Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients

Paul Vixie <> Thu, 04 April 2019 20:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id DA91D12016C for <>; Thu, 4 Apr 2019 13:23:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 637K1RW3nLRw for <>; Thu, 4 Apr 2019 13:23:05 -0700 (PDT)
Received: from ( [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 01C901202E3 for <>; Thu, 4 Apr 2019 13:23:02 -0700 (PDT)
Received: from [] (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 0A5C3892C6; Thu, 4 Apr 2019 20:23:00 +0000 (UTC)
To: Ted Lemon <>
References: <> <> <> <4935758.NkxX2Kjbm0@linux-9daj> <> <> <> <> <>
From: Paul Vixie <>
Message-ID: <>
Date: Thu, 4 Apr 2019 13:22:53 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/6.1.13
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [DNSOP] [dns-privacy] [Doh] New: draft-bertola-bcp-doh-clients
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 04 Apr 2019 20:23:08 -0000

Ted Lemon wrote on 2019-04-03 15:34:
> Paul, it might be worth asking whether you believe that isps should be 
> selling eyeballs. If you think they should, then your argument makes 
> sense. It’s the same argument isps give for charging me for service and 
> then charging Netflix for access to me.
> If you don’t agree with this model, then your argument that whoever 
> built the network has the right to dictate terms is inconsistent.
my answer is that's a false dichotomy; "none of the above".

the internet relies on cooperation for its functionality. 
interoperability in protocols is an example -- if you speak gibberish 
you won't be heard, if you don't know the language you won't understand.

respecting the uniqueness of code point allocations is another example: 
you are counting on everybody respecting the allocations of network 
numbers, autsys numbers, top level domains, protocol identifiers -- and 
if they don't, they and you will both suffer.

the example your nondichotomous question brings up is policy. if the 
user or app or LAN or WAN or far-end does not want a transaction to 
occur, they can block it. if you don't like that policy (see bob's 
excellent response down thread), you need to swap out that component of 
the path.

so, it's none of my business whether any ISP other than my own sells 
eyeballs. for me, i won't do business with an ISP who does that. but, i 
have choices. that's why i mentioned "if your ISP has a monopoly" 
up-thread, because their regulator may have views on what they can and 
cannot do if their customers have no other ISP serving them. (network 
neutrality turns on that point, as well.)

i literally do not, and should not, have a belief one way or another as 
to whether some figurative ISP sells eyeballs or doesn't. if yours does, 
and you don't feel fairly compensated for the resulting loss of your 
privacy, than vote with your feet/dollars.

i am not going to prescribe policy, other than indirectly, by refusing 
to accept traffic from networks whose policies freely permit abusive 
traffic (spam, ddos, etc) to flow toward me. but even in that case, my 
belief will be that _i_ should not accept their traffic. i will not try 
to tell _you_ whether to accept their traffic.

their network, their rules. i have feet, and they vote.

P Vixie