Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator

nalini elkins <> Wed, 20 March 2019 03:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 07C3C130F0B for <>; Tue, 19 Mar 2019 20:39:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YwH0TNCl4HwC for <>; Tue, 19 Mar 2019 20:39:16 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BD9EB12785F for <>; Tue, 19 Mar 2019 20:39:15 -0700 (PDT)
Received: by with SMTP id u68so751771lff.7 for <>; Tue, 19 Mar 2019 20:39:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tGZ8Ea9fMXQSaOkxtCD/CCDXfWLcFxopptXGfKBPrSs=; b=yPffSwCG/Z9tswRNLqLqS/yMxPKGioAPCCBxzQ+kc6jTSC1RT2KpSWs1sBjo2I6sob /vmYhrmRjUl4OjwMw6wklMxdkHdUPmcQZKZH1QeU+zSFsIL8TBA+jxcIVVDHQNV3c5OI nyg7gFlnUGbeNnpZqB+K9x3ZSRF94sLUFuAIYcCFFKLvOYYShUzsQHiGH5QHkqadwQXu h985qpgjNtuCzFwE+OL5E84zSXGMAbAudtc7dq9O42KLOID704P5kAloiNgOPJ6qj9V0 WixuTUrXOgwY8NSAfOkJGDE7WvuIhJf2butwul7o0uvHCt1yZHPAKR82LcX5yZyfs1FT QIlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tGZ8Ea9fMXQSaOkxtCD/CCDXfWLcFxopptXGfKBPrSs=; b=nqqoysj/P0sH+DQtKFyPDr/2a11NSdANw2IvUjpZQblQs8Lm1waHOE57vQhWaP9CuP kYjf2xPkNvllujFq1IAq+u3v6b6zv9xK2C+0PXLpMENCZB/ZpqrZZnMk/7MEsdbwsCIV /9qHJ7nwjPdS499WzRAXZqz4FM29ePnoHavf99GhjgO2kp95sXMeeUn6yvVE4YPRgbGK aMOxb/GANxh6oPR7BDgkBlP80JgVLRHZ5xJ/UzS/7fuDsuzgvQyO3oTkL5J+KRZ70Z4c eGqjyKPN8KFwSdHDB6fFNpU3s0u5Ek1YoG17t4QiA38uIat/YwTlRgvV7kIY6BK341NH X0bg==
X-Gm-Message-State: APjAAAXg540xnXrhNa2WZ5BdfQay1xRfwUU5op7OaufED8q8JPRbVtnn BG+MYBF9iThT1un9dfa+Pg0bxvAwm0+YwOJny0MHUA==
X-Google-Smtp-Source: APXvYqzHKocMbRCDAkmMXQTSgnaxWmmWLht1lze2fBpK/QgRWXOYjcl02S8g2iBmm5pSeQZRC5pgw4N93TW2aTyYIKI=
X-Received: by 2002:a19:95cf:: with SMTP id x198mr14408907lfd.73.1553053153870; Tue, 19 Mar 2019 20:39:13 -0700 (PDT)
MIME-Version: 1.0
References: <> <3457266.o2ixm6i3xM@linux-9daj> <> <1914607.BasjITR8KA@linux-9daj> <> <> <> <> <>
In-Reply-To: <>
From: nalini elkins <>
Date: Wed, 20 Mar 2019 09:09:03 +0530
Message-ID: <>
To: Brian Dickson <>
Cc: Stephen Farrell <>, Ted Hardie <>, DoH WG <>, Jared Mauch <>, dnsop <>, paul vixie <>, Michael Sinatra <>
Content-Type: multipart/alternative; boundary="0000000000008dcc6505847e5d3b"
Archived-At: <>
Subject: Re: [Doh] [DNSOP] New I-D: draft-reid-doh-operator
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Mar 2019 03:39:19 -0000


Thank you for a thoughtful, well-stated, reasonable comment that seeks to
achieve compromise with the points of view of all being considered.


On Wed, Mar 20, 2019 at 8:48 AM Brian Dickson <>

> On Tue, Mar 19, 2019 at 6:42 PM Stephen Farrell <>
> wrote:
>> Hiya,
>> One individualistic data point on this sub-topic, and a real point:
>> On 20/03/2019 01:13, Jared Mauch wrote:
>> > My impression is there are people who will not be satisfied until all
>> traffic looks
>> > identical and you have zero way to protect your home,
>> I do not claim that everyone ought do the same, but I absolutely
>> do claim that encouraging voluntary policy adherence by dealing
>> with the people using the n/w is preferable to many egregiously
>> invasive attempts to force technical policy enforcement on
>> unwilling serf-like users.
> So, this is the problem:
> - If a network operator has any policy that is enforceable, ONLY the
> technical policy enforcement model scales.
> - In such an environment, there are only, ever, "willing users", because,
> in order to use the network, they are required to agree to the policies..
> This makes the argument you have above, a vacuously defined one.
> You want to encourage voluntary policy adherence for a non-existent set of
> otherwise unwilling users.
> I understand your position: you would prefer that {some,all} networks were
> not employing policies that {you,some people} disagree with.
> I sympathize, but I disagree. What we need are mechanisms that scale.
> My position (personally) is that we find ways to have scalable, technical
> mechanisms.
> They should allow users (or machine administrators) to be as compliant as
> they are willing, and no more.
> They should allow networks to enforce their policies, while treading as
> lightly as possible.
> It should be possible to use technical means to handle this negotiation
> with little to no user input required.
> The analogy is roughly that of escalation-of-force in law enforcement,
> starting at a level of "polite requests".
> You can disagree, but I implore you: please don't stand in the way of
> those wanting to find consensus on scalable, flexible, technical solutions
> that encompass a wide range of network policies and enforcement needs.
> The main point is, I believe the end result will be mechanisms that allow
> you to deploy networks that meet your needs, and software that you can
> configure to bypass such controls, but that neither of those should ever be
> the default configurations.
> If the results allow you to do what you want/need, and also allow others
> to do what they want/need, everyone should be happy enough with the result.
> Can we at least agree on this as a desired goal for this work?
> Brian
> _______________________________________________
> Doh mailing list

Nalini Elkins
Enterprise Data Center Operators