-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > -----Original Message----- > From: dnsop-boun...@ietf.org [mailto:dnsop-boun...@ietf.org] On Behalf Of > David Conrad > Subject: Re: [DNSOP] Review of draft-livingood-dns-redirect-00 > > As far as I can tell, Comcast's network and their recursive servers > are not a "public resource". As folks on Comcast's network are not > forced to be Comcast's customer nor (as far as I know) are they > required to use Comcast's name servers, I don't see where you, this > working group, or the IETF has a right to determine what Comcast does.
I tend to disagree with you here. If Comcast is selling it's service as "Internet service" the general public might think that that's the way it should work, and we would all suffer from that general public's perception. If it would break some applications, a general user would think that the application is broken, not "The Internet" as offered by Comcast. So application builders will design their products to work on the "broken" Comcast network, or go bankrupt. I'm actually thinking that we are fighting this war on a wrong battleground. Just because DNS is wrongly considered to be the easiest hammer doesn't mean it fits every nail. I very much see the benefits of protecting innocent users from the bad of the Internet. But if it's web pages that are the bad thing, fight that. I'm very much in favor of writing a draft-arends-dns-response-modification-considered-harmful-00 I'll explain further on. At the same time, if I had enough knowledge of http(s), I would even want to contribute to a draft draft-verschuren-http(s)-intercept-and-redirect-00 Because I think that is the right battleground for this. I don't know where such a discussion should take place though, but certainly not here. So for harmful content of web pages, intercept and redirect http(s) traffic. For unclear errors in browsers when typos are made, fix the browsers. I'll explain where I see the conflicts. The "Internet" has gone above a technical definition. It's considered a brand name or at least a steady concept. (forgive my searching for the correct term as non-native speaker) The same is true, or even more, for domain names. TLD's and domain owners consider their domains as brand names, and might fight if somebody is affecting their autonomy. Since the game that's being played here is not about technology but about dollars, image, politics and policy, consider where this fight might end. The suggestion I'm making is not one I favor, but just as an indication of where the DNS redirection path might end: If ISP's start to mess up the authoritative answers for my TLD, I might consider protecting my brand name with a split view on my TLD. One view for "proper" resolvers, with real answers and NXdomains. The other view would be for "lying" resolvers where I would enter a wildcard so that my "brand name" TLD would show a proper error message without adds, preferred search engines or harmful content instead of the one from the lying resolver. I would do this to protect the image of the TLD as being a "safe" TLD to register your name in. It would protect my TLD against redirects that are not considered "appropriate" for the image or local policy under my TLD. I would make a blacklist of resolvers I know are lying, and redirect them to the wildcard view of the DNS infrastructure. This might even be imposed by ignorant local governments. This would be a war without an end, so again, I don't want to go this path. It will be a war between the ones with power and the ones with money, and in the end, it does not help the "Internet" user. So please, if harmful web content is the problem, fix that. Perhaps we need a screwdriver instead of a hammer. If unclear error messages in browsers are the problem, fix that. Perhaps we need a saw instead of a hammer. The dollars against politics war is one we're not going to win on instable technical solutions. Antoin Verschuren Technical Policy Advisor SIDN Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970 mailto:antoin.verschu...@sidn.nl xmpp:ant...@jabber.sidn.nl http://www.sidn.nl/ -----BEGIN PGP SIGNATURE----- Version: 9.6.3 (Build 3017) wsBVAwUBSmA6dzqHrM883AgnAQhTqggAsrRaGi/ZPuJ7ZnKUYtaKdxz7iaeyi2nU nCT/YXI4w/OudjyRapMmTvKGgb2tmGnN1nEPUXnwraDGV628HkqU/GJG6AwTq8X+ k3S7YGC5MUjgUVG/O1fux7oSMY4YmHhMngJWpBzhsAosA1yRtAGW/9iKZTs01t1S hYWssFkjLh+MGNn2t+FD93p8HsY4fiYcO2QZh8KZOTHPMCeezyni+ODxEMftbD+L aQLk8Hw/xJEf3TIfR8NE1csL+jV32yWKBFAebjq3+cNtGgH7eHRHuetHjxl2L5nW X3NK+zHswu9vvckmg5mTAoJ5u188Hgv2njS0DKFe8YdUKNK0DgNoVg== =ib4t -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop