I agree: The EDN0 Client ID draft seems quite bad from a privacy perspective, and I believe it should not be adopted.
More broadly, enforcing content blocks with DNS is an anti-pattern. If we're assuming that the entity doing the content blocking has administrative access to DNS clients, they can simply install content blockers there. That allows much finer-grained blocked, like blocking individual pages rather than having to block all of Tumblr because of a request to block a single page. The draft even acknowledges the ineffectiveness of DNS-based content blocking: > DNS filtering products are easy circumvented and should not be > considered real security measures. With commonly available tools it > is trivial to discover the non-filtered DNS responses and use them in > place of the filtered responses. So it seems incorrect to propagate a privacy-harming DNS extension that is ineffective at its stated goals. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
