Re: [DNSOP] Draft for dynamic discovery of secure resolvers

Doug Barton <dougb@dougbarton.us> Wed, 22 August 2018 05:18 UTC

Return-Path: <dougb@dougbarton.us>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D940A130DE7 for <dnsop@ietfa.amsl.com>; Tue, 21 Aug 2018 22:18:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dougbarton.us
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j0Pj4ZlqB3uG for <dnsop@ietfa.amsl.com>; Tue, 21 Aug 2018 22:18:56 -0700 (PDT)
Received: from dougbarton.us (dougbarton.us [IPv6:2607:f2f8:ab14::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C66F0128BAC for <dnsop@ietf.org>; Tue, 21 Aug 2018 22:18:56 -0700 (PDT)
Received: from [192.168.10.247] (71-9-84-238.dhcp.snbr.ca.charter.com [71.9.84.238]) by dougbarton.us (Postfix) with ESMTPSA id 3BBA279C for <dnsop@ietf.org>; Tue, 21 Aug 2018 22:18:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dougbarton.us; s=dkim; t=1534915136; bh=BN3M4GgGSe1Wf9fkqIOWyUsgJpMPbj7hh0BGg8yII9o=; h=Subject:To:References:From:Date:In-Reply-To:From; b=OvBwwf2se1Mv4T06ImHJO4CnpM/qZct/uCXdwK82JPAQug6bgV0H1M4DPG8wxFtR/ SstSzYcfI+ND+kFWJtzJMkEooqbWF5+vP9fgFlyJYzP4PnkwAYRZo36zE5N5l7qk2c J7ILJCfGJmdLkST23DFDGs/nYSm/ikUmXPNmuIYs=
To: dnsop@ietf.org
References: <CAC=TB13mUH2SDxFb4c3rOz0-Z6PE_r9i84_xK=dmLxiVr45+tA@mail.gmail.com> <CAPt1N1kj7Y0dPLeDk=PMqQEpAd-Mvds6VLT8XUC1BYOfdyUbJA@mail.gmail.com> <CAC=TB125M81nwiCTNr8Vbee+Z7Fh_3L+6EdZ8evXVzP-2ji4fg@mail.gmail.com> <CAPt1N1n9hDUZQ-Ltvs73T20=fpG-FR_j-t4m0kMapDiv2Us1kw@mail.gmail.com> <5B78BFB9.40103@redbarn.org> <47508D79-0D49-4F31-9BA6-6DC80C38F1DE@cable.comcast.com> <ad1f6dff-ebcc-97a9-6f4b-1ed683827cc7@dougbarton.us> <1313743534.13562.1534765718802@appsuite.open-xchange.com> <9AFE57A7-1D27-4F86-9013-E3C63E63C582@hopcount.ca> <5B7AE322.3020201@redbarn.org> <CAPt1N1m-Xd-7rvgmk8GOsx34=1hsu76nmTgW-8krC3JF7i57KQ@mail.gmail.com> <265867956.15518.1534783313366@appsuite.open-xchange.com> <CAPt1N1myrdOywur35rXRab2QCrhFiJ0vS4wnT_Pof0epdOPz7A@mail.gmail.com> <471139805.18285.1534847636363@appsuite.open-xchange.com> <m1fs7wB-0000GtC@stereo.hq.phicoh.net> <63b113eb-9372-b622-b346-5d926f0b5d9a@nic.cz> <m1fs8g9-0000GpC@stereo.hq.phicoh.net> <20bfadaf-05bf-d564-9c90-bd1464b23328@nic.cz>
From: Doug Barton <dougb@dougbarton.us>
Message-ID: <1eefcc5a-e1c0-0409-44fa-3e8ed4d471c3@dougbarton.us>
Date: Tue, 21 Aug 2018 22:18:55 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20bfadaf-05bf-d564-9c90-bd1464b23328@nic.cz>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zyTUvsoOT8a-6USgXxWLfak84sg>
Subject: Re: [DNSOP] Draft for dynamic discovery of secure resolvers
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Aug 2018 05:18:58 -0000

On 08/21/2018 09:19 AM, Vladimír Čunát wrote:
> Ehm, we somehow forgot that this thread is supposed to be about DHCP, so
> that's only the "uninteresting" case where you do trust the ISP and want
> to use their DNS over a secure channel:-D

This perspective that users "trust" their network environment is deeply 
flawed. Users don't understand how any of this stuff works, and we 
should not be making any decisions with that as a premise.