Paul Wouters wrote:
On Tue, 25 Jul 2017, Paul Vixie wrote:
users believe that the recursive name server operator has aligned
interests, and for that reason one shouldn't say "it's easy to bypass"
but rather "end-user cooperation is required."
So if 8.8.8.8 and your local ISP's nameserver do this to track you, what
choice does an average enduser have?
some of run our own rdns. some use vpn's. some use opendns or similar.
Because this option trasmits information that is meant to identify
specific clients
and that's a reason to oppose adoption, as far as i'm concerned.
You should really have said "This draft attempts to link the DNS query
to the individual TCP stream following to identify the specific user,
to then apply specific filtering/censoring/protecting policies to the
identified individual users (eg children, dissidents) for their own
good".
that's a significant overstatement. the user is more likely to send an
http cookie than to have the rdns server send a per-user ID on their
behalf. moreover, parental controls are a fig leaf, almost a joke, and
so is dns-level filtering. as i wrote the other day:
<< I fought SOPA not because I believed that content somehow "wanted to
be free", but because this kind of filtering will only be effective
where the end-users see it as a benefit — see it, in other words, as
aligned with their interests. >>
http://www.circleid.com/posts/20170718_nation_scale_internet_filtering_dos_and_donts/
when you invoke "for their own good" you're worrying about internet
unilateralism that does not actually or in any effective way exist.
if tale wants to create a signaling pattern that's so bypassable that
noone will ever use it unless they want its impacts, let him.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
