On 08/20/2018 06:11 PM, Paul Hoffman wrote:
DHCP options are easy and cheap. However #2 was vexing. The proposal
that an OS say "oh look, there is a DoH server, I'll use that because it
is more secure than Do53" was what was controversial because of the
utter lack of DHCP security. Some of the folks on the mic line disagreed
with the assumption that, given two pieces of insecurely-acquired
information (a Do53 address and a DoH template) that the latter would
result with a more secure connection. A network admin can see the port
53 traffic and see if there's crap in there; they can't see the inner
DoH traffic.
Paul,
You, like Ted, are looking at the problem the wrong way 'round. The USER
is no worse with a DOH/DOT DHCP option than they are with the existing
resolver option. 99.<many more 9s>% of users don't even know what DHCP
is, they just want to connect their iDevice to the coffee shop WiFi.
Unless you can show how the user is harmed by the option, it's silly to
oppose it.
Now, the network operator may very well be harmed by not being able to
see the user's DNS traffic, if they are not the ones operating the
resolver; because their opportunities to monetize NXDOMAIN, sell user
data, etc. may be reduced, or go away entirely. If they ARE operating
the resolver, they can still see all the DNS traffic they want to. And
operators in the former case won't use the option anyway.
So again, what is the harm, to real world users, for having DHCP options
to configure DOH or DOT?
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
