Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients

Christian Huitema <huitema@huitema.net> Tue, 12 March 2019 18:56 UTC

To: Paul Vixie <paul@redbarn.org>, dnsop@ietf.org
Cc: Eric Rescorla <ekr@rtfm.com>, "doh@ietf.org" <doh@ietf.org>, "Ackermann, Michael" <mackermann@bcbsm.com>, "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>, nalini elkins <nalini.elkins@e-dco.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <1700920918.12557.1552229700654@appsuite.open-xchange.com> <76386691-c1aa-c48a-9b0d-67eb36a08a4f@redbarn.org> <CABcZeBOWM0Ps-j3V-CK6VPy0LAqeo7-t7odUZy+dk9d-oCSDsg@mail.gmail.com> <4935758.NkxX2Kjbm0@linux-9daj>
From: Christian Huitema <huitema@huitema.net>
Openpgp: preference=signencrypt
Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mQENBFIRX8gBCAC26usy/Ya38IqaLBSu33vKD6hP5Yw390XsWLaAZTeQR64OJEkoOdXpvcOS HWfMIlD5s5+oHfLe8jjmErFAXYJ8yytPj1fD2OdSKAe1TccUBiOXT8wdVxSr5d0alExVv/LO I/vA2aU1TwOkVHKSapD7j8/HZBrqIWRrXUSj2f5n9tY2nJzG9KRzSG0giaJWBfUFiGb4lvsy IaCaIU0YpfkDDk6PtK5YYzuCeF0B+O7N9LhDu/foUUc4MNq4K3EKDPb2FL1Hrv0XHpkXeMRZ olpH8SUFUJbmi+zYRuUgcXgMZRmZFL1tu6z9h6gY4/KPyF9aYot6zG28Qk/BFQRtj7V1ABEB AAG0J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PokBOQQTAQIAIwUC UhFfyAIbLwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEJNDCbJVyA1yhbYH/1ud6x6m VqGIp0JcZUfSQO8w+TjugqxCyGNn+w/6Qb5O/xENxNQ4HaMQ5uSRK9n8WKKDDRSzwZ4syKKf wbkfj05vgFxrjCynVbm1zs2X2aGXh+PxPL/WHUaxzEP7KjYbLtCUZDRzOOrm+0LMktngT/k3 6+EZoLEM52hwwpIAzJoscyEz7QfqMOZtFm6xQnlvDQeIrHx0KUvwo/vgDLK3SuruG1CSHcR0 D24kEEUa044AIUKBS3b0b8AR7f6mP2NcnLpdsibtpabi9BzqAidcY/EjTaoea46HXALk/eJd 6OLkLE6UQe1PPzQC4jB7rErX2BxnSkHDw50xMgLRcl5/b1a5AQ0EUhFfyAEIAKp7Cp8lqKTV CC9QiAf6QTIjW+lie5J44Ad++0k8gRgANZVWubQuCQ71gxDWLtxYfFkEXjG4TXV/MUtnOliG 5rc2E+ih6Dg61Y5PQakm9OwPIsOx+2R+iSW325ngln2UQrVPgloO83QiUoi7mBJPbcHlxkhZ bd3+EjFxSLIQogt29sTcg2oSh4oljUpz5niTt69IOfZx21kf29NfDE+Iw56gfrxI2ywZbu5o G+d0ZSp0lsovygpk4jK04fDTq0vxjEU5HjPcsXC4CSZdq5E2DrF4nOh1UHkHzeaXdYR2Bn1Y wTePfaHBFlvQzI+Li/Q6AD/uxbTM0vIcsUxrv3MNHCUAEQEAAYkCPgQYAQIACQUCUhFfyAIb LgEpCRCTQwmyVcgNcsBdIAQZAQIABgUCUhFfyAAKCRC22tOSFDh1UOlBB/94RsCJepNvmi/c YiNmMnm0mKb6vjv43OsHkqrrCqJSfo95KHyl5Up4JEp8tiJMyYT2mp4IsirZHxz/5lqkw9Az tcGAF3GlFsj++xTyD07DXlNeddwTKlqPRi/b8sppjtWur6Pm+wnAHp0mQ7GidhxHccFCl65w uT7S/ocb1MjrTgnAMiz+x87d48n1UJ7yIdI41Wpg2XFZiA9xPBiDuuoPwFj14/nK0elV5Dvq 4/HVgfurb4+fd74PV/CC/dmd7hg0ZRlgnB5rFUcFO7ywb7/TvICIIaLWcI42OJDSZjZ/MAzz BeXm263lHh+kFxkh2LxEHnQGHCHGpTYyi4Z3dv03HtkH/1SI8joQMQq00Bv+RdEbJXfEExrT u4gtdZAihwvy97OPA2nCdTAHm/phkzryMeOaOztI4PS8u2Ce5lUB6P/HcGtK/038KdX5MYST Fn8KUDt4o29bkv0CUXwDzS3oTzPNtGdryBkRMc9b+yn9+AdwFEH4auhiTQXPMnl0+G3nhKr7 jvzVFJCRif3OAhEm4vmBNDE3uuaXFQnbK56GJrnqVN+KX5Z3M7X3fA8UcVCGOEHXRP/aubiw Ngawj0V9x+43kUapFp+nF69R53UI65YtJ95ec4PTO/Edvap8h1UbdEOc4+TiYwY1TBuIKltY 1cnrjgAWUh/Ucvr++/KbD9tD6C8=
Message-ID: <c2c2be47-0855-a9d1-dd53-2404edf4d02b@huitema.net>
Date: Tue, 12 Mar 2019 11:56:05 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3
MIME-Version: 1.0
In-Reply-To: <4935758.NkxX2Kjbm0@linux-9daj>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/41C1qRkaSuK9q9J0YFpOsNRLIKY>
Subject: Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertola-bcp-doh-clients
Precedence: list

On 3/12/2019 11:35 AM, Paul Vixie wrote:

> if someone is concerned that some of the web sites 
> reachable through some CDN are dangerous...

