Re: [DNSOP] my dnse vision

Stephane Bortzmeyer <bortzmeyer@nic.fr> Thu, 06 March 2014 14:47 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE7E31A0002 for <dnsop@ietfa.amsl.com>; Thu, 6 Mar 2014 06:47:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.9
X-Spam-Level:
X-Spam-Status: No, score=-3.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZUVQXP3msO0 for <dnsop@ietfa.amsl.com>; Thu, 6 Mar 2014 06:47:36 -0800 (PST)
Received: from mail.bortzmeyer.org (aetius.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fece:1902]) by ietfa.amsl.com (Postfix) with ESMTP id 844E91A0062 for <dnsop@ietf.org>; Thu, 6 Mar 2014 06:47:36 -0800 (PST)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id 6EE3F3BEBF; Thu, 6 Mar 2014 14:47:30 +0000 (UTC)
Received: by tyrion (Postfix, from userid 1000) id D842DF00738; Thu, 6 Mar 2014 15:39:51 +0100 (CET)
Date: Thu, 6 Mar 2014 14:39:51 +0000
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Jelte Jansen <jelte.jansen@sidn.nl>
Message-ID: <20140306143951.GB5102@laperouse.bortzmeyer.org>
References: <201403051327.s25DRniD078152@givry.fdupont.fr> <53173BA9.7050007@sidn.nl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <53173BA9.7050007@sidn.nl>
X-Transport: UUCP rules
X-Operating-System: Ubuntu 13.10 (saucy)
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/7zJIrp-QZnHiZwCflp-7mrcHAbM
Cc: dnsop@ietf.org, Hosnieh Rafiee <ietf@rozanak.com>
Subject: Re: [DNSOP] my dnse vision
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Mar 2014 14:47:40 -0000

On Wed, Mar 05, 2014 at 02:58:49PM +0000,
 Jelte Jansen <jelte.jansen@sidn.nl> wrote 
 a message of 20 lines which said:

> all the more reasons for ISPs to try and force you to use theirs
> (perhaps even after some friendly coercion from the nearest
> three-letter agency (four in the netherlands as well)). In which
> case we'd need even better channel encryption, to the point where
> you can't tell it's DNS, so it can be tunneled out of the network

If we follow this line of reasoning, why do we deploy more security,
then? With this argument, we would never have deployed HTTPS
either. (Or SSH: most hotspots and many ISP block SSH.)

We promised in Vancouver to seriously strengthen the Internet against
surveillance. Was it an empty promise, politician-style?