: Re: [DNSOP] my dnse vision
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 14:59:10 -0000

On 03/05/2014 01:27 PM, Francis Dupont wrote:
> 
> Personally I don't like the idea of DNS encryption but because I
> don't want to give a reason to ISPs to filter port 53.
>

This is something I worry about too. If we consider the resolver itself
out of scope, and only protect the wire, all the more reasons for ISPs
to try and force you to use theirs (perhaps even after some friendly
coercion from the nearest three-letter agency (four in the netherlands
as well)). In which case we'd need even better channel encryption, to
the point where you can't tell it's DNS, so it can be tunneled out of
the network (and that is an avenue only reserved for us geeks, I wager).

Jelte