In article <5b7b7e3b.3060...@redbarn.org> you write: >if you write down trust assumptions you'll be enumerating disjoint sets >of same as actually practiced by different users and different operators >whose reasons should be treated as valid rather than challenged.
We seem to have one group who see their network operator as a hostile entity that uses the DNS to censor content and probably stuffs ads instead of NXDOMAIN. The other group sees the network operator as a major line of defense against malware, phishes, and all of the other evil stuff on the Internet, making it harder for the naive and wilfully clueless to hurt themselves.* The two aren't mutually exclusive but it is my impression that unless you live a country toward the repressive end of the spectrum, your network is likely to do more of the latter than the former, and if you are in repression land, they probably have a firewall that will keep DoH from doing what the first group believes it will. R's, John * - When I talk to security people at mail providers, they have endless tales of people who take the mail out of their spam folder and click on the links, you know, just in case it was filtered wrong. If you know it's bad stuff, you don't want the users to see it at all. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
