On 3/21/18 9:04 AM, Axel Hecht wrote: > I have a couple of further questions: > > One is about the legal impact on users. DNS mangling is part of law > enforcement strategies in many parts of the world (incl Germany).
Would you mind describing this in more detail? What kind of DNS mangling do you have in mind? How is the transport method used for DNS resolution (HTTPS vs. unsecured TCP or UDP) relevant? Why would the end user take on legal responsibility? > We > should restrict this experiment to regions where Mozilla knows that > there's no legal trouble of using DoH and cloudflare. Circumventing law > enforcement can get pretty hairy in some regions, I suspect. Pending your answers to the questions above, I don't see how this is a matter of circumventing law enforcement (HTTPS is used for just about everything these days, so resolving DNS queries over HTTPS is simply another use case). > The other is a bit more detail on the scope of Mozilla's agreement with > cloudflare extending the experiment. Does our agreement extend to people > not using Firefox? Are you thinking about other Mozilla applications (say, Lockbox), or non-Mozilla applications? The scope of the proposed shield study is Firefox Nightly, so perhaps the agreement is limited to that, but I don't know. > What happens to folks that in some weird way are > stuck with the experiment DoH setup once the experiment ends? How would that happen? > It'd be a > great pitch if the agreement was that cloudflare offers this service > with said terms. If they stopped liking the terms, they'd have to shut > the service down. Typically, agreements of this kind have clauses that enable either party to disengage under certain conditions. I'd think that if Mozilla stops liking the terms, we can stop using their service. Forcing Cloudfare to stop offering a service seems a bit orthogonal to the proposed shield study because we can always turn it off in Nightly. What happens after the study is done is another matter (I don't know if the agreement extends beyond the scope of this study). > These questions are really only about the scope, not so much about if we > should do it. With appropriate safeguards, we should do what is good for Mozilla users (including their privacy and security) and the health of the Internet in general: https://www.mozilla.org/en-US/about/manifesto/ We think that DNS over HTTPS improves the privacy and security of Mozilla users (which is why we've been working to implement and deploy it, and why the proposed shield study is important), so all things being equal we should do it (IMHO). Of course we should do it in the most transparent and user-respecting manner possible, but we also need to keep the broader goal in mind because the existing state of DNS resolution (and the user information is throws off) is not good. We can and should do better by our users. Peter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
