* Phillip Hallam-Baker: >> If your ordinary resolver operator is a "carrier" is somewhat >> questionable, but resolver operators generally comply with requests >> for cleartext copies of traffic transitioning through their networks. >> >> I have no doubts that these operators will ask implementors to add the >> necessary features to keep these capabilities--or they will just turn >> on indiscriminate query logging.
> We are not a carrier or an obligated party. We aren't, but the people who run our protocols and code mostly are. If they aren't, they comply with most requests directed at them just to avoid being declared a carrier or an obligated party explicitly. > The model where the carrier provides DNS resolution is bogus and > obsolete for the reasons you cite. I think we are being to see a move in a different direction, where end users are no longer in a position to run resolvers. For me, that's not just theoretical because I've been forced to switch hosting providers because my current one filters DNS traffic to certain ISC.ORG name servers, apparently in an ill-advised attempt at prevent their customers from taking part in amplification attacks. > People are tired of being spied on without due process. Lets see some of > the Abu Ghraib torturers facing criminal trial. And more encryption helps with that how? Abu Ghraib would have been just another prison with an abuse problem without the pictures leaking out. Proper cryptography with extensive key management could have prevented that. It is difficult to predict how technology will be used. A decade or two ago, many of us thought that encryption and the ubiquity of software vulnerabilities (or the fallibility of information systems in general) would help to keep powerful governments in check. When I first sketched the technology that is now cited in quite a few DNS privacy discussions, I thought I was doing something genuinely helpful. Now the picture is less clear. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
