Re: [DNSOP] Draft for dynamic discovery of secure resolvers

Vittorio Bertola <vittorio.bertola@open-xchange.com> Tue, 21 August 2018 10:45 UTC

Return-Path: <vittorio.bertola@open-xchange.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC542130DC0 for <dnsop@ietfa.amsl.com>; Tue, 21 Aug 2018 03:45:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XkN0JBetfZob for <dnsop@ietfa.amsl.com>; Tue, 21 Aug 2018 03:45:54 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F64C127333 for <dnsop@ietf.org>; Tue, 21 Aug 2018 03:45:54 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id F2D7F6A364; Tue, 21 Aug 2018 12:45:52 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1534848353; bh=fk5rLZef5bL1BcMW8tlBloA0cDhnlWN3qNhSmuFfusU=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=qxup6yEQunzkndMN+UKvm1M7J5blaS9tFwf7aSt+J3Itja30v3yQ3gtjFIeM3SDtT QyuO+Vk/ZUY7u/f2byfpH87L4w7kqeoECEVN2divV9mLLdZ2UrXv61SmVSPsxViquy lz5NcHniv/aNxIS3RecX64600WkPcX14jiZpo9w+4gChF3pdYWvUWqs+SZzpXgFQ6s 9byAiYMGVgE3fSQqXPfg7+ycjlFlNu/C+cMOmn4MzKB80RVb6J0Bi7hdmeC7xfcVrz qoDAdQlF74yEO8KIoBH9PH0y3cTfpfAVDTCpEWjFVJaAGUS+oUiafDIygSQYylgF9z xKuuJ/X6AD6ig==
Received: from null (appsuite-gw1.open-xchange.com [10.20.28.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id D27343C06EA; Tue, 21 Aug 2018 12:45:52 +0200 (CEST)
Date: Tue, 21 Aug 2018 12:45:52 +0200 (CEST)
From: Vittorio Bertola <vittorio.bertola@open-xchange.com>
To: John Levine <johnl@taugh.com>, dnsop@ietf.org
Cc: paul@redbarn.org
Message-ID: <1660018741.18332.1534848352801@appsuite.open-xchange.com>
In-Reply-To: <20180821034745.A572B2003B945D@ary.qy>
References: <5B7B7E3B.3060006@redbarn.org> <20180821034745.A572B2003B945D@ary.qy>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.10.0-Rev11
X-Originating-Client: open-xchange-appsuite
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/cVEeRoR5aEqm50SGXBsFw8ZANuY>
Subject: Re: [DNSOP] Draft for dynamic discovery of secure resolvers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2018 10:45:56 -0000

> Il 21 agosto 2018 alle 5.47 John Levine <johnl@taugh.com> ha scritto:
> * - When I talk to security people at mail providers, they have
> endless tales of people who take the mail out of their spam folder and
> click on the links, you know, just in case it was filtered wrong.  If
> you know it's bad stuff, you don't want the users to see it at all.

It's true, and there is an additional consideration to this: the users that do so are not just damaging themselves, but everyone else, by spreading the infections and becoming attack vectors. I understand why some people are conceptually irked by the idea that the ISP can decide on its own to make something unreachable to them, but they should understand that most Internet users are not technically savvy, often not savvy at all, and this threatens the Internet as a whole.

Regards,
-- 

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@open-xchange.com
Office @ Via Treviso 12, 10144 Torino, Italy