> On 26 Feb 2015, at 13:57, Phillip Hallam-Baker <[email protected]> wrote: > > On Thu, Feb 26, 2015 at 6:35 AM, Neil Cook <[email protected] > <mailto:[email protected]>> wrote: > > I think we are actually in violent agreement here. >
Yep, nothing I said is against DPRIV, just wanted to make sure these use case were handled. > > > On 23 Feb 2015, at 14:20, Phillip Hallam-Baker <[email protected] > > <mailto:[email protected]>> wrote: > > > > Busting the DNS middleboxen provided by ISPs to residential users is a very > > different matter. They are selling Internet connectivity and their customer > > has a right to get what they paid for, not a walled garden controlled by > > the ISP. But in practice it isn't the walled gardens that are the problem > > so much as clueless gateways that the ISPs often don't even know are doing > > DNS interception. > > > > > Whilst I don’t deny that ISPs are using middelboxes for things like > advertising etc, it should also be pointed out that many ISPs are concerned > about security, and may be using middleboxes to protect users from things > like hijacking, detecting C&C in the DNS stream, detecting lookups to known > phishing/malware sites etc. > > Comodo provides that type of service. As I said, the fact that a crook has > bought a DNS domain name does not mean I have to allow my computers to > connect to it. A lot of folk who can't understand why DNSSEC take up at the > client has been limited need to understand such things. > > The question is who chooses the filtering service. I do not have much of a > choice in ISPs. I do not want either to be able to filter my content without > being accountable for their actions to me. Indeed - if you *choose* to use a third-party DNS service, you should be able to do so securely, privately, and without restriction. > > > Assuming what users want or saying that they aren’t getting what they paid > for is quite dangerous IMO. For example, many users sign up to third-party > DNS services like OpenDNS, because they effectively *are* are a walled > garden, or they may choose an ISP because it filters adult sites using DNS > (such as happens here in the UK). > > We should certainly provide a mechanism that allows consumers to opt back in > to such services or to obtain them from a different provider OF THEIR CHOICE. > Right. > Opting out from David Cameron's smut filter is another objective here. Back > when we were at Oxford together, David's idea of a good time was to go out > and smash up a restaurant. I don't think he is the sort of person I want to > decide that I have to have censorship because the Daily hate wrote a couple > of their scare stories. > I’d rather not bring politics into the debate :) Opting out of the smut filter is actually straightforward today, because most ISPs don’t prevent you from using third-party DNS, but they might in future, because the DNS protocol can be transparently intercepted and interfered with/redirected. DPRIV should ensure that isn’t possible. It *should* also prevent bad guys from doing the same by hijacking your CPE or something like DNSChanger. > > > _______________________________________________ > dns-privacy mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dns-privacy
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
