IETF Logo Mail Archive

Re: [DNSOP] [External] Re: Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00

"Andrew M. Hettinger" <AHettinger@Prominic.NET> Mon, 15 July 2019 17:43 UTC

Return-Path: <AHettinger@Prominic.NET>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 278201200FB; Mon, 15 Jul 2019 10:43:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mw0oFqLRobCA; Mon, 15 Jul 2019 10:43:11 -0700 (PDT)
Received: from dispatch1-us1.ppe-hosted.com (dispatch1-us1.ppe-hosted.com [148.163.129.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 358F51200A1; Mon, 15 Jul 2019 10:43:11 -0700 (PDT)
X-Virus-Scanned: Proofpoint Essentials engine
Received: from domino-42.prominic.net (domino-42.prominic.net [199.103.3.42]) by mx1-us5.ppe-hosted.com (PPE Hosted ESMTP Server) with ESMTP id C3C12800058; Mon, 15 Jul 2019 17:43:09 +0000 (UTC)
In-Reply-To: <b109c871-5980-1599-4e6c-2a126da89519@mozilla.com>
References: <CAChr6SyVmgMpD6Cd=m2Z03nts-Bv9ZVgJkG8oaj_jzwYMUZuCg@mail.gmail.com> <4966582.gC1Lsr5W4Z@linux-9daj> <CAChr6SyapDz8ZKNU8nOuncPMWajBuE+eF3WMFP9GWAs+B-uP9g@mail.gmail.com> <3220557.rvQTihJl8x@linux-9daj> <CAChr6SyM3LSgAdu5+SJGq-n=+AZc7M44BVSru_EZgf9svBHo3w@mail.gmail.com> <OF8D4BE6E1.0CDB3E8E-ON86258438.005BC3BC-86258438.005CDBC6@prominic.net> <b109c871-5980-1599-4e6c-2a126da89519@mozilla.com>
X-KeepSent: BAD4128C:54A606EC-86258438:00605B71; type=4; name=$KeepSent
To: Peter Saint-Andre <stpeter@mozilla.com>
Cc: dnsop@ietf.org, DNSOP <dnsop-bounces@ietf.org>, Paul Vixie <paul@redbarn.org>, Rob Sayre <sayrer@gmail.com>
X-Mailer: IBM Notes Release 9.0.1 October 14, 2013
Message-ID: <OFBAD4128C.54A606EC-ON86258438.00605B71-86258438.006155CE@prominic.net>
From: "Andrew M. Hettinger" <AHettinger@Prominic.NET>
Date: Mon, 15 Jul 2019 12:43:08 -0500
X-MIMETrack: Serialize by Router on domino-42.prominic.net/PNI(Release 10.0.1|November 29, 2018) at 07/15/2019 12:43:09 PM
MIME-Version: 1.0
Content-type: multipart/alternative; Boundary="0__=09BB0EABDFF3DDE18f9e8a93df938690918c09BB0EABDFF3DDE1"
Content-Disposition: inline
X-MDID: 1563212590-HRyVNVgPzfSb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/BpYzRMD_QzUoGqSXRVGYfzpxiPY>
Subject: Re: [DNSOP] [External] Re: Re: Fwd: [Add] new draft: draft-grover-add-policy-detection-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2019 17:43:14 -0000

"DNSOP" <dnsop-bounces@ietf.org> wrote on 07/15/2019 12:18:15:

> From: "Peter Saint-Andre" <stpeter@mozilla.com>
> To: "Andrew M. Hettinger" <AHettinger@Prominic.NET>, "Rob Sayre"
> <sayrer@gmail.com>
> Cc: dnsop@ietf.org, "Paul Vixie" <paul@redbarn.org>, "DNSOP" <dnsop-
> bounces@ietf.org>
> Date: 07/15/2019 12:18
> Subject: [External] Re: [DNSOP] Re: Fwd: [Add] new draft: draft-
> grover-add-policy-detection-00
> Sent by: "DNSOP" <dnsop-bounces@ietf.org>
>
> On 7/15/19 10:54 AM, Andrew M. Hettinger wrote:
>
> > Arguably there's actually a decrease in security over DoT as, rather
> > then your network provider being the one who knows what DNS lookups
> > you're doing, now some third party with whom you have no relationship.
>
> You, as a lone user, have zero leverage with your network provider.
> Firefox or Chome or Safari (etc.), as the user agent for millions of
> people, can exercise more leverage and also enter into contractual
> agreements with trusted recursive resolvers. That seems like a promising
> avenue to explore.
>
> > Let's be clear, "some third party" is pronounced "Cloudflare." This
> > isn't to bash on Cloudflare, but everyone's DNS traffic going to ONE
> > company?
>
> Mozilla's intent is to deploy a set of trusted recursive resolvers, as
> Ekr explained back in March on the DoH list:
>
> https://mailarchive.ietf.org/arch/msg/doh/po6GCAJ52BAKuyL-dZiU91v6hLw
>
> But these topics might be more appropriate for the ADD list...
>
> Peter
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

I, as a lone user have even LESS leverage over Cloudflare, or the Mozilla
Foundation, to whom I am not even a customer. More disturbingly, the
Mozilla Foundation is a US corporation, subject to (gagged) FISA warrants.
Considering one of the biggest surveillors in the world is the US
government, surely you can see how maybe concentrating all the DNS traffic
into the hands of a single US corporation (the Mozilla Foundation) might
not be the greatest plan.

Andrew Hettinger
http://Prominic.NET | Skype: AndrewProminic
Tel: 866.339.3169 (toll free) -or- 1.217.356.2888 x. 110 (int'l)
Fax: 866.372.3356 (toll free) -or- 1.217.356.3356            (int'l)

v2.23.0 | Report a Bug | By Email