Paul, who is this someone? How do they decide? What does dangerous mean?
These questions are very much behind the tension we see today. And the
answers are not as black and white as "this is my network, I get to decide".

For example, users routinely delegate the filtering decision to some
kind of security software running on their device, often with support
from some cloud based service. They are making an explicit decision, and
often use menu options to decide what type of site is OK or not --
adults would probably not subscribe to parental control services. There
is a market for these products, they compete based on reputation, ease
of use, etc.

You are saying that whoever happens to control part of the network path
is entitled to override the user choices and impose their own. Really?
As Stephane wrote, that may be legit in some circumstances, but much
more questionable in others, such as a hotel Wi-Fi attempting to decide
what sites I could or could not access. It really is a tussle.

-- Christian Huitema

Re: [Doh] [dns-privacy] New: draft-bertola-bcp-do… nalini elkins
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… nalini elkins
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Christian Huitema
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… nalini elkins
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Paul Vixie
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Christian Huitema
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Konda, Tirumaleswar Reddy
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… nalini elkins
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Paul Vixie
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… nalini elkins
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Brian Dickson
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Stephen Farrell
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… nalini elkins
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Stephen Farrell
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Eliot Lear
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Daniel Stenberg
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Eric Rescorla
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Paul Vixie
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Konda, Tirumaleswar Reddy
Re: [Doh] [EXTERNAL] [dns-privacy] [DNSOP] New: d… Eliot Lear
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Konda, Tirumaleswar Reddy
Re: [Doh] [dns-privacy] [EXTERNAL] [DNSOP] New: d… Konda, Tirumaleswar Reddy
Re: [Doh] [dns-privacy] New: draft-bertola-bcp-do… Stephane Bortzmeyer
Re: [Doh] [dns-privacy] New: draft-bertola-bcp-do… Stephane Bortzmeyer
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Stephane Bortzmeyer
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Stephane Bortzmeyer
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Konda, Tirumaleswar Reddy
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Neil Cook
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Eric Rescorla
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Jim Reid
Re: [Doh] [dns-privacy] New: draft-bertola-bcp-do… Neil Cook
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Jim Reid
Re: [Doh] [dns-privacy] [EXTERNAL] [DNSOP] New: d… Eliot Lear
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Christian Huitema
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Konda, Tirumaleswar Reddy
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Neil Cook
Re: [Doh] [EXTERNAL] Re: [dns-privacy] [DNSOP] Ne… Winfield, Alister
Re: [Doh] [dns-privacy] New: draft-bertola-bcp-do… Stephane Bortzmeyer
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Ralf Weber
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Paul Vixie
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Christian Huitema
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Michael Sinatra
Re: [Doh] [dns-privacy] New: draft-bertola-bcp-do… Yishai Beeri (yishaib)
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Christian Huitema
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Stephen Farrell
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Stephen Farrell
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Brian Dickson
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Stephen Farrell
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Mark Andrews
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Paul Wouters
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Paul Wouters
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Stephen Farrell
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Raymond Burkholder
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Vittorio Bertola
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… nalini elkins
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Vittorio Bertola
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Raymond Burkholder
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Christian Huitema
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Vittorio Bertola
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Christian Huitema
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Christian Huitema
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Eliot Lear
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Konda, Tirumaleswar Reddy
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Brian Haberman
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Raymond Burkholder
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Livingood, Jason
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Brian Dickson
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Christian Huitema
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Stephen Farrell
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Brian Dickson
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Stephen Farrell
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Michael Sinatra
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Stephen Farrell
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Adam Roach
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Michael Sinatra
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… william manning
Re: [Doh] [dns-privacy] [DNSOP] New: draft-bertol… Watson Ladd
[Doh] GDPR and DoH Jim Reid
Re: [Doh] GDPR and DoH Stephen Farrell
Re: [Doh] GDPR and DoH Brian Dickson
Re: [Doh] GDPR and DoH Watson Ladd
Re: [Doh] GDPR and DoH Stephen Farrell
Re: [Doh] GDPR and DoH Brian Dickson
Re: [Doh] GDPR and DoH Stephen Farrell
Re: [Doh] GDPR and DoH Brian Dickson
Re: [Doh] GDPR and DoH Stephen Farrell
Re: [Doh] GDPR and DoH Brian Dickson
Re: [Doh] GDPR and DoH Adam Roach
Re: [Doh] GDPR and DoH Brian Dickson
Re: [Doh] GDPR and DoH Christian Huitema
Re: [Doh] GDPR and DoH Vittorio Bertola
Re: [Doh] GDPR and DoH Jim Reid
Re: [Doh] GDPR and DoH Stephen Farrell
Re: [Doh] GDPR and DoH Christian Huitema
Re: [Doh] GDPR and DoH Stephen Farrell
Re: [Doh] GDPR and DoH Adam Roach
Re: [Doh] GDPR and DoH Adam Roach
Re: [Doh] GDPR and DoH Jim Reid
Re: [Doh] GDPR and DoH Jim Reid
Re: [Doh] GDPR and DoH Jim Reid
Re: [Doh] GDPR and DoH Stephen Farrell
Re: [Doh] GDPR and DoH Vittorio Bertola
Re: [Doh] GDPR and DoH Stephen Farrell
Re: [Doh] [DNSOP] [dns-privacy] New: draft-bertol… Paul Vixie
Re: [Doh] GDPR and DoH S Moonesamy
Re: [Doh] GDPR and DoH Livingood, Jason
Re: [Doh] GDPR and DoH Livingood, Jason