On 08/18/2018 06:08 PM, Ted Lemon wrote:
The thing is that most devices don't connect to just one network. So
while your devices on your network can certainly trust port 853 on your
network, when they roam to other networks, they have no reason to trust
it. If you have devices that never roam to other networks, that's
fine, but we have to design for the more general case. There's no way
with DHCP for the device to tell that it's connected to a particular
network, other than matching IP addresses, which isn't a great idea.
Ted,
I'd like to turn your question back to you. What threat model are you
protecting the user from by not allowing a DHCP option to use a DOH or
DOT server?
It seems to me that in the overwhelming majority of cases (near 100%)
the user is going to get their local resolver from the DHCP server,
whether they are on a trusted network (like work or home), or roaming at
Eve's Coffee Shop.
So either you have a sophisticated user who has preconfigured their own
resolver and ignores the DHCP setting, or you have the typical user who
doesn't understand how any of this stuff works, and therefore has
implicit "trust" regarding the local network and the settings from the
DHCP server.
Given that (and feel free to tell me if I've missed something), what
harm can come to the user if the resolver that they are already trusting
can also be accessed over DOH or DOT?
Doug
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